Legal
Data Deletion
Last updated · June 24, 2026
You can delete your WAVE account — and all the personal data associated with it — at any time. This page describes three ways to do that, with timelines and what gets retained.
1. Self-serve (fastest — 1 minute)
If you have an active WAVE account:
- Sign in at wavedsp.ai/auth/login.
- Open Settings → Account → Delete account.
- Confirm. Your account is closed immediately; personal data is purged within 30 days.
If you only want to disconnect a single social platform (Instagram, TikTok, or YouTube) without closing your WAVE account, open Settings → Connected Accounts → Disconnect. Revocation is immediate — WAVE’s read-only token is invalidated and we stop reading from that platform’s API.
2. Public request (no account needed)
Use this form if you can’t sign in — for example, you only connected a social account once and no longer have access to the email you used. We respond within 5 business days; full deletion completes within 30 days, in line with GDPR Article 12.
3. Meta-initiated deletion callback
If you remove WAVE from your Facebook or Instagram account’s Connected Apps screen, Meta automatically sends a deletion-callback request to our server at:
POST https://wavedsp.ai/api/legal/meta-data-deletion-callback
We verify the signed_request payload, identify your WAVE account via your Facebook user ID, and queue full deletion. You receive a confirmation URL and a ticket reference from Meta directly; you can check the ticket status at:
https://wavedsp.ai/data-deletion/status?id=<ticket_id>
What gets deleted
- Your account record (email, name, profile data).
- OAuth refresh tokens for any connected social account.
- Personal data in waves, briefs, drafts, and submitted post URLs.
- Notification history and in-app messages.
- Payment metadata stored on our side. (Stripe’s independent records are retained per Stripe’s own policy and U.S. tax law.)
What we have to retain
We are legally required to keep the following for a limited period after deletion:
- Tax records — for 7 years if you were a U.S. creator who received earnings via Stripe Connect (1099-NEC).
- Anti-fraud signals — hashed identifiers (no readable PII) for up to 12 months to prevent ban-evasion.
- Aggregated, de-identified wave performance metrics— e.g., “Wave X reached 124K accounts.” These do not identify you individually and are not personal data after aggregation.
All retained data is encrypted at rest and access is restricted to compliance personnel under audit log.
Timeline
- Day 0 — You submit a deletion request (any path).
- Day 0–1 — Account is immediately disabled; you can no longer sign in; all social-platform OAuth tokens are revoked.
- Day 1–30 — Personal data is purged from our primary databases. Aggregated, de-identified metrics are retained.
- Day 30–90 — Encrypted backups rotated out of cold storage.
- Day 90+ — Only legally-required tax records and hashed anti-fraud signals remain.
Contact
Questions about a deletion request, or need to escalate? privacy@wavedsp.ai. We aim to respond within 5 business days.