Privacy Policy – Wavi One / WaviBot AI Chatbot CRM
Effective Date: March 28, 2025
1. Introduction
Welcome! This Privacy Policy explains how Wavi One (“we,” “us,” or “our”), operated by Ahmed M Hassan / New Waves App Development, collects, uses, shares, and protects information in relation to our WordPress plugin “WaviBot AI Chatbot CRM” (the “Plugin”), our website (wavi.one or your designated website) (the “Website”), our license activation and validation service (the “License Service” hosted via license.newwaves.app), and our support services (collectively, the “Services”).
This policy applies to information we process as a Data Controller, primarily concerning plugin purchasers/licensees (“Users,” “you”) interacting with our Services.
Scope Limitation: This policy does NOT cover:
- Data collected by Envato Market during your purchase of the Plugin (governed by Envato’s Privacy Policy).
- Data collected and processed by third-party services you choose to integrate with the Plugin, such as OpenAI or Google reCAPTCHA (governed by their respective privacy policies).
- Data collected by your website visitors when they interact with the WaviBot AI Chatbot CRM plugin installed on your own WordPress site. As the website owner using the Plugin, you are the Data Controller for your visitors’ personal data processed via the chatbot and stored in your WordPress database. You are responsible for creating and displaying your own privacy policy compliant with applicable laws (like GDPR, CCPA, etc.) covering your data collection practices.
By using our Services (including activating or using the Plugin), you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
We collect different types of information for various purposes related to providing and improving our Services:
- License Activation & Validation Data (Collected via License Service):
- Envato Purchase Code: Provided by you during activation to verify your purchase.
- Website URL: The domain(s) where you activate the Plugin license.
- IP Address: The IP address used during activation/validation checks, for security and validation purposes.
- Activation Status & Metadata: Records of activation dates, status changes, and license type.
- Website Data (Collected via wavi.one or your site):
- Usage Data: Standard analytics information like your IP address (potentially anonymized), browser type, pages visited, time spent, collected via cookies or server logs to analyze traffic and improve the Website.
- Contact Form / Support Data: If you contact us via forms or email, we collect your name, email address, website URL (optional), the content of your message, and any other information you voluntarily provide.
- Cookies: We may use cookies and similar tracking technologies on our Website. Please refer to our separate Cookie Policy here.
- Support Interaction Data: When you request support, we collect your contact details, purchase code (for verification), communication history, and details about the issue you provide (including potentially temporary access credentials or website details if necessary for troubleshooting, provided with your explicit consent for that purpose).
- Information Regarding Plugin Configuration (Stored Locally on Your Site):
- OpenAI API Key: You enter your API key into the Plugin settings on your WordPress site. This key is stored in your WordPress database and is used by the Plugin on your server to make calls directly to OpenAI. We do not collect, store, or transmit your OpenAI API key to our (Wavi One) servers.
3. How We Use Your Information
We use the collected information for the following purposes:
- To Provide and Maintain the Services: Specifically, to validate your purchase, activate your Plugin license, and ensure its continued authorized operation via the License Service.
- To Provide Support: To verify your eligibility for support, communicate with you, troubleshoot issues, and provide technical assistance related to the Plugin.
- To Improve Our Services: To analyze Website traffic and usage patterns, understand user needs, and improve the Website, Plugin features, and documentation.
- For Security and Fraud Prevention: To monitor activations, prevent unauthorized use of licenses, and protect the integrity of our Services.
- To Communicate With You: To respond to your inquiries, send important notices about your license or the Plugin (e.g., critical updates, security alerts), or provide information you request.
- For Legal Compliance: To comply with applicable laws, regulations, or legal processes.
Important Clarification on Visitor Data Processed by the Plugin:
WaviBot AI Chatbot CRM, when installed on your website, processes data from your visitors:
- Visitor-provided info (Name, Email, Phone) is stored in your WordPress database (e.g.,
ai_crm_entriestable). - Chat messages are stored in your WordPress database (e.g.,
ai_chat_historytable). - Visitor metadata (IP, User Agent, Referrer) is stored in your WordPress database (e.g.,
ai_conversationstable). - Messages and text for premium TTS are sent by your server directly to OpenAI’s API for processing, governed by OpenAI’s policies.
