Privacy Policy

2.1 Information You Provide Directly

• Account Information: Name, email address, password, company name, job title, phone number, and profile information when you register.
• CRM Data: Contact records, organization details, notes, tags, deal information, communication history, and any other data you input about your business relationships.
• User Content: Email drafts, templates, workflow configurations, custom prompts, AI instructions, and preferences you create within the Service.
• Communications: Information you provide when contacting our support team, responding to surveys, or participating in promotions.
• Payment Information: Billing details, payment card information (processed by our payment processor—we do not store complete card numbers), and transaction history.

2.2 Information from Connected Services

When you connect third-party accounts, we access and store data from those services to provide our AI-powered features. This includes:

• Email Data (Gmail, Outlook): Email messages, threads, subject lines, sender and recipient information, timestamps, attachments metadata, labels/folders, and read status. We sync emails to enable our AI to understand your communication history, draft contextual responses, and take actions on your behalf.
• Calendar Data: Events, attendees, meeting details, scheduling information, and availability. Used to help our AI schedule meetings and understand your availability.
• Contact Data: Contact information from your connected address books to enrich CRM records and identify relationships.
• Authentication Tokens: OAuth tokens to maintain secure access to your connected services.

2.3 Information Collected Automatically

• Usage Data: Features used, actions taken, pages visited, search queries, AI interactions, workflow executions, and how you interact with the Service.
• Device Information: Browser type and version, operating system, device type, screen resolution, and unique device identifiers.
• Log Data: IP addresses, access times, referring URLs, and error logs.
• Cookies and Similar Technologies: We use cookies, local storage, and similar technologies to maintain sessions, remember preferences, and improve user experience. See our Cookie Policy for details.

2.4 Information Derived Through AI Processing

Our AI systems analyze the information described above to generate derived data that helps you manage relationships more effectively:

• Relationship Insights: AI-generated summaries of your relationship history, communication patterns, sentiment analysis, and engagement levels with contacts.
• Behavioral Patterns: Understanding of your communication style, preferences, typical responses, and working patterns to personalize AI assistance.
• Suggested Actions: Recommended follow-ups, draft responses, optimal send times, and workflow suggestions based on your data.
• Embeddings and Vectors: Mathematical representations of your content used for semantic search and similarity matching.

3.1 Core Service Delivery

• Provide, operate, and maintain the CRM platform and all its features
• Sync and display your emails, calendar events, and contacts within the Service
• Enable our AI assistant to understand your relationships and communication history
• Process transactions and manage your subscription
• Authenticate your identity and maintain account security

3.2 AI-Powered Features

• Draft and send communications: Generate email drafts, replies, and follow-ups based on your communication history and style
• Take actions on your behalf: Execute approved workflows, schedule meetings, send emails, and perform other automated actions you configure
• Learn your preferences: Analyze your past actions, communication patterns, and feedback to improve AI suggestions and personalization
• Generate insights: Create relationship summaries, identify opportunities, and surface relevant information from your data
• Semantic search: Enable intelligent search across your emails and CRM data using AI-powered understanding of meaning and context
• Data extraction: Automatically extract contact information, company details, and other structured data from emails and documents

3.3 Service Improvement

• Analyze usage patterns to improve features and user experience
• Develop new features and functionality based on user needs
• Train and improve our AI models to provide better assistance (see Section 4 for details)
• Conduct research and analytics to understand how the Service is used
• Test new features and optimizations

3.4 Communications and Support

• Send transactional communications (receipts, confirmations, security alerts)
• Provide customer support and respond to inquiries
• Send product updates, feature announcements, and educational content (with opt-out)
• Notify you of changes to our policies or Service

3.5 Security and Compliance

• Detect, prevent, and address fraud, abuse, and security threats
• Monitor for violations of our Terms of Service
• Comply with legal obligations and respond to lawful requests
• Enforce our agreements and protect our rights

4.1 How Our AI Works

Our AI assistant processes your data to understand your business relationships, communication patterns, and preferences. This enables the AI to:

• Understand context from your email history to draft relevant responses
• Learn your communication style and tone to match it in suggestions
• Identify patterns in your successful interactions to recommend best practices
• Recognize relationships between contacts, companies, and deals
• Anticipate your needs based on your past behavior and current context
• Execute workflows and automated actions you configure

4.2 Third-Party AI Providers

To deliver AI capabilities, we use third-party AI service providers including:

• OpenAI — For language understanding, generation, and embeddings
• Anthropic — For advanced reasoning and analysis
• Google AI — For language models and processing

When your data is processed by these providers:

• Data is transmitted securely using encryption in transit
• Providers process data solely to return results to us for your benefit
• We have contractual agreements (Data Processing Agreements) with each provider that prohibit them from using your data to train their general models or for any purpose other than providing the service to us
• Providers are required to delete your data after processing (typically within 30 days, per their retention policies)

4.3 AI Learning and Personalization

To provide personalized assistance, our AI learns from your data:

• Per-User Learning: The AI builds an understanding of your specific communication patterns, preferences, and relationships. This learning is specific to your account and used solely to improve your experience.
• Embeddings and Vectors: We create mathematical representations of your content to enable semantic search and similarity matching within your own data.
• Aggregate Insights: We may analyze anonymized, aggregated usage patterns across users to improve our AI models and Service features. Individual user data is never used to train models that would be applied to other users without anonymization.

