WaveMaker
Start a campaign

Privacy Policy

Last updated May 30, 2026

1. Introduction

This Privacy Policy explains how WaveMaker ("we", "us", or "our") collects, uses, shares, and protects information when you use WaveMaker (the "Service"). By using the Service, you agree to the practices described here. If you do not agree, please do not use the Service.

2. Information we collect

Information you give us

  • Account info: email address, display name, password (stored hashed), and any profile details you choose to add (bio, links, avatar).
  • Artist and campaign content: campaign copy, artwork, audio clips, reward descriptions, comments, and similar material you submit.
  • Communications: messages you send us through support, contact forms, or email.

Information from connected services

  • Spotify: when you connect Spotify via OAuth, we receive an access token and a refresh token, along with your Spotify user ID, display name, profile image, country, top tracks/artists (when you grant that scope), playlists you choose to use with WaveMaker, and the specific actions you take through WaveMaker (saves, follows, playlist adds, pre-saves). We never receive your Spotify password.

Information we collect automatically

  • Usage data: pages you view, features you use, referring URLs, approximate location derived from IP address, device type, browser, and operating system.
  • Cookies and similar technologies: we use first-party cookies and local storage to keep you signed in, remember your preferences, and measure how the Service is used. We do not use third-party advertising cookies.

3. How we use information

  • To create and operate your account;
  • To run campaigns and verify fan actions (streams, saves, follows, playlist adds, pre-saves);
  • To show artists aggregate analytics about their releases and fans;
  • To send transactional email related to your account;
  • To detect, investigate, and prevent fraud, abuse, and action inflation;
  • To comply with legal obligations and enforce our Terms.

4. Legal bases (EEA/UK users)

If you are in the European Economic Area or the United Kingdom, we process your personal data on these legal bases: performance of a contract (to provide the Service you requested), our legitimate interests (to operate, secure, and improve the Service), your consent (where required, for example to connect Spotify), and compliance with legal obligations.

5. How we share information

We do not sell your personal data. We share data only:

  • With other users when you make it public. Information you put on your public profile or campaign page is visible to anyone who visits it.
  • With artists you support. Artists you take actions for may see aggregated analytics and, where you've explicitly opted in, your display name and avatar in their supporter lists.
  • With service providers that help us run the Service (for example, hosting, database, email delivery, error monitoring). These providers may only use your data to perform services for us.
  • With third-party services you choose to connect (currently Spotify), but only as needed to perform the action you requested.
  • For legal reasons if we believe disclosure is required by law, legal process, or a government request, or to protect rights, safety, or property.
  • In a business transfer such as a merger, acquisition, or asset sale, in which case we will notify you and your data will continue to be protected by a privacy policy at least as protective as this one.

6. What we don't do

We don't sell your personal data. We don't show third-party advertising tracking. We don't post on your behalf to any connected platform without an explicit action you initiate in WaveMaker.

7. Data retention

We keep personal data for as long as your account is active and as needed to provide the Service. When you delete your account, we delete or anonymize your personal data within 30 days, except where we are required to keep certain records (for example, for tax, fraud prevention, or legal compliance).

8. Security

We use industry-standard measures to protect your data, including encryption in transit (HTTPS), hashed passwords, row-level security on our database, and least-privilege access controls. No system is perfectly secure; if we become aware of a breach affecting your personal data, we will notify you as required by applicable law.

9. Your rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you;
  • Correct inaccurate or incomplete data;
  • Delete your personal data;
  • Export your data in a portable format from your settings page;
  • Object to or restrict certain processing, or withdraw consent you previously gave;
  • Lodge a complaint with your local data protection authority.

You can exercise most of these rights directly in Settings, or by submitting a request through our data deletion form.

10. Disconnecting Spotify

You can disconnect Spotify from WaveMaker at any time from your settings, or by revoking access from Spotify's Apps page. We purge associated tokens within 24 hours of disconnection. Historical event records (for example, the fact that an action was verified) may be retained in anonymized form for fraud prevention and analytics.

11. International transfers

We operate primarily in the United States. If you access the Service from outside the United States, you understand that your data may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country. We use appropriate safeguards (such as standard contractual clauses) where required.

12. Children's privacy

WaveMaker is not directed to children under 13, and we do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us personal data, please contact us and we will delete it.

13. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will give you reasonable notice (for example, by email or an in-app notice) before they take effect. The "Last updated" date at the top of this policy will always reflect the latest version.

14. Contact

Questions or concerns? Email privacy@wavemaker.fm.