Privacy Policy

1. Who We Are

Wayve is an AI-powered productivity platform for entrepreneurs, operated by Songa Labs.

We are the data controller responsible for your personal data processed through Wayve.

2. What Data We Collect

Account Information

• Email address (required for authentication)
• Name (optional, for personalization)
• Profile picture (optional)

Usage Data

• Activities and tasks you create
• Pillars and their configurations
• Projects and goals
• Weekly planning and review data
• Time lock preferences

Technical Data

• Device type and browser information
• IP address (for security purposes)
• Error logs and crash reports (via Sentry)

AI-Processed Data

When you use AI-powered features (such as activity categorization or suggestions), the following data may be sent to our AI service (AWS Bedrock):

• Activity titles and descriptions
• Pillar names and intentions
• Quiz responses (if you take the onboarding quiz)

This data is processed in the EU (Stockholm) and is not stored by AWS after processing. It is used solely to provide you with personalized suggestions.

Payment Data

Payment processing is handled by Whop. Songa Labs does not directly collect or store credit card numbers or bank account details. Whop processes payments in accordance with their own privacy policy, available at whop.com/legal/privacy.

3. Why We Collect Your Data

We process your personal data based on the following legal grounds:

Contract Performance

• Providing the Wayve service and its core features
• Managing your account and subscription
• Syncing your data across devices

Legitimate Interest

• Improving and developing our service
• Ensuring security and preventing fraud
• Analyzing usage patterns to enhance user experience

Legal Obligation

• Retaining financial records as required by Dutch law
• Responding to legal requests from authorities

Consent

• Sending marketing communications (if you opt in)
• Using non-essential cookies (with your permission)

4. How Long We Keep Your Data

5. Who We Share Your Data With

We share your data only with trusted service providers necessary to operate Wayve:

We do not sell your personal data to third parties. We do not share your data with advertisers.

6. International Data Transfers

Most of your data is processed within the European Economic Area (EEA):

• Microsoft Azure & Entra ID: EU (West Europe)
• Azure Communication Services: EU
• AWS Bedrock: EU (Stockholm)
• Whop: US (with SCCs)

For services located outside the EEA:

• Sentry (US): We use Standard Contractual Clauses (SCCs) as approved by the European Commission to ensure adequate protection of your data.

7. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of access: Request a copy of your personal data
• Right to rectification: Correct inaccurate or incomplete data
• Right to erasure: Request deletion of your data
• Right to restriction: Limit how we process your data
• Right to data portability: Receive your data in a structured format
• Right to object: Object to processing based on legitimate interest
• Right to withdraw consent: Withdraw consent at any time

How to Exercise Your Rights

You can exercise many of these rights directly from your Account page: export your data, edit your profile, or delete your account. For any other requests, contact us at info@gowayve.com. We will respond within 30 days.

Right to Complain

If you believe we have not handled your data properly, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens):

8. Cookies & Local Storage

Wayve uses cookies and browser local storage to provide and improve our service:

Essential Storage

Required for the application to function. These cannot be disabled and include:

• Authentication tokens (to keep you logged in)
• User session data
• UI preferences (e.g., sidebar state)

Error Tracking & Session Replay

We use Sentry to track errors and improve our service. Sentry's features include:

• Error tracking: When an error occurs, technical information about the error is sent to Sentry.
• Session replay: To help us understand and fix issues, Sentry may record sessions when errors occur. These recordings capture your interactions with the app (clicks, scrolls, navigation). Text you enter is automatically masked for privacy. Recordings are used solely for debugging purposes and are automatically deleted after 30 days.
• Performance monitoring: Page load times and navigation patterns to identify slow areas.

Session replay is sampled (not all sessions are recorded) and is primarily triggered when errors occur.

We do not use marketing or advertising cookies. We do not track you across other websites.

9. Security

We take the security of your data seriously and implement appropriate measures:

• Encryption in transit (HTTPS/TLS) and at rest
• Secure authentication via Microsoft Entra ID
• Regular security updates and monitoring
• Access controls and audit logging
• Microsoft Azure's enterprise-grade security infrastructure

While we implement strong security measures, no system is 100% secure. We encourage you to use a strong, unique password and enable any available security features.

10. Children's Privacy

Wayve is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at info@gowayve.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you via email or through the application. The "Last updated" date at the top of this policy indicates when it was last revised.

We encourage you to review this policy periodically to stay informed about how we protect your data.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: