Last Updated: March 24, 2023.
Wavelength is a secure messaging service that uses end-to-end encryption. This encryption prevents us, and other third parties, from accessing your messages and attachments to safeguard the privacy of your conversations. This does not apply to your messages that mention an AI bot, which are shared with Wavelength and our Large Language Model (“LLM”) provider to facilitate a response from the bot. If a message will be shared, a clear notice will appear at the top of the message composer.
This policy sets out our privacy practices and explains how Telepath Inc., which provides Wavelength, handles the information we collect when you use our Wavelength products, mobile apps, site, services, and content (collectively referred to as “Services”).
Information We May Collect
We obtain a variety of information from and about you as you use the Services. We need certain information so that we can provide certain Services to you. If you do not provide us with certain information, or ask us to delete it, we may no longer be able to provide you with our Services.
Information You Provide
We collect information directly from you through your use of our services. For example, we collect information from you through:
- Your Account Information: This includes your display name, phone number, and profile image.
- Your Communications with Us: Including user support, in-app feedback submissions, and messages you send to Wavelength.
- Your Encrypted Messages: If a message cannot be delivered to the recipient immediately, an encrypted copy of it us stored on our servers. Our encryption is end-to-end, which means that Wavelength's client app encrypts your messages to prevent us, or any third party, from being able to read them. Under no circumstances can we access the content of undelivered messages stored on our servers.
- Your Unencrypted Bot Messages: If you mention an AI bot in a message, a plaintext copy of the message will be shared with Wavelength and our LLM provider so that the bot can respond. If a message will be shared in such a case, a clear and unambiguous notice will appear at the top of the message composer. Messages are anonymized before being shared with our LLM provider. We retain a limited history of non-anonymized bot conversations for debugging purposes. Both us and our LLM provider may indefinitely retain an anonymized history of bot conversations so that we can improve and train our AI services. Don’t share sensitive or confidential information in bot messages.
- Your Contacts (Optional): You can, if you wish and if permitted by local laws, upload the phone numbers from your address book to our server. Your contact phone numbers are stored on our server in a cryptographically hashed form without any identifying information such as the name of the contact, and will never be used for any purpose other than to help you find your friends on Wavelength. If you turn off this setting, your anonymized hashed contact data will be deleted from our servers.
- Your Groups: You can create, join, or be added to groups, and such groups get associated with your account. If you create a group, you provide us with a group name and image or emoji. Group metadata including the list of members is currently stored on our servers in plaintext, so don’t put anything private or sensitive in it.
- Your Settings: Any settings that you may change through the service, such as muting a group or thread, blocking a user, etc.
Information We Collect Through Automated Means
When you use our Services, we collect some information automatically. We and our service providers (which are third-party companies that work on our behalf) may use various technologies, including cookies and similar technologies, to help collect this information.
- Device Information and Related Identifiers: When you use our Services, we and our service providers collect and analyze information such as your IP address, browser characteristics, device IDs and characteristics, platform type, advertising identifier, operating system, and the state or country from which you accessed the Services.
- Usage Information: When you use our services, we collect and store on our servers additional information, such as randomly generated authentication tokens and public encryption keys, push notification tokens, and other material necessary to transmit messages.
- Location Information: When you use the Services, we and our service providers collect general location information from your device. “General” means information about the city, state, and country in which your device is located based on its IP address.
- Crash and Error Reports: When an error or crash occurs in your client application, information about the error or crash may be uploaded to our servers so that we can prevent similar issues from occurring in the future.
How We Use Your Information
We use the information above to:
- Administer your account, including to create it in the first place and to verify your information.
- Provide, manage, and improve the services.
- Respond to your requests for information and provide you with effective customer service.
- Conduct internal business operations in support of our services, such as auditing, security, spam prevention, resolving crashes, preventing fraud, invoicing and account, marketing, analytics, and research and development.
- Customize your preferences on or for the services.
- Comply with laws, regulations, and other legal process and procedures.
- Establish, exercise, or defend our legal rights.
- Take steps that we believe reasonably necessary to protect the safety, security, and rights of Wavelength, its employees, service providers, and others.
We may also aggregate, de-identify, or anonymize any information collected through the Services so that we cannot reasonably link information to you or your device. We may use such aggregate, de-identified, or anonymous information for any purpose, including, without limitation, for research and marketing purposes.
Communications from Wavelength
Sometimes we’ll send administrative messages about account or Services changes via text message or email, e.g. when you create or sign-in to your account. It may not be possible to opt out of administrative messages.
You can opt out of most other types of messages, e.g. emails about new Wavelength features for example.
Disclosure of Your Information
We don’t share your personal information outside the company, except:
- Service Providers: We may provide access to or share your information with select third parties who perform services on our behalf, such as sales, marketing, product content, features, analytics, research, customer service, delivery, data storage, security, spam and fraud prevention, and legal services. These providers are contractually restricted from using personal information for purposes other than providing services to us and for legal/compliance purposes.
- Business Transfers: We may buy, merge, or partner with other companies. In such transactions (including in the contemplation of such transactions) user information may be among the transferred assets. If a portion or all of our assets are sold or transferred to a third party, customer information (including your phone number or email address) would likely be one of the transferred business assets.
- Your Consent: If you have consented to our sharing of your information, we will also share your information consistent with your consent.
Under no circumstances will we sell your personal information.