Wavi One does not routinely access or use this visitor-specific data stored on your site. Access might only occur in specific, agreed-upon support scenarios initiated by you. You, the website owner, are responsible for managing this data according to your privacy policy and applicable laws.
4. Legal Basis for Processing (for EEA/UK Users)
If you are from the European Economic Area (EEA) or the UK, our legal basis for collecting and using the personal information described above depends on the information concerned and the context:
- Performance of a Contract: Processing your Purchase Code, Website URL, and contact details for license activation and providing support is necessary to fulfill our agreement with you based on your purchase.
- Legitimate Interests: Processing IP addresses for security, analyzing website usage for improvement, and communicating essential service updates are based on our legitimate interests, provided they are not overridden by your data protection interests or fundamental rights.
- Consent: If we rely on consent (e.g., for non-essential cookies or marketing communications), we will make this clear at the time of collection and provide ways to withdraw consent.
5. Data Sharing and Disclosure
We do not sell your personal information. We may share information under the following limited circumstances:
- Service Providers: We may employ third-party companies and individuals to facilitate our Services (e.g., web hosting, analytics providers, email services) who may process data on our behalf under contractual obligations to keep it confidential and secure.
- Envato Market: Your initial purchase transaction data is handled by Envato according to their policies. We only receive necessary information (like the Purchase Code) to validate your license.
- Third-Party Integrations (User-Initiated): As described, when you configure the Plugin with your OpenAI API key or Google reCAPTCHA keys, the Plugin facilitates data transfer between your site and those services, governed by their respective privacy policies.
- Legal Requirements: We may disclose your information if required by law, subpoena, court order, or other governmental request, or if we believe in good faith that disclosure is necessary to protect our rights, property, user safety, or to investigate fraud.
- Business Transfers: If Wavi One is involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction, subject to notice and adherence to privacy commitments.
6. Data Retention
We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested, to maintain your license activation status, or to comply with applicable legal, tax, or accounting requirements).
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
7. Data Security
We implement reasonable technical and organizational security measures designed to protect the personal information we control from unauthorized access, disclosure, alteration, and destruction. However, please be aware that no method of transmission over the Internet or method of electronic storage is 100% secure.
You are responsible for:
- Keeping your Envato Purchase Code confidential.
- Keeping your OpenAI API Key secure and managing access within your OpenAI account.
- Implementing appropriate security measures on your own WordPress website.
8. International Data Transfers
Your information, including personal data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. Our servers for the Website and License Service may be located globally. By using our Services, you consent to such transfers. We will take appropriate steps to ensure that your data is treated securely and in accordance with this Privacy Policy.
9. Your Data Protection Rights (e.g., under GDPR)
Depending on your location, you may have the following data protection rights regarding information we hold about you (e.g., license data, support interactions, website data):
- Access: Request access to your personal information.
- Rectification: Request correction of inaccurate or incomplete information.
- Erasure: Request deletion of your personal information (‘right to be forgotten’), subject to legal/contractual retention needs.
- Restriction: Request restriction of processing under certain conditions.
- Data Portability: Request a copy of your information in a structured, machine-readable format.
- Objection: Object to processing based on legitimate interests.
- Withdraw Consent: If processing is based on consent, withdraw it at any time.
To exercise these rights regarding data held by Wavi One, please contact us using the details below.
Important: For requests concerning data collected by the WaviBot plugin on a specific website you visited, please contact the owner/administrator of that website, as they are the Data Controller for that data.
You also have the right to complain to a data protection authority about our collection and use of your personal information.
10. Children’s Privacy
Our Services and the Plugin are not intended for use by children under the age of 16 (or the relevant age of consent in your jurisdiction). We do not knowingly collect personally identifiable information from children under this age. If you become aware that a child has provided us with personal information, please contact us.
11. Cookies
Our Website (wavi.one or your designated site) may use cookies. For detailed information, please see our Cookie Policy here.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new Privacy Policy on our Website and updating the “Effective Date” at the top. You are advised to review this Privacy Policy periodically for any changes. Changes are effective when they are posted on this page.
13. Contact Us
If you have any questions about this Privacy Policy or wish to exercise your data protection rights regarding information held by Wavi One, please contact us:
- By email: privacy@example.com
- Via our website contact form: Contact Us
- By mail (Optional):
Wavi One / New Waves App Development
[Your Full Business Address, including Country – e.g., Doha, Qatar]