Privacy Policy
How WaveMaster collects, uses, stores and protects your personal data.
Privacy Policy
1. General Information
We process personal data exclusively in accordance with applicable data protection laws, in particular:
- EU General Data Protection Regulation (GDPR)
- German Federal Data Protection Act (BDSG)
- Telecommunications Digital Services Data Protection Act (TDDDG)
Data Controller:
Tammo Doerner
An der Ahne 10
26969 Butjadingen
Germany
Email: info@wavemasterapp.com
2. Categories of Data Processed
a) Server Log Files
When visiting this website, the hosting provider automatically processes:
- anonymised IP address
- browser type and version
- operating system
- referring URL
- accessed pages
- date and time of access
Purpose: technical delivery of the website, system security, abuse prevention.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest).
Retention period: maximum 30 days unless longer retention is required for security purposes.
b) Account and Subscription Data
When creating an account or purchasing a subscription, we process:
- name
- email address
- account credentials
- subscription information
- usage-related platform data
Purpose: performance of contractual services, customer support, fraud prevention.
Legal basis: Art. 6(1)(b) GDPR.
Retention: up to 10 years where required under commercial and tax laws.
c) Payments
Payments are processed exclusively by:
Stripe Payments Europe Ltd.
We do not store full payment card information on our servers.
Processing is carried out for: payment execution, fraud prevention, billing compliance.
Legal basis: Art. 6(1)(b) GDPR.
Stripe acts as an independent controller and/or processor under applicable data protection law.
d) Contact Requests
If you contact us by email or contact form, we process:
- your contact details
- message content
- related communication metadata
Purpose: processing and responding to your enquiry.
Legal basis: Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.
Retention: generally up to 3 years after final communication unless legal retention obligations apply.
e) Analytics and Cookies
We may use analytics technologies such as Google Analytics (measurement ID G-V173ZPF8RX) to improve our services.
Analytics tracking is only activated after explicit user consent via the cookie banner.
Processed data may include:
- anonymised IP address
- device information
- interaction behaviour
- session statistics
Legal basis: Art. 6(1)(a) GDPR (consent).
Retention: up to 14 months.
Users may withdraw consent at any time through the cookie settings or browser settings by clearing the cookie wm_cookie_consent_v1 and reloading the page.
Google Analytics opt-out: https://tools.google.com/dlpage/gaoptout
f) Subscription Management via the WaveMaster App (RevenueCat)
When you subscribe to a Pro or Elite plan through the WaveMaster iOS app, subscription management is handled by:
RevenueCat, Inc.
We process, via this service:
- app user identifier
- purchase and subscription history
- subscription tier and status
Purpose: providing access to paid features, managing subscription status, customer support, and analysing subscription conversion (in aggregate) to evaluate and improve our offering.
Legal basis: Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(f) GDPR (legitimate interest in service improvement).
Retention: for the duration of the subscription relationship and afterwards where required under commercial and tax laws.
g) Push Notifications via the WaveMaster App (OneSignal)
The WaveMaster app uses OneSignal to deliver push notifications (e.g., support chat replies, app-related alerts). Through this service, we process:
- device identifier / push token
- app user identifier
- notification delivery and open statistics
Purpose: technical delivery of push notifications, and analysis of delivery/open rates to evaluate the effectiveness of this feature. Push notifications sent through this channel are limited to functional, non-promotional content.
Legal basis: Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(f) GDPR (legitimate interest).
Retention: for the duration of the app account, or as governed by OneSignal's own retention practices.
h) Email Marketing (Website and App, via MailerLite)
We use MailerLite to send account-related and marketing communications, including subscription-tier-based communications (e.g. information about upgrading from a Free to a Pro or Elite plan). Through this service, we process:
- email address
- subscription/account tier
- approximate location (country), where displayed via MailerLite's own analytics
- email engagement data (opens/clicks), where reviewed
Purpose: direct marketing communications and service-related communications; evaluating audience characteristics.
Legal basis: Art. 6(1)(a) GDPR (consent) and/or Art. 6(1)(f) GDPR (legitimate interest in direct marketing to existing customers), as applicable.
Users may unsubscribe from marketing communications at any time via the unsubscribe link in any marketing email.
i) Community Forum (WaveMaster App)
The WaveMaster app includes a community forum where users may publicly post text, photos, and videos, visible to other users under their account username. We process:
- user-submitted text content
- user-submitted photos and videos
Purpose: enabling the community forum feature.
Legal basis: Art. 6(1)(b) GDPR (contract performance).
Note: Content posted to the community forum is visible to other users of the app. Users should not post sensitive personal information in public forum posts.
j) Customer Support Chat (WaveMaster App)
The WaveMaster app includes an in-app support chat. We process:
- your account username
- message content submitted during the support request
Purpose: responding to support requests, and reviewing recurring support topics (in aggregate) to identify common issues and inform product improvements.
Legal basis: Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.
Retention: generally up to 3 years after final communication unless legal retention obligations apply.
k) Location Data (WaveMaster App)
At account sign-up, we process the user's country (approximate location, not precise geolocation).
Purpose: app functionality and analysis of user base characteristics.
Legal basis: Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.
3. Cookies
This website uses cookies and similar technologies.
Strictly Necessary Cookies
Necessary for: security, login functionality, session management, consent storage.
These cookies are processed under Art. 6(1)(f) GDPR and do not require consent.
Optional Analytics Cookies
Analytics and marketing cookies are only used after prior consent pursuant to Art. 6(1)(a) GDPR and § 25 TDDDG.
Users can revoke consent at any time.
4. International Data Transfers
Due to the global nature of our services, personal data may be transferred to countries outside the European Economic Area (EEA), including the United States.
Where such transfers occur, appropriate safeguards pursuant to Art. 44 et seq. GDPR are implemented, including:
- EU Standard Contractual Clauses (SCCs)
- adequacy decisions where available
- additional technical and organisational safeguards where appropriate
By using our services, users acknowledge that data transfers may occur internationally.
Service providers used in connection with the WaveMaster app, such as RevenueCat, Inc. and OneSignal, Inc., may process data in the United States. Transfers to these providers are subject to the same safeguards described above.
5. Data Recipients and Processors
We may share data with carefully selected service providers acting as processors under Art. 28 GDPR, including providers for:
- payment processing
- cloud hosting
- analytics
- email delivery
- infrastructure security
- subscription management (RevenueCat, Inc.)
- push notification delivery (OneSignal, Inc.)
- email marketing (MailerLite)
All processors are contractually bound to protect personal data in accordance with applicable law.
6. Data Security
We implement appropriate technical and organisational security measures to protect personal data against unauthorised access, accidental loss, destruction, manipulation, and disclosure.
However, internet-based transmissions can never be guaranteed to be completely secure.
7. User Rights
Users have the following rights under GDPR:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR)
- Right to withdraw consent at any time (Art. 7(3) GDPR)
Requests may be submitted to: info@wavemasterapp.com
Users also have the right to lodge a complaint with a supervisory authority, in particular in their country of residence or in Germany.
Competent authority in Lower Saxony:
State Commissioner for Data Protection Lower Saxony
Prinzenstrasse 5
30159 Hannover
Germany
