Privacy Policy
Effective from March 31, 2026. Last updated: March 31, 2026.
1. Introduction
Wavo (operated by Frederik Frifeldt) respects your privacy and is committed to protecting your personal data in accordance with GDPR (EU Data Protection Regulation (EU) 2016/679) and Danish data protection law (Law No. 630 of May 31, 2018).
This privacy policy explains how we collect, use, process, and protect your personal data when you use our website and services at wavo.dk.
2. Data Controller
The data controller for processing personal data is:
- Name: Frederik Frifeldt (Wavo)
- Website: wavo.dk
- Email: mail@frederikfrifeldt.com
- Country: Denmark
3. What personal data do we collect?
We collect the following categories of personal data:
3.1 Data you provide directly to us:
- Contact information: Name, email address, phone number (optional)
- Payment information: Credit card data is processed securely through Stripe and is not stored on our servers
- Profile data: Selected subscription, profile picture (if relevant)
3.2 Data we collect automatically:
- Usage data: How you use our platform (projects created, iterations, publications)
- Technical data: IP address, browser type, operating system, visit time and duration
- Cookies and tracking technology: See section 7
- Google Analytics: Anonymized user behavior (ID: G-JR54V3GLJE)
4. Legal basis for data processing
We process your personal data on the following legal grounds:
| Data Type | Legal Basis | Purpose |
|---|---|---|
| Contact information, payment data | Contract performance (GDPR Art. 6(1)(b)) | Account creation and management, service delivery |
| Usage data, technical data | Legitimate interest (GDPR Art. 6(1)(f)) | Platform improvement, security, troubleshooting |
| Marketing and newsletters | Your consent (GDPR Art. 6(1)(a)) | Sending updates, offers, newsletters |
| Google Analytics | Your consent via cookie banner | Analysis of user behavior, website improvement |
5. Third-party data processors
We share your personal data with the following third-party processors and partners:
5.1 Stripe (Payment Processor)
- What: Processing payments (credit cards, subscription billing)
- Data shared: Name, email, payment information (encrypted)
- Region: EU and USA
- Privacy Policy: https://stripe.com/privacy
5.2 Firebase (Authentication)
- What: User authentication via Google Sign-In
- Data shared: Email, Google profile ID, name
- Region: USA
- Privacy Policy: https://firebase.google.com/support/privacy
5.3 Netlify (Hosting)
- What: Hosting of websites created by users
- Data shared: Project data, user information
- Region: USA (with EU edge nodes)
- Privacy Policy: https://www.netlify.com/privacy
5.4 Google Analytics
- What: Analysis of website visits and user behavior
- Data shared: IP address (anonymized), user behavior, device information
- Region: USA
- ID: G-JR54V3GLJE
- Privacy Policy: https://policies.google.com/privacy
6. Data retention
We retain your personal data as long as necessary to provide our service:
| Data Type | Retention Period |
|---|---|
| Account, profile data | As long as account is active + 30 days after deletion |
| Payment history | 7 years (tax requirement) |
| Usage logs | 12 months |
| Google Analytics cookies | 26 months (default setting) |
| Technical logs (IP addresses) | 30 days |
7. Cookies and tracking technology
We use cookies to improve your experience on wavo.dk. When you first visit our website, a cookie banner is displayed where you can accept or decline.
7.1 Types of cookies:
- Necessary cookies: To keep your session running and ensure website security. These cannot be disabled.
- Analytics cookies (Google Analytics): Tracks anonymized user behavior to improve wavo.dk.
- Marketing cookies: Used to recognize you if you return (only if you have given consent).
7.2 Third-party cookies:
- Google Analytics: google.com
- Stripe: stripe.com (payment processing)
You can control cookies in your browser settings. If you disable important cookies, certain parts of wavo.dk may not function properly.
8. Your rights under GDPR
You have the following rights regarding your personal data:
8.1 Right to access (Art. 15)
You can request at any time to see what personal data we have about you.
8.2 Right to rectification (Art. 16)
You can ask us to correct or update incorrect information.
8.3 Right to erasure (Art. 17) — "Right to be forgotten"
Under certain circumstances, you can request deletion of your personal data. We will delete your account and associated data within 30 days, unless we have a legal requirement to retain it (e.g., payment history for tax purposes).
8.4 Right to restrict processing (Art. 18)
You can ask us to limit the processing we do of your data.
8.5 Right to data portability (Art. 20)
You can request to receive your personal data in machine-readable format (e.g., CSV) and transfer it to another service.
8.6 Right to object (Art. 21)
You can object to certain forms of processing, especially marketing-related.
8.7 Right not to be subject to automated decision-making (Art. 22)
We do not use fully automated decisions that could substantially affect your rights.
To request these rights: Send an email to mail@frederikfrifeldt.com with your request. We will respond within 30 days.
9. Data transfers outside EU/EEA
Some of our data processors (Stripe, Firebase, Google Analytics, Netlify) are based in the USA. According to GDPR, this creates a risk as the USA has less stringent data protection laws than the EU.
How we protect your data:
- We only use processors with Standard Contractual Clauses (SCCs) or similar protection mechanisms
- We use encryption during transmission (SSL/TLS)
- Stripe, Firebase and Netlify have both EU and US datacenters — we prefer EU storage where possible
10. Security
We implement industry-standard security measures to protect your personal data:
- SSL/TLS encryption of all data communication
- Firewalls and intrusion detection systems
- Access control and authentication
- Regular security audits
- Payment data is handled by PCI DSS-certified Stripe
Important: Although we take data protection seriously, no method can guarantee 100% security. If you discover a security breach, contact us immediately at mail@frederikfrifeldt.com.
11. Child protection
Wavo is not intended for persons under 13 years of age (or the minimum age requirement in your area). We do not knowingly collect personal data from children. If we become aware that a child has given us their information, we delete it immediately.
12. Contact us and your rights
If you have questions about this privacy policy or wish to exercise your GDPR rights, contact us:
Complaint to supervisory authority
You have the right to file a complaint with the Danish Data Protection Authority if you believe we are processing your personal data in violation of GDPR:
- Danish Data Protection Authority
- Borgergade 68, 1300 Copenhagen K
- Phone: +45 3319 3200
- Email: dt@datatilsynet.dk
- Website: https://www.datatilsynet.dk
13. Changes to privacy policy
We may update this privacy policy from time to time to reflect changes in our practices or applicable laws. We will notify you via email or on our website if there are material changes.
Last updated: March 31, 2026