4.4 Human Review

We limit human access to your data. Our employees or contractors will only access your data:

• When you provide explicit consent (e.g., when requesting support assistance)
• To investigate security incidents, abuse, or violations of our terms
• When required to comply with legal obligations
• To review aggregated or anonymized data for service improvement

We do not allow employees to read your emails or personal content for general product development or quality assurance without your specific consent.

4.5 Automated Actions and Human-in-the-Loop

Our AI can take actions on your behalf. We provide controls to ensure you remain in control:

• Approval Workflows: You can configure which actions require your approval before execution
• Action Queue: Review and approve/reject AI-proposed actions before they are executed
• Scheduling: Set rules for when automated actions can be executed
• Audit Trail: View a complete history of all actions taken on your behalf

5.1 Google User Data We Access

When you connect your Google account, we request access to:

• Gmail API: Read, compose, send, and manage email messages and drafts
• Google Calendar API: Read and manage calendar events
• Google People API: Read contact information
• Basic Profile: Your name, email address, and profile picture

5.2 How We Use Google User Data

Google user data is used exclusively to provide and improve user-facing features within our Service:

• Display your emails within the Waves interface for CRM context
• Enable our AI to draft email responses based on conversation history
• Send emails on your behalf through the Gmail API when you approve them
• Sync calendar events to help schedule meetings and understand availability
• Import contacts to enrich your CRM records
• Generate relationship insights based on your communication history

5.4 Google Data Storage and Security

• Google user data is stored in encrypted databases using AES-256 encryption at rest
• All data transmission uses TLS 1.2 or higher encryption
• Access to Google user data is restricted to authorized personnel and systems
• We maintain audit logs of access to Google user data
• OAuth tokens are stored securely and refreshed as needed; you can revoke access at any time

5.5 Revoking Google Access

You can disconnect your Google account from Waves at any time through your account settings. You can also revoke our access directly from your Google Account permissions page. Upon revocation, we will stop accessing new data and delete synced Google data within 30 days, unless retention is required by law.

6.1 Microsoft User Data We Access

When you connect your Microsoft 365 or Outlook account, we request access to:

• Microsoft Graph Mail API: Read, compose, send, and manage email messages
• Microsoft Graph Calendar API: Read and manage calendar events
• Microsoft Graph Contacts API: Read contact information
• User Profile: Your name, email address, and profile information

6.2 How We Use Microsoft User Data

Microsoft user data is used for the same purposes as Google user data, as described in Section 5.2. We apply the same restrictions and protections: no advertising, no data sales, limited human access, and secure storage. You can revoke access through your Microsoft account permissions at any time.

7.1 Service Providers

We share data with vendors who help us operate the Service, including:

• Cloud infrastructure providers (hosting, storage, databases)
• AI service providers (as described in Section 4.2)
• Payment processors
• Analytics providers
• Customer support tools
• Email delivery services

All service providers are bound by contractual obligations to protect your data and use it only for the purposes we specify.

7.2 Within Your Workspace

If you use Waves as part of a team or organization, other authorized members of your workspace may have access to shared CRM data, workflows, and communications based on the permissions configured by your workspace administrator.

7.3 Legal Requirements

We may disclose your information if required by law, subpoena, or other legal process, or if we believe in good faith that disclosure is necessary to: (a) comply with the law; (b) protect our rights, property, or safety; (c) protect the rights, property, or safety of others; or (d) detect, prevent, or address fraud, security, or technical issues.

7.4 Business Transfers

If Waves is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.

7.5 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

9.1 Retention Periods

• Account Data: Retained while your account is active and for up to 90 days after deletion to allow for account recovery
• CRM Data: Retained while your account is active; deleted upon account deletion
• Synced Email/Calendar Data: Retained while the integration is active; deleted within 30 days of disconnection or account deletion
• Usage Logs: Retained for up to 24 months for analytics and security purposes
• Backup Data: Retained in backups for up to 90 days after deletion from primary systems

9.2 Deletion Process

You can request deletion of your data at any time by:

• Using the account deletion feature in your settings
• Contacting us at team@ussoftwarecompany.com

Upon receiving a deletion request, we will delete or anonymize your data within 30 days, except where we are required to retain it for legal, regulatory, or legitimate business purposes (such as maintaining records of transactions or resolving disputes).