Blockwave Media, LLC – Privacy Policy

Last updated: January 2026

This Privacy Policy explains how Blockwave Media, LLC ("we", "us", or "our") collects, uses, and protects personal data when you use our platform and related services (collectively, the "Service").

1. Roles: Controller vs Processor

For platform account and billing data, Blockwave Media, LLC is the data controller under applicable privacy laws (including the EU General Data Protection Regulation, "GDPR").

For end-customer data (e.g., vehicle owners receiving messages from a shop), we generally act as a data processor on behalf of the shop (the controller). Shops are responsible for obtaining any required consents and providing required notices to their customers.

2. Personal Data We Collect

We may collect the following categories of personal data:

  • Account data: name, email address, authentication identifiers, role, and account settings.
  • Billing data: billing contact details, invoices/receipts, and payment status (payment card data is handled by our payment processors).
  • Shop data: shop contact details, locations, phone numbers, and configuration settings.
  • Customer data: vehicle owner name, phone number, vehicle/job details, status updates, and message history (SMS and other communications).
  • Usage data: log data, analytics events, pages viewed, and actions taken within the Service.
  • Technical data: IP address, device identifiers, browser type, and similar metadata.

3. How We Collect Data

We collect data in several ways, including:

  • Information you provide when creating an account or using the Service
  • Data your shop inputs about vehicles, customers, and workflow (jobs, phone numbers, messages)
  • Information collected automatically through cookies or similar technologies (see Section 10)
  • Information from third-party services you connect or that we use to deliver the Service (e.g., messaging providers)

4. How We Use Personal Data

We use personal data for purposes such as:

  • Providing, operating, and maintaining the Service
  • Sending and receiving communications between shops and their customers (including message delivery, routing, and logging)
  • Providing customer support and troubleshooting
  • Improving reliability, safety, and performance
  • Generating analytics and reporting for shops (including aggregated or de-identified insights)
  • Detecting, preventing, and investigating abuse or security issues
  • Complying with legal obligations and enforcing our agreements

5. Legal Bases (GDPR)

Where GDPR applies, we rely on the following legal bases:

  • Contract: to provide the Service to you and your shop.
  • Legitimate interests: to improve the Service, prevent abuse, secure our infrastructure, and maintain audit trails for safety and compliance.
  • Consent: where required for certain marketing communications.
  • Legal obligation: to comply with applicable laws and regulatory requirements.

6. Messaging, Compliance & Audit Logs

The Service may store message content, delivery metadata, and related operational logs to provide the Service, troubleshoot issues, and support compliance (including opt-out handling and carrier/A2P requirements).

We may retain administrative/audit logs (including records of message events and certain system actions) for security, fraud prevention, dispute resolution, and legal compliance.

7. AI Processing & Message Content

The Service may use third-party AI providers to generate suggested replies, summarize messages, classify intents, or produce analytics insights. Message content and related metadata may be sent to these providers strictly for processing on our behalf.

We do not sell message content or personal data. Where applicable, we use contractual safeguards with vendors and limit data shared to what is necessary to provide the AI features.

8. Sharing Personal Data with Third Parties

We may share personal data with third parties such as:

  • Infrastructure providers: hosting, databases, storage, and monitoring.
  • Messaging providers: SMS/WhatsApp/email providers used to send and receive communications.
  • AI providers: to support AI-assisted features.
  • Payment processors: to process subscription payments and invoicing.
  • Professional service providers: legal, accounting, and security consultants.
  • Authorities: where required by law, regulation, or valid legal process.

We require third-party processors to handle personal data in accordance with applicable laws and our instructions.

9. International Transfers

Where possible, we use EU-based infrastructure for EU customer data. If personal data is transferred outside the EU/EEA, we use appropriate safeguards such as Standard Contractual Clauses or other lawful transfer mechanisms.

10. Cookies & Tracking

We may use cookies and similar technologies for authentication, security, and basic analytics. You can control cookies through your browser settings. Some features of the Service may not function properly if cookies are disabled.

11. Data Retention

We retain personal data for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Message logs and audit trails may be retained for a reasonable period even after account cancellation where required for security, billing, compliance, or legal purposes.

12. Security

We implement technical and organizational measures designed to protect personal data, including encryption in transit, access controls, and monitoring. However, no system can be completely secure, and we cannot guarantee absolute security.

13. Your Rights (GDPR/UK GDPR)

Where GDPR or similar laws apply, you may have rights including:

  • Right of access to your personal data
  • Right to rectification (correction) of inaccurate data
  • Right to erasure ("right to be forgotten"), subject to legal limits
  • Right to restriction of processing
  • Right to data portability
  • Right to object to certain types of processing
  • Right to withdraw consent, where processing is based on consent (where applicable)

You can exercise these rights by contacting us. We may need to verify your identity before responding.

14. End-Customer Requests

If you are a vehicle owner receiving messages from a shop using the Service, we generally process your data as a processor on behalf of that shop. In most cases, you should contact the shop directly to exercise your data rights. If you contact us, we will assist where appropriate and as required by law.

15. Children's Privacy

The Service is not directed to children and is intended for use by businesses. We do not knowingly collect personal data from children.

16. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice (for example, by email or in-app). Continued use of the Service after changes become effective indicates acceptance of the updated Policy.

17. Contact

If you have questions or requests regarding this Policy, contact:

Email: support@blockwavemedia.io