Legal
Privacy Policy
Last updated: March 22, 2026
1. Introduction
wavyyy ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our Service. By using wavyyy, you agree to the practices described in this policy.
This policy complies with the General Data Protection Regulation (GDPR) and applicable French data protection laws.
2. Data Controller
The data controller responsible for your personal data is wavyyy. You can contact us at contact@wavyyy.app for any privacy-related requests.
3. Data We Collect
3.1 Account Data
When you register, we collect your email address and password (stored securely and hashed). You may optionally provide a display name, profile picture, and bio.
3.2 Game Data
We record your gameplay history, including scores, accuracy, game modes played, artists and playlists selected, ranked statistics (WP, rank, division), and XP/level progression.
3.3 Payment Data
If you subscribe to wavyyy Pro, payment is processed by Stripe. We do not store your full card details. We receive and store a Stripe customer ID, subscription status, and billing period information.
3.4 Technical Data
We automatically collect certain technical information, including your IP address, browser type, operating system, and pages visited. This data is used for security, performance monitoring, and debugging.
3.5 Preferences
We store your language preference and audio volume settings locally in your browser (localStorage).
4. How We Use Your Data
- To provide the Service: account management, game functionality, leaderboards, and ranked mode
- To process payments: managing Pro subscriptions via Stripe
- To improve the Service: analyzing usage patterns and fixing bugs
- To communicate with you: sending transactional emails (password reset, subscription confirmation)
- To ensure security: detecting fraud, abuse, and unauthorized access
5. Legal Basis for Processing (GDPR)
- Contract performance: processing necessary to provide the Service you signed up for
- Legitimate interests: security monitoring, service improvement, and analytics
- Consent: optional profile data, marketing communications (where applicable)
- Legal obligation: compliance with applicable laws
6. Third-Party Services
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Database & authentication | Account & game data |
| Stripe | Payment processing | Email, subscription status |
| Deezer API | Music previews & metadata | Search queries only |
| Vercel | Hosting & infrastructure | IP address, request logs |
These third parties have their own privacy policies and we encourage you to review them.
7. Data Retention
We retain your account data for as long as your account is active. Game history and statistics are retained indefinitely to maintain leaderboard integrity. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law.
8. Data Security
We implement industry-standard security measures including encrypted connections (HTTPS/TLS), hashed passwords, row-level security on our database, and rate limiting on all API endpoints. However, no method of transmission or storage is 100% secure.
9. Your Rights (GDPR)
If you are located in the European Economic Area, you have the following rights:
- Access: request a copy of your personal data
- Rectification: correct inaccurate or incomplete data
- Erasure: request deletion of your personal data ("right to be forgotten")
- Portability: receive your data in a structured, machine-readable format
- Objection: object to processing based on legitimate interests
- Restriction: request that we limit processing of your data
To exercise any of these rights, contact us at contact@wavyyy.app. We will respond within 30 days.
10. Children's Privacy
wavyyy is not directed to children under 13. We do not knowingly collect personal data from children under 13. If we become aware that we have collected such data, we will delete it promptly.
11. International Transfers
Your data may be processed in countries outside the European Economic Area (including the United States) by our service providers. We ensure appropriate safeguards are in place, such as Standard Contractual Clauses, to protect your data.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the date at the top of this page. Continued use of the Service after changes constitutes acceptance.
13. Contact & Complaints
For privacy-related questions or to exercise your rights, contact us at contact@wavyyy.app.
If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority. In France, this is the CNIL.