Privacy Policy

1. Introduction

WaveTab ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our biometric payment service. Please read this policy carefully.

2. Information We Collect

Biometric Information

• Palm vein patterns converted to encrypted mathematical representations
• Biometric templates used solely for authentication purposes
• No actual palm images are stored; only mathematical signatures
• Biometric data is encrypted using bank-level security (AES-256)

Personal Information

• Name, email address, and phone number
• Payment method information (securely tokenized)
• Transaction history and order details
• Dietary preferences and allergen information
• Loyalty program data and reward balances

Usage Information

• Device information and IP address
• Location data from restaurant visits
• Service usage patterns and preferences
• Communication preferences

3. How We Use Your Information

We use your information to:

• Authenticate your identity for payment processing
• Process transactions and send digital receipts
• Maintain your order history and preferences
• Manage loyalty rewards and cashback programs
• Communicate about your account and transactions
• Improve our services and develop new features
• Comply with legal obligations and prevent fraud
• Provide customer support and respond to inquiries

4. Biometric Data Protection

We take special care with your biometric information:

• Storage: Biometric templates are encrypted and stored on secure servers with restricted access
• Retention: Data is retained only as long as your account is active or as required by law
• Deletion: You can request deletion at any time; data is permanently removed within 30 days
• No Sharing: Biometric data is never sold, rented, or shared with third parties
• Device Security: Authentication occurs locally when possible; minimal data transmission
• Consent: Biometric enrollment requires explicit opt-in consent

5. Information Sharing and Disclosure

We may share your information with:

• Restaurant Partners: Order details and dietary preferences to fulfill your orders
• Payment Processors: Tokenized payment information to process transactions
• Service Providers: Trusted vendors who assist in operating our service (under strict confidentiality agreements)
• Legal Requirements: When required by law, court order, or to protect our rights
• Business Transfers: In the event of a merger or acquisition (with continued protection of your data)

We never share your biometric data with any third party for any reason.

6. Your Privacy Rights

You have the right to:

• Access: Request a copy of your personal and biometric data
• Correction: Update inaccurate or incomplete information
• Deletion: Request deletion of your data, including biometric information
• Opt-Out: Unsubscribe from marketing communications
• Data Portability: Receive your data in a portable format
• Withdraw Consent: Stop using biometric authentication at any time

To exercise these rights, contact us at privacy@wavetab.com

7. Data Security

We implement industry-leading security measures:

• End-to-end encryption for all data transmission
• AES-256 encryption for stored biometric templates
• Multi-factor authentication for account access
• Regular security audits and penetration testing
• PCI DSS compliance for payment processing
• SOC 2 Type II certified infrastructure
• 24/7 security monitoring and incident response

8. Data Retention

We retain your information for as long as your account is active or as needed to provide services. Transaction history is retained for 7 years for legal and accounting purposes. Biometric data is deleted within 30 days of account closure or upon request.

9. Children's Privacy

WaveTab is not intended for individuals under 18 years of age. We do not knowingly collect biometric or personal information from children. If we discover we have collected information from a child, we will delete it immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable laws.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or in-app notification. The "Last Updated" date at the top indicates when changes were last made. Continued use after changes constitutes acceptance.

12. State-Specific Rights

California Residents (CCPA)

California residents have additional rights including:

• Right to know what personal information is collected and how it's used
• Right to delete personal information
• Right to opt-out of the sale of personal information (we do not sell your data)
• Right to non-discrimination for exercising privacy rights

Illinois Residents (BIPA)

Illinois biometric privacy laws require us to:

• Obtain written consent before collecting biometric data
• Provide a publicly available retention schedule
• Destroy biometric data within 3 years of last interaction or account closure
• Never sell, lease, or trade biometric information

13. Contact Us

For questions about this Privacy Policy or to exercise your rights, contact us: