Last updated: March 24, 2026
At WavinBox, protecting your personal data is a priority. This policy explains how we collect, use, and protect your information.
We collect information you provide during registration (name, email), service usage data (demos submitted, plays, statistics), and technical data (IP address, browser type, cookies).
Your data is used to: provide and improve the service, send you relevant notifications, process payments, and ensure platform security. We never sell your data to third parties.
We only share your data with our service providers (hosting, payments) to the extent necessary to deliver the service. These partners are contractually obligated to protect your data.
WavinBox uses cookies to maintain your session, remember your preferences, and analyze service usage. You can disable cookies in your browser settings.
Your data is retained for the duration of your account and up to 12 months after deletion. Audio files are automatically deleted after 3 months.
Under GDPR, you have the right to access, rectify, delete, port, and object to the processing of your data. To exercise these rights, contact us at privacy@wavinbox.com.
For any questions about data protection, contact our DPO at: privacy@wavinbox.com
Under Article 17 of the General Data Protection Regulation (GDPR), you have the right to erasure (the "right to be forgotten"). When you request account deletion through the Privacy section of your settings, deletion is carried out immediately and permanently. The following are deleted without delay: your profile and personal data, demos, messages, playlists, labels, teams, and subscription (automatically cancelled). No residual data is retained after deletion. You receive a GDPR confirmation email serving as proof of erasure. For any claim or question regarding this right, contact our DPO: privacy@wavinbox.com
In accordance with Article 6 of the GDPR, the processing of your data is based on the following legal grounds: (a) Performance of a contract — processing necessary to provide the service (account management, demo transmission, messaging); (b) Legitimate interest — service improvement, fraud prevention, anonymized usage statistics; (c) Consent — sending marketing emails and promotional communications (you may withdraw this consent at any time free of charge); (d) Legal obligation — retention of certain data required by French tax or accounting regulations. Each processing activity is documented in our internal Records of Processing Activities.
WavinBox uses the following sub-processors, each contractually bound to comply with GDPR: Supabase Inc. (USA) — database hosting, authentication, audio file storage, protected by Standard Contractual Clauses (SCC) approved by the European Commission; Stripe Inc. (USA) — payment and subscription processing, PCI-DSS Level 1 certified, protected by SCC; Transactional email provider (EU/USA) — sending notifications and confirmations. These transfers to third countries (USA) are governed by appropriate safeguards as set out in Chapter V of the GDPR. You may request a copy of the safeguards in place by writing to privacy@wavinbox.com.
WavinBox implements technical and organizational measures appropriate to the level of risk to protect your personal data. These measures include: TLS 1.2+ encryption for all data transmissions, encryption at rest via Supabase infrastructure, Row Level Security (RLS) applied to all database tables to prevent unauthorized access between users, secure authentication via Supabase Auth (bcrypt password hashing), Role-Based Access Control (RBAC), logging of administrative actions. In the event of a personal data breach likely to result in a high risk to your rights and freedoms, we will notify the CNIL within 72 hours as per Article 33 of the GDPR, and inform you without undue delay as per Article 34.
If, after contacting us, you believe that the processing of your personal data does not comply with GDPR, you have the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL), the competent supervisory authority in France: CNIL — 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07 — Phone: +33 (0)1 53 73 22 22 — Website: www.cnil.fr. We encourage you to contact us first at privacy@wavinbox.com to attempt to resolve the matter amicably.
For any question regarding the protection of your personal data, to exercise your GDPR rights (access, rectification, deletion, portability, objection, restriction), or for any complaint, you may contact our Data Protection Officer: Email: privacy@wavinbox.com — Email subject: "GDPR Request – [your right]". We commit to acknowledging receipt of your request within 5 business days and responding within a maximum of one month from receipt (extendable by 2 additional months for complex or numerous requests, with prior notice).
WavinBox est en conformité avec le Règlement Général sur la Protection des Données (RGPD / GDPR). Pour exercer vos droits, écrivez à privacy@wavinbox.com.
We use session cookies strictly necessary for the platform to work (authentication, language preferences). We do not use third-party tracking cookies. Privacy Policy