301.652.1245 support@wave2.io
Select Page

Wave2 Privacy Policy

Your privacy is important to us. When you use our services, you’re trusting us with your information. We understand this is a big responsibility and we work hard to protect your information. By continuing to use our Services, you agree to our use of cookies, logs, and website tracking, as well as our use and storage of location data, search and request information, and other similar personal information as described in this Privacy Policy.

This Privacy Policy applies to information that Wave2, LLC and/or its affiliates (“Wave2,” “we,” “us,” and “our”) collect when you use any of our websites, web applications, locators, application programming interfaces (APIs), scripts, links, programs, forms, or any other online products or services (collectively, our “Services”) that we provide or power, including any third-party products and services that integrate with our Services or use our APIs.

This Privacy Policy is intended to help you understand what data we collect, why we collect it, what we do with it, and your options regarding our collection and use of that data.

Information We Collect

  1. Wave2 Services and Website Tracking, Logs and Cookies: Whenever you visit or interact with our websites, APIs, and/or Services, we may automatically, passively, or actively collect certain information about your browser and your interaction with our website, possibly including (a) IP address, (b) browser and device type and screen size, (c) operating system, (d) referring web page, (e) the date and time of page visits, (f) the pages accessed on our websites, (g) search information entered, (h) SMS or email addresses entered, (i) GPS or other similar geolocation information. We also use cookies and similar technologies to recognize and improve your use of our websites and Services. We delete all such information after 365 days, and we do not associate it with any personally identifying information of any individual, including names, locations, email addresses, IP addresses, or phone numbers.
  2. Information from Third Parties: We may receive information related to your use of our Partner websites and services, including your IP address, name, email address, phone, address, current location, search requests, and your interactions with our Partner. Common examples include searching in a website locator, sharing location information by text message or email, or entering information in web application inputs.
  3. Contact Information Entered: We may receive information that you directly provide to use in website forms, contact forms, and similar requests for information.

Personal information does not include:  Publicly available information from government records. Deidentified or aggregated consumer information, or information excluded from the CCPA’s scope.

How We Use the Information We Collect

  1. Website Logs and Cookies: We use cookies, website logs and other similar data and technologies to monitor metrics about our websites such as the number of visitors and pages viewed and for internal diagnostic and analytic purposes to improve our website and the Services we provide. We may combine this data with information we receive from other sources. We have a legitimate interest in improving and marketing our Services and certain data collection is necessary in order to provide the Services. 
  2. Services and APIs: We use the data collected through our Services and APIs (1) for internal diagnostic and analytic purposes (2) to improve our mapping products and services (3) to provide our Services to end users of our customers and (4) to generate aggregated and anonymized usage statistics for usage tracking and geographic interest analysis for our customers. We have a legitimate interest in improving our Services and certain data collection is necessary in order to provide the Services.

When We Share the Information We Collect With Third Parties

  1. In General: We are a company focused on the needs of financial institutions and related financial services partners and service providers, and therefore we share anonymous and aggregate usage information with our customers about the usage and performance of the specific Services we provide for them. However, we do not share any such data with any other third parties other than indirectly with our own service providers, such as cloud computing platforms, which enable us to deliver the Services.
  2. Website Logs and Cookies: As mentioned above, we indirectly share information about your device and interaction with our website with our service providers that host our websites and provide analytics services to us. Certain hosting, data management, and analytics services that integrate directly into our websites and/or Services may collect information about your device, browser, and interaction with our websites (including by placing third-party cookies on your browser or other similar technologies). We do not control how these third parties use or share this information, which is subject to their privacy policies.
  3. Services and APIs: We indirectly share information collected through your use of our Services and APIs with our hosted infrastructure and internal analytics service providers. We directly share information collected through your use of our Services and APIs with our customers for the purposes of providing internal diagnostics and analytics for better understanding of geographic interest and usage patterns of the Services by end users. We also may share aggregated and anonymized usage statistics with other third parties.
  4. Hosted Data: We use third parties to store, process and deliver the Hosted Data contained in our Services and APIs (e.g., Microsoft Azure). We may share the Hosted Data with such service providers subject to obligations consistent with this Privacy Policy and any other appropriate confidentiality and security measures. We do not otherwise disclose Hosted Data except as directed by you or as described below in “Rare and Limited Disclosure”.
  5. Rare and Limited Disclosures: We may share information in our possession in response to a request if we believe disclosure is in accordance with, or required by, any applicable law, regulation or legal process. For more information, see “Law Enforcement and Transparency,” below.
    Furthermore, we may share information in our possession if we have a good-faith belief that access, use, preservation, or disclosure of the information is reasonably necessary to enforce our terms of service, detect, prevent, or otherwise address threats to our platform, or protect against harm to the rights, property or safety of Wave2, our users, or the public as required or permitted by law.
    Finally, we may also share the information we collect in connection with, or during negotiations of, any merger, sale of company assets, financing or acquisition of all or a portion of our business by another company. We may also share information among our current and future parents, affiliates, subsidiaries and other companies under common control and ownership.

