Privacy policy

Wave ("we", "us", "our") operates waveletsocial.co.ke and app.waveletsocial.co.ke (the "Platform"). This Privacy Policy explains how we collect, use, store, and share your personal information when you use the Platform.

Wave is operated by [INSERT LEGAL ENTITY NAME], registered in Kenya, with its registered office at [INSERT ADDRESS].

We comply with the Kenya Data Protection Act, 2019, and where applicable, other international data protection standards.

1. Information We Collect

1.1 Information you give us

  • Account information: name, email address, password, phone number, role (brand or creator).

  • Profile information: profile photo, bio, social media handles, content niche, audience size, and other information you choose to add.

  • Payment information: for Paystack transactions, payment details are collected and processed directly by Paystack; we do not store full card details. For crypto transactions, we store your public wallet address.

  • Verification information: ID documents or business registration details if you request verification or higher transaction limits.

  • Communications: messages you send to us or other users through the Platform.

1.2 Information we collect automatically

  • Usage data: pages visited, features used, time spent, clicks, referral source.

  • Device and technical data: IP address, browser type, device type, operating system, language preference.

  • Cookies and similar technologies: see our Cookie Policy for details.

1.3 Information from third parties

  • Social platforms: if you connect Instagram, TikTok, X/Twitter, YouTube, or similar, we receive profile data, follower counts, and engagement metrics per your authorization.

  • Paystack: transaction status, reference codes, and payout confirmations.

  • Blockchain data: wallet activity, transaction hashes, and on-chain events associated with any wallet address you link to your account. This information is publicly available on the blockchain.

2. How We Use Your Information

We use your information to:

  • Create and manage your account

  • Facilitate campaigns, deliverables, and payouts between brands and creators

  • Process payments via Paystack and/or smart contracts

  • Send transactional notifications (campaign updates, payout confirmations, security alerts)

  • Provide customer support

  • Improve the Platform and develop new features

  • Detect and prevent fraud, abuse, or illegal activity

  • Comply with legal obligations, including tax and anti-money-laundering requirements

  • Send marketing communications (only with your consent; you can unsubscribe at any time)

3. Legal Basis for Processing (where applicable)

We process your personal data on the following legal bases:

  • Contract: to provide the services you signed up for

  • Consent: for marketing communications and optional features

  • Legal obligation: to comply with tax, financial, or regulatory requirements

  • Legitimate interests: to operate, secure, and improve the Platform

4. How We Share Information

We do not sell your personal information. We share it only as follows:

4.1 With other users

  • Brands can see creators' public profiles, portfolios, and audience data.

  • Creators can see brands' campaign details and company information.

  • When payouts occur, relevant payment confirmations are shared between parties.

4.2 With service providers

We share data with trusted third parties who help us operate the Platform:

  • Paystack — payment processing

  • Supabase — database and authentication

  • Vercel — hosting

  • Google Analytics / similar — usage analytics

  • Email providers (e.g., Resend, SendGrid) — transactional and marketing emails

  • Blockchain infrastructure providers — for on-chain transactions (where applicable)

These providers are contractually required to protect your data and use it only for the purposes we specify.

4.3 For legal reasons

We may disclose information if required by law, court order, or lawful request by a government authority — including the Office of the Data Protection Commissioner of Kenya, the Kenya Revenue Authority, or law enforcement.

4.4 Business transfers

If Wave is acquired or merges with another entity, your information may be transferred as part of that transaction. You will be notified in advance.

4.5 On the blockchain

If you use crypto payouts, transaction data including your wallet address, amount, and timestamp will be publicly and permanently recorded on the blockchain. This data cannot be deleted or modified.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide the service. After account deletion, we may retain:

  • Transaction records for up to 7 years (tax and regulatory requirements)

  • Data required to resolve disputes or enforce agreements

  • Data required by law

Blockchain data cannot be deleted due to the nature of public ledgers.

6. Your Rights

Under the Kenya Data Protection Act 2019, you have the right to:

  • Access the personal information we hold about you

  • Correct inaccurate or incomplete information

  • Delete your personal information (subject to legal retention requirements)

  • Object to or restrict certain processing

  • Withdraw consent at any time (for consent-based processing)

  • Data portability — receive your data in a structured, machine-readable format

  • Lodge a complaint with the Office of the Data Protection Commissioner of Kenya

To exercise any of these rights, email us at [INSERT CONTACT EMAIL]. We will respond within 30 days.

7. Data Security

We implement reasonable technical and organizational measures to protect your data, including:

  • Encryption in transit (HTTPS/TLS)

  • Encryption at rest for sensitive fields

  • Access controls and authentication

  • Regular security reviews

However, no system is 100% secure. You are responsible for keeping your account password and crypto wallet private keys secure. We never ask for your wallet's seed phrase or private keys, and we cannot recover funds sent to the wrong address.

8. International Data Transfers

Some of our service providers (e.g., Vercel, Supabase) may process data outside Kenya. Where this happens, we ensure appropriate safeguards are in place as required by the Data Protection Act 2019.

9. Children's Privacy

Wave is not intended for users under 18. We do not knowingly collect information from minors. If we learn that we have, we will delete it promptly.

10. Cookies

We use cookies and similar technologies to operate the Platform, remember your preferences, and analyze usage. See our Cookie Policy for full details. You can control cookies through your browser settings.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or Platform notification. The "Last updated" date at the top indicates when it was last revised.

12. Contact Us

If you have questions about this Privacy Policy or how we handle your data, contact us:

Email: [INSERT EMAIL, e.g., privacy@waveletsocial.co.ke] Address: [INSERT PHYSICAL ADDRESS] Data Protection Officer: [NAME, if appointed — not mandatory for all businesses but recommended]

For complaints, you can also contact the Office of the Data Protection Commissioner of Kenya:

  • Website: https://www.odpc.go.ke/

  • Email: info@odpc.go.ke