Privacy Policy

Last updated: June 21, 2026

This policy explains what Wavelength collects, where it goes, who can reach it, and the choices you have. It's written to be read, not survived. For the plain-language version of what happens to the copy you test specifically, see our Data & Security page — this policy is the complete legal companion to it.

Wavelength is operated by Wavelength ("Wavelength," "we," "us"), a North Carolina company. If you use Wavelength, this policy applies to you.

The short version

• We collect your account details, the content you submit to test, and basic usage information.
• We use them to run the service, keep your history, support you, and bill you.
• We do not train any AI model on your content, and we do not sell or share your data.
• The AI provider behind your reads (Anthropic) doesn't train on your content either, and doesn't keep it beyond a brief safety window.
• You can delete your account and everything tied to it at any time by emailing us.

The rest of this page is the detail behind those statements.

Who this covers

Wavelength is a business tool, sold to and used by people acting on behalf of a company. This policy covers visitors to our site and users of the product. It is not directed at children, and we don't knowingly collect information from anyone under 16.

What we collect

Information you give us directly:

• Account and identity. Your name, email, and authentication credentials. These are handled by Clerk, our login provider.
• Content you submit. The copy you test, the personas and panels you build or select, your test settings, your business context, and the reads and verdicts that come back. This is the substance of the product, and we keep it so your history stays with you.
• Billing information. When you subscribe to a paid plan, your billing name, email, and plan details. Card and payment data are collected and processed directly by Stripe, our payment provider — Wavelength never sees or stores your full card number.
• Anything you send us. Emails, support requests, and feedback.

Information we collect automatically:

• Usage and operational data. Basic records of how the product is used — tests run, timestamps, and similar — so we can operate the service, understand whether it's working, and support you.
• Essential cookies. Session cookies set by our login provider to keep you signed in. We may use privacy-respecting product analytics to understand usage in aggregate. We do not use advertising cookies or cross-site trackers.

How we use it

• To run the service: generate your reads, store your history, and keep your account working.
• To support you when you ask, which may require our personnel to access your account data.
• To bill you and manage your subscription.
• To send transactional email — confirmations, receipts, security and account notices — through Resend, our email provider.
• To improve the product and write guides and marketing, but only in aggregate — patterns across many tests, never your individual messages, and never your copy reproduced. If we ever wanted to use a specific example, we'd ask you first.

We do not train any model on your content. We have no model of our own. We do not sell or share your data with anyone.

The AI behind your reads

Your reads are generated by Anthropic's API. When you run a test, your content is sent to Anthropic to produce the persona reads and the verdict, then returned to you.

Anthropic does not use commercial API content to train its models — the content you test is excluded. Anthropic keeps API content only briefly, for safety and abuse review, then deletes it. Zero-data-retention handling may be available for qualifying teams; if your security team needs it, ask and we'll tell you straight whether we can put it in place. Anthropic's commercial terms are public at anthropic.com/legal/commercial-terms.

Who we share it with

We don't sell your data and we don't share it for anyone else's marketing. We use a small set of infrastructure providers ("sub-processors") to run the service. Each handles one job, and your data only reaches them for that purpose:

• Vercel — hosting and compute (US region).
• Anthropic — the AI that generates your reads. Processes your content to produce the read, holds it briefly for safety, then deletes it. Never trains on it.
• Neon — the Postgres database where your account and tests are stored. Encrypted at rest.
• Clerk — login and account identity. Handles your email and authentication, not your test content.
• Resend — transactional email delivery. Handles your email address and message metadata, not your test content.
• Stripe — payment processing for paid plans. Handles your billing and payment details, not your test content.

We don't add providers quietly. If this list changes, this policy and our Data & Security page change with it.

We may also disclose information if the law requires it, to protect our rights or users' safety, or in connection with a merger, acquisition, or sale of assets — in which case we'll require the recipient to honor this policy.

How long we keep it

We keep your tests — your inputs, the reads, and the verdicts — for as long as your account is open, because that history is the point of the product. Account and billing records are kept as long as needed to run the service and meet legal and tax obligations. When you delete your account, we remove your tests and account data from the database; routine backups age out on their normal cycle.

How we protect it

Your data is encrypted in transit between your browser, our backend, and every provider above, and encrypted at rest in the database.

We're an early-stage company and we say so plainly. We don't yet hold SOC 2, ISO 27001, or a third-party penetration test, and we don't offer single sign-on or audit logs. If your security team needs any of these, tell us — we'll be honest about what's in place and what isn't, and we can sign a data processing agreement on request.

Your choices and rights

Access and deletion. You own your tests. To delete your account and everything tied to it, email security@onwavelength.ai. Self-serve deletion is on the way; for now a person handles it directly. You can also ask us what we hold about you and request corrections.

US state privacy rights. Depending on your state, you may have the right to know what personal information we collect, to access or delete it, to correct it, and to opt out of its sale or sharing. We don't sell or share personal information, so there's nothing to opt out of — but the right stands. We won't discriminate against you for exercising any of these rights. To make a request, email us at the address above.

Users outside the United States. Wavelength is operated from the United States and your data is processed here and by the US-based providers listed above. If you use Wavelength from outside the US, you're sending your information to the United States for processing. Where local law gives you rights over your data — access, correction, deletion, objection — email us and we'll honor them.

What not to submit

Wavelength is built for testing marketing copy — messages, campaign briefs, landing-page text. Don't submit regulated or highly sensitive data: health information, payment details, government identifiers, or anything you're contractually barred from sending to a third-party processor. The tool isn't built for that, and you don't need it for that.

Changes to this policy

If we change how we handle your data, we'll update this page and move the "last updated" date. If the change is significant, we'll do more than that — we'll tell you.

Contact

Questions about your data or this policy go to security@onwavelength.ai. A real person reads it.

This policy is governed by the laws of the State of North Carolina, USA.