Your Choices About What We Do with the Information We Collect

  1. Website Logs and Cookies: You may delete cookies from your browser on your computer and/or device, and most browsers provide the option to block cookies. Note that if you block cookies placed by us (first party cookies), portions of our Services, including our website, may not work as intended. However, your access to our websites should not be affected if you disable third-party cookies placed by third parties that manage marketing and analytics aspects of our website.
  2. Services and APIs: If you are an end-user of our Services, you may choose not to enable geolocation information in the settings of your browser and/or device, and not to directly submit personal information in the Services, and you may control your browser’s cookie preferences.  Furthermore, you may pursue the opt-out procedures described in the CCPA section below. If you are an end user of a product or service that integrates our APIs, your privacy options will be largely determined by the developer of the product or service. In addition to any privacy options that the developer may have provided you with, you may also be able to control the applications that can collect information about your precise location by using the settings available on your device, including opting out of collection of telemetry data.
  3. Questions. If you have any questions about how to limit the disclosure and/or use of your personal information to us, please email us at support@Wave2.io.

Your Access to and Control of the Information We Collect

  1. In General: If you believe that information about you has been processed in violation of this Privacy Policy, applicable law, or, for transfers before July 16, 2020, the Privacy Shield Principles (see “U.S.-EU Privacy Shield and Swiss-U.S. Privacy Shield” below), please email us at support@wave2.io. In accordance with applicable law, your privacy rights may include the following: (i) access personal information about you including: (a) confirming whether we are processing your personal information; (b) obtaining access to or a copy of your personal information; and (c) receiving an electronic copy of personal information that you have provided to us, or asking us to send that information to another company (the “right of data portability”), (ii) request correction of your personal information where it is incomplete or inaccurate, (iii) request deletion of your personal information, (iv) request restriction or object to the processing of your personal information, and (v) withdraw your consent to our processing of your personal information.
  2. Contact Information: If we have contact information about you, such as your email address on our newsletter list, you may exercise your privacy rights with respect to this information. However, we may not be able to verify your identity for purposes of processing your request, as we may not have sufficient information to adequately verify your request. To unsubscribe from our newsletter or other communications, please follow the instructions in the emails that you receive from us.
  3. Website Logs, Cookies, Services, and APIs: We temporarily retain IP addresses for security and accounting purposes. Given the temporary and aggregate nature of this storage, it is generally not feasible for us to provide access to IP addresses or the logs associated with them. Email addresses and phone numbers entered in the “share” feature of the Services are not stored beyond their immediate usage in fulfilling the functionality of the Services, and they are therefore not retained or available in our systems. The search information directly entered by end-users is anonymous and aggregate and is not associated with any individual user within our systems, so it is generally not feasible for us to provide access to entered user search information.