If we will share your information in response to legal process, we’ll give you notice so you can challenge it (for example by seeking court intervention), unless we’re prohibited from doing so by law or court order. We will object to requests for information about users of our Services that we believe to be improper.
Wavelength uses third-party vendors and hosting partners, such as Amazon Web Services, for hardware, software, networking, storage, and related technology we need to run Wavelength.
Deleting Your Account
You can delete your account through the app. Go to the in-app settings screen and choose “Delete Account” to delete your account. We cannot recover an account for you after it is deleted.
To protect information from accidental or malicious destruction, we may not be able to immediately delete residual copies of your data.
Depending on where you live and the local laws (such as those in the European Union, California, or Nevada), you may have certain rights regarding your personal information.
If you would like to exercise your rights, please contact us at email@example.com. You may need to verify your identity before we can service your request. Note that you can make many changes to your account easily through the app.
If you are a California resident, California law requires us to provide you with some other information about how we collect, use, and share your “personal information” (as defined in the California Consumer Privacy Act (“CCPA”)).
We use the above categories of information that we collect from you and analytics partners to provide and manage the Services you request; to contact you; to analyze the use of our Services; to market our Services to you; for error reporting and to improve the product; to audit consumer interactions on the Services; to protect the rights of the Services; for legal compliance; and with your consent. For more detail about the purposes for which we use information, please see How We Use Your Information above for more information.
Depending on the circumstances, we may share any of the above categories of information we collect with: business partners to provide you with services that you request; service providers; other parties, including government entities, when required by law or to protect our users and services; social media services pursuant to that service and your settings; and with your consent or in connection with a corporate transaction. In addition, we may share device information and identifiers and internet or other network or device activity with entities that provide content and functionality. See How We Use Your Information and Disclosure of Your Information to learn more.
California Privacy Rights
If you are a California resident, the CCPA allows you (or an authorized agent acting on your behalf) to make certain requests related to your personal information. The CCPA allows you to request us to:
- Provide access to or a copy of certain personal information we hold about you.
- Delete certain personal information we have about you.
- Provide you with information about the financial incentives that we offer to you, if any.
The CCPA further provides you with the right not to be discriminated against (as provided in applicable law) for exercising your rights. Certain information may be exempt from such requests under California law. We will take reasonable steps to verify your identity before responding to a request. In doing so, we may request information from you so that we can match data you provide with data we maintain. If you would like more information about your legal rights under California law or would like to exercise any of them, or if you are an authorized agent making a request on a user’s behalf, please contact us at firstname.lastname@example.org and include “CCPA Consumer Request” in the subject.
The California “Shine the Light” law gives residents of California the right in some cases to request information from us about the way we share certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes. We do not share your personal information with third parties for their own direct marketing purposes.
European Union Economic Area & Brazilian Residents
Legal Bases for Use of Your Information
Some countries require that companies only process your “Personal Data” (as that term is defined in the applicable law like the EU General Data Protection Regulation) if they have a “legal basis” (or justifiable need) for processing your Personal Data. If those laws apply, our legal bases for processing Personal Data are as follows:
- When your Personal Data is necessary to perform our obligations under a contract (or pending contract) with you. For example, we will process your Personal Data to comply with our Terms of Service to enter a contract with you, and to honor our commitments in any contracts that we have with you.
- When your Personal Data is necessary for our legitimate interests or the legitimate interests of others. For example, we will process your Personal Data: to operate our business and our Services; identify and fix any issues with our Services; provide security for our Services; learn more about how our customers use the Services; perform internal analytics concerning the Services; improve the Services and users’ experiences with the Services; provide you with information about new products that we think you may find interesting using the phone number or email address which you have provided; make and receive payments; comply with legal requirements and defend our legal rights; prevent fraud; and to know the customer to whom we are providing Services.
- When use of your Personal Data is necessary for us to comply with our legal obligations.
- When we have your consent. For example, where a country requires that we obtain your consent before we process certain data, we will seek your consent in accordance with those countries’ requirements.
If you are a citizen of the European Economic Area (“EEA”), the United Kingdom, or Switzerland, you may request that we:
- Provide access to or a copy of certain information we hold about you.
- Delete certain information that we are holding about you.
- Prevent the processing of your information for direct-marketing purposes (including any direct marketing processing based on profiling).
- Update or rectify information that is out of date or incorrect.
- Oppose, cancel, or restrict the way that we process and disclose certain of your information.
- Transfer your information to a third-party provider of services.
- Revoke your consent for the processing of your information.
To make such a request, please contact us at email@example.com and include “EU Data Subject Request” in the subject line.
In providing services to you, we may subcontract the processing of your data to, or otherwise share your data with, Wavelength affiliates and subsidiaries, trusted service providers, and trusted business partners in countries other than your country of residence, including the United States, in accordance with applicable law. Those third parties may be engaged in, among other things, the provision of Services to you, the processing of transactions, or the provision of support services. By providing us with your information, you acknowledge any such transfer, storage, or use.
If applicable, you may make a complaint to the data protection authority in the country where you are based. Or you may seek a remedy through local courts if you believe your rights have been breached.
Nevada Resident Privacy Rights
Under Nevada law, certain Nevada consumers may opt out of the sale of “personally identifiable information” (as such terms are defined by Nevada law) to a person for that person to license or sell such information to additional persons. We do not engage in such activity.
Changes to This Policy
Wavelength may periodically update this policy. We’ll notify you about significant changes to it.
For user support and general questions:
For legal inquiries and notices: