Privacy Policy

Last updated: April 2026

1. Who We Are

WAVIBOY (“we”, “us”, “our”) operates from Leeds, United Kingdom, with a registered business address in Manchester, United Kingdom. We run the website learn.waviboy.com, the WAVIBOY Academy course, the WAVIBOY Membership Club, the Vaults, the Job Board, the community, and associated lead-generation properties (including freebie pages).

For the purposes of UK GDPR, the EU GDPR (where applicable), and the Data Protection Act 2018, we are the data controller responsible for your personal data.

Privacy and legal contact: legal@waviboy.com (general enquiries: support@waviboy.com)

EU Representative (Article 27 GDPR): If you are based in the European Economic Area, you may also contact our EU Representative for matters relating to the EU GDPR. Details are published on our website footer and provided on request.

2. What Data We Collect

Data you provide to us

Account information: Name, email address, country, and (optionally) profile photo and biographical details when you sign up or update your profile
Payment information: Billing details (name, billing address, card details) processed securely by Stripe; we receive only the last four digits of your card and a token, never the full card number
Communications: Messages you send via email, the community platform, support channels, or social media DMs
Community content: Posts, comments, reactions, profile customisations, and work you share within the community space and Circle.so
Submitted work: Course Builds, portfolio pieces, and other deliverables you upload to the platform
Survey, application, or onboarding responses if you provide them

Data collected automatically

Device and browser information: Browser type, operating system, screen resolution, and device type
Usage data: Pages visited, time spent on lessons, features used, course progress, points and leaderboard activity, and login session data
IP address and approximate location: Collected via server logs and analytics for security, fraud prevention, and aggregated analytics
Cookies and similar technologies: See Section 7 below

3. Why We Process Your Data (Legal Basis)

Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following:

Purpose	Legal basis
Delivering your course and community access	Contractual necessity
Processing payments	Contractual necessity
Sending course updates and new content notifications	Legitimate interest
Sending marketing emails	Consent (you can opt out at any time)
Improving the course, website, and user experience	Legitimate interest
Responding to support requests	Contractual necessity
Preventing fraud and securing our platform	Legitimate interest
Complying with legal or tax obligations	Legal obligation

4. Third-Party Services (Data Processors)

We share your data only with trusted third-party services required to run our business. These parties process data on our behalf under appropriate Data Processing Agreements:

Service	Purpose	Location
Stripe	Payment processing, billing, subscription management, fraud prevention	United States / Ireland
Circle.so	Community platform hosting and member messaging	United States
Cloudflare R2	Storage and delivery of course videos, images, and uploaded files	United States / EU
Railway	Application hosting and database (MySQL) for the learn.waviboy.com platform	United States
Email service provider	Sending transactional and marketing emails	United States / EU
Analytics provider	Aggregate website usage analytics (only with your consent for non-essential cookies)	United States

We may also use third-party tools for ad measurement, customer support, scheduling, and operational tasks. We update this list as our processors change. The current list is always available on request.

We do not sell, rent, or trade your personal information to any third party.

5. International Data Transfers

Some of our service providers are based outside the United Kingdom. Where your personal data is transferred internationally, we ensure appropriate safeguards are in place, including:

Providers certified under the EU-US Data Privacy Framework
Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner’s Office
Providers operating under equivalent data protection standards

6. Data Retention

We keep your data only as long as necessary:

Active account data: Retained while your membership is active
After cancellation: Account data deleted within 30 days of your request, unless legally required to retain it
Financial records: Retained for 6 years to comply with UK tax and accounting obligations (HMRC)
Marketing preferences: Your opt-out preference is retained indefinitely so we don’t email you again
Analytics data: Aggregated and anonymised data may be retained indefinitely

7. Cookies and Similar Technologies

We use cookies and similar technologies on our website. Here’s what we use and why:

Essential cookies: Required for the website and course platform to function (e.g. login sessions, security tokens, checkout flow). These are set without consent because the service cannot run without them.
Analytics cookies: Help us understand how visitors use the site so we can improve it. Set only after you give consent via our cookie banner.
Marketing cookies: Used to measure the effectiveness of our advertising and (if applicable) retarget visitors. Set only after you give consent via our cookie banner.

You can grant, withdraw, or update your cookie preferences at any time using the cookie banner or the cookie preferences link in our website footer. Withdrawing non-essential consent will not affect your ability to access the course.

8. Data Security

We take reasonable technical and organisational measures to protect your personal data, including:

All data transmitted via HTTPS/TLS encryption
Payments processed through PCI-DSS compliant Stripe (we never see or store your full card details)
Access to personal data restricted to authorised personnel only
Regular review of our security practices

No system is 100% secure. If you become aware of a security issue, please contact us immediately at support@waviboy.com.

9. Your Rights

Under UK GDPR, you have the following rights:

Right of access: Request a copy of the personal data we hold about you
Right to rectification: Ask us to correct inaccurate or incomplete data
Right to erasure: Ask us to delete your personal data (subject to legal retention requirements)
Right to restrict processing: Ask us to temporarily stop processing your data
Right to data portability: Receive your data in a structured, machine-readable format
Right to object: Object to processing based on legitimate interest or for direct marketing
Right to withdraw consent: Where we rely on consent, you can withdraw it at any time

To exercise any of these rights, email us at support@waviboy.com. We will respond within 30 days.

10. Featuring Member Work and Testimonials

If we wish to feature your work, name, photo, or testimonial in case studies, marketing materials, or social media, we will ask for your specific written consent first via a Case Study Release Form. You can withdraw that consent at any time by emailing legal@waviboy.com; we will remove the featured material from our owned channels within a reasonable period (we may not always be able to remove material that has already been shared by third parties).

11. AI-Generated Content in Our Marketing

Some of our marketing imagery and our brand character (“Wavi”) are AI-generated creative assets. We disclose this where required (in our public communications, on social channels where Wavi appears, and in our Terms of Service). We do not use AI to fabricate testimonials, member identities, claimed results, or member outcomes.

12. Marketing Communications

We may send you emails about course updates, new content, and relevant offers. You can unsubscribe at any time by:

Clicking the unsubscribe link at the bottom of any marketing email
Emailing support@waviboy.com

Unsubscribing from marketing will not affect transactional emails related to your account (e.g. payment confirmations, login details).

13. Age Restriction

Our services are intended for individuals aged 18 and over. We do not knowingly collect personal data from anyone under 18. If we become aware that we have collected data from someone under 18, we will delete it promptly.

14. Changes to This Policy

We may update this privacy policy from time to time. If we make significant changes, we will notify you by email or through a notice on our website. The “last updated” date at the top reflects the most recent revision.

15. Complaints

If you’re not happy with how we handle your data, you have the right to lodge a complaint with the UK’s supervisory authority:

Information Commissioner’s Office (ICO)
Website: ico.org.uk
Helpline: 0303 123 1113

We’d appreciate the chance to resolve your concern first. Please reach out to us at support@waviboy.com before contacting the ICO.

16. Contact

For any questions about this privacy policy or your personal data:

Email: support@waviboy.com