Your privacy rights under the California Consumer Protection Act (CCPA)

California consumers have the following privacy rights:

  • to not receive discriminatory treatment by Wave2 for the exercise of privacy rights conferred by the CCPA;
  • to request to know the personal information Wave2 has about you. You may access personal information associated with your Wave2 account, such as username, email address, and associated account activity by logging into your Wave2 account; and
  • to request deletion of your personal information collected or maintained by Wave2; and
  • to designate an authorized agent to make a verifiable consumer request related to your personal information on your behalf.

In order to submit a request to exercise your privacy rights, you may do one or more of the following:

  • E-mail us as support@wave2.io.
  • Send mail to us at Wave2, LLC, Attn: General Counsel, PO Box 83465, Gaithersburg, MD 20878

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
  • We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
  • If you believe Wave2 has any personal information about you that is not an email address or SMS phone number, please email Wave2 at support@wave2.io describing in detail the information you believe Wave2 has and how you believe Wave2 obtained it. Please note that without an email address, it may not be possible for Wave2 to verify your identity to a reasonable degree of certainty to locate or delete any information.

The CCPA provides California residents with the right to know what categories of personal information Wave2 has collected about them and whether Wave2 disclosed that personal information for a business purpose (e.g., to a service provider) in the preceding 12 months.  The categories of sources from which we collect personal information and our business and commercial purposes for using personal information are set forth above in the sections above titled Information We CollectHow We Use the Information We Collect, and When We Share the Information We Collect With Third Parties.

For purposes of the CCPA, Wave2 does not “sell” personal information, nor do we have actual knowledge of any “sale” of personal information of minors under 16 years of age. You may complete this DO NOT SELL MY PERSONAL INFORMATION form to opt out of the disclosure of your personal information to third parties that are not our service providers. (If you also want to opt out of third-party cookies on our website, you can do so using your browser’s cookie preferences.)

Your privacy rights under the EU General Data Protection Regulation (GDPR)

The EU General Data Protection Regulation (“GDPR”) came into force on 25 May 2018. The new Regulation aims to standardize data protection laws and processing across the EU, giving people greater rights to access and control their personal information. 

Our Commitment

Although we do not actively do business in the EU, on the outside chance that certain users may be in Europe, Wave2 is committed to ensuring protection of all personal information that we hold, and to provide and to protect all such data. We recognize our obligations in updating and expanding this program to meet the requirements of GDPR.

Wave2 is dedicated to safeguarding the personal information under our control and in maintaining a system that meets our obligations under the new regulations. We already have a consistent level of data protection and security across our organization to ensure compliance.

  • Information Audit — We carried out an audit of information previously held and ensured that it was compliant with the new regulations.

  • Policies and Procedures — we have revised data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws, including:

    • Basic Practices – fundamentally we do not gather, store, or use any personal data.

    • Data Protection – our main policy and procedure document for data protection has been revised to meet the standards and requirements of the GDPR. Accountability and governance measures are in place to ensure that we understand and adequately disseminate and evidence our obligations and responsibilities; with a dedicated focus on privacy and the rights of individuals.

    • Data Retention and Erasure – we have updated our retention policy and schedule to ensure that we meet the “data minimization” and “storage limitation” principles and that personal information is stored, archived and destroyed in accordance with our obligations. We have procedures in place to meet the new “Right to Erasure” obligation.

    • Data Breaches – our procedures ensure that we have safeguards in place to identify, assess, investigate and report any personal data breach as early as possible. Our procedures have been explained all employees.

    • International Data Hosting – Wave2 stores all data in Microsoft Azure hosted data systems in the USA. We have robust procedures in place to secure the integrity of the data. 

    • Subject Access Request (SAR) – we have revised our SAR procedures to accommodate the revised 30-day timeframe for providing the requested information and for making this provision free of charge

    • Privacy Notice/Policy – we have revised our Privacy Notice(s) to comply with the GDPR, ensuring that all individuals whose personal information we process have been informed of why we need it, how it is used, what their rights are, who the information is disclosed to and what safeguarding measures are in place to protect their information.

    • Obtaining Consent – we have revised our consent mechanisms for obtaining personal data, ensuring that individuals understand what they are providing, why and how we use it and giving clear, defined ways to consent to us processing their information

    • Direct Marketing – we have revised the wording and processes for direct marketing, including clear opt-in mechanisms for marketing subscriptions; a clear notice and method for opting out and providing unsubscribe features on all subsequent marketing materials.

    • Data Protection Impact Assessments (DPIA) – where we process personal information that is considered high risk, we have developed stringent procedures for carrying out impact assessments that comply fully with the GDPR’s Article 35 requirements. We have implemented documentation processes that record each assessment, allow us to rate the risk posed by the processing activity and implement mitigating measures to reduce the risk posed to the data subject(s).

    • Processor Agreements – we have not used any third-party to process personal information on our behalf.

Data Subject Rights

We provide easy-to-access information via email request of an individual’s right to access any personal information that Wave2 processes about them and to request information about:

  • what personal data we hold about them

  • the purposes of the processing

  • the categories of personal data concerned

  • the recipients to whom the personal data has/will be disclosed

  • how long we intend to store your personal data for

  • if we did not collect the data directly from them, information about the source

  • the right to have incomplete or inaccurate data about them corrected or completed and the process for requesting this

  • the right to request erasure of personal data (where applicable) or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use

  • the right to lodge a complaint or seek judicial remedy and who to contact in such instances.

Information Security and Technical and Organizational Measures

Wave2 takes the privacy and security of individuals and their personal information very seriously and take every reasonable measure to protect and secure the personal data that we process. We have robust information security policies and procedures in place to protect personal information from unauthorised access, alteration, disclosure or destruction.

If you have any questions about our GDPR compliance policies, please contact support@wave2.io.


Law Enforcement and Transparency

  1. In General: Although we acknowledge that government sometimes must act to protect citizens’ safety and security. Wave2 has never received any user information requests from law enforcement or government agencies, nor any national security letter, FISA court order, or any other classified request of any kind. If we ever receive such a request, we will review it carefully and make sure it follows the law (including the Fourth Amendment). If we believe a request is overly broad, we will seek to narrow it. If we have a good faith belief that there is an emergency involving the danger of death or severe physical injury, we may disclose limited information necessary to prevent that harm.
  2. Website Logs, Cookies, Services, and APIs: We will only disclose information collected through our Services, including maps and associated data and location information, in response to a subpoena or court order.


We go to great lengths to ensure that your information is treated securely and in accordance with this Privacy Policy. Unfortunately, no system is 100% secure, and we cannot ensure or warrant the security of any information you provide to us. We have taken appropriate safeguards to require that your personal information will remain protected and require our third-party service providers and partners to have appropriate safeguards as well. To the fullest extent permitted by applicable law, we do not accept liability for unauthorized disclosure.

By using our websites, Services, and/or APIs or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of our Services. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on our Services, by mail or by sending an email to you.

Children’s Information

Wave2 websites, Services and APIs are not directed to children under 13 (or other age as required by local law), and we do not knowingly collect personal information from children.

If you are a parent or guardian and wish to review information collected from your child, or have that information modified or deleted, you may contact us as described below. If we become aware that a child has provided us with personal information in violation of applicable law, we will delete any personal information we have collected, unless we have a legal obligation to keep it.

Other Websites

This privacy policy does not cover APIs and other services available on domains other than Wave2.io or wave2locator.com, including without limitation the websites and mobile applications of our customers and partners and any third-party APIs and services they may use.

Changes to Our Privacy Policy

Wave2 reserves the right to amend this Privacy Policy at our discretion and at any time. It is our policy to post any changes we make to our privacy policy on this page. If we make material changes to how we treat our users’ identifying and/or personal information, we will notify you through a notice on this page. You are responsible for periodically visiting our Website and this Privacy Policy to check for any changes. Your continued use of our Websites, Services, and/or APIs at any time constitutes your acceptance of our Privacy Policy and any changes thereto.