Wave

Wave: Our Privacy Commitment to You Effective as of: February 28, 2014

TRUSTe online privacy certification

At Wave Accounting Inc. ("Wave"), we value your trust and respect your privacy.

Wave strives to support small business owners like you by offering a fast and easy way to manage your money, while respecting your privacy expectations and protecting your Personal Information.

By "Personal Information", we mean information about an identifiable individual such as a person's name, email address, residential address, telephone number, and in some cases, more sensitive information such as but not limited to gender, demographic information, family status, investment particulars, consumption preferences, business expenditures, credit score, accounting data, social security or social insurance numbers, bank account information, and payment card information. If you or your employer use our payroll service, Personal Information may include employment status, names, addresses, bank account data, hours worked, hire date, marital status, rates of pay and taxes paid and payable about you, your employees, agents, contractors and representatives.

To demonstrate our commitment to protecting your privacy, we have developed this Privacy Policy, which describes how we will collect, use, disclose, retain and protect Personal Information in order to provide you with our online accounting, payroll, payment and invoicing services and other small business–related services (collectively, the "Services") offered and maintained by us and our affiliates from time to time. Our Privacy Policy is based on applicable privacy legislation as well as 10 internationally recognized privacy principles.

Wave has been awarded TRUSTe's Privacy Seal signifying that this Privacy Policy and practices have been reviewed by TRUSTe for compliance with TRUSTe's program requirements including transparency, accountability and choice regarding the collection and use of your personal information. TRUSTe's mission, as an independent third party, is to accelerate online trust among consumers and organizations globally through its leading privacy trustmark and innovative trust solutions. If you have questions or complaints regarding our Privacy Policy or practices, please contact us at:

Wave Accounting Inc.
235 Carlaw Ave., Suite 601
Toronto, ON M4M 2S1
Canada
info@waveapps.com
(416) 521-9141
Attention: Privacy Officer

If you are not satisfied with our response you can contact TRUSTe here. The TRUSTe program covers only information that is collected through the Wave Apps Site (waveapps.com, waveaccounting.com and wavepayroll.com), and does not cover information that may be collected through software downloaded from the Wave Apps Site or from any third-party sites.

For the purposes of this Privacy Policy, the term "Site" means these websites (waveapps.com, waveaccounting.com and wavepayroll.com), all related webpages, and all related websites operated by affiliates or divisions of Wave, but does not include any third-party websites which are linked to or may link from this website whether or not such third-party websites are used in connection with the Services. "Wave Apps" means the Site and all mobile applications and other applications which provide access to the Services offered by Wave and its affiliates from time to time.

Wave Privacy Policy

Accountability

Wave has designated a Privacy Officer who is responsible for the creation, oversight and implementation of our Privacy Policy and procedures to protect Personal Information, for receiving your privacy-related questions, and for providing you with information about our privacy practices. Our Privacy Officer is also responsible for notifying you of any material changes to our privacy practices, by posting updated information on our Site.

You can contact our Privacy Officer:

Brian Masson
Information Security Officer
235 Carlaw Ave., Suite 601
Toronto, ON M4M 2S1
Canada
Email: privacy@waveapps.com
Phone: (416) 521-9141 extension 130
Attention: Privacy Officer

Identifying Purposes

Wave collects, uses, and discloses Personal Information only for the purposes of providing you with our Services and for such other ancillary purposes consented to by you as a user of the Wave Apps.

Personal Information

More specifically, Wave collects, uses and discloses information (which may include Personal Information) for the following purposes:

Consent

Wave takes a consent-based approach to the collection, use and disclosure of Personal Information. We collect Personal Information directly from you and only obtain Personal Information from other organizations (e.g., your bank or other third-party service providers) when you provide us with the account numbers, passwords or other credentials required to retrieve the Personal Information and for the purpose of providing you with our Services. We use and disclose the Personal Information only as described in this policy and our Terms of Use.

At any time and without penalty, Wave users can withdraw their consent and close their Wave account by taking the following actions:

  1. If you are a Payroll by Wave user, place your payroll account on hold.
  2. Open the "Your Profile" page within our application.
  3. At the bottom of the "Your Profile" page, click the "Close this Account" button and then confirm by clicking "Yes, close my account."
  4. You will be sent an email for confirmation that the account is being closed by the rightful account holder. Click the link in the email.
  5. In the web page that opens, click "Yes, please close my account" to complete your account closure.

Once your account is closed, we will take the following actions:

For users of all Wave products except Payroll:

For users of Wave's Payroll product:

At any time, Wave users can opt-out of most email communication from us by clicking on the unsubscribe link at the bottom of our emails, or via the "Email Preferences" section of the "Your Profile" page, accessible via the “Account” menu. Users of Wave's Payroll product wishing to opt-out of payroll emails must do so in the "Notifications" section of the payroll settings page. However, we may still contact you for administrative purposes (e.g. if we need to notify you of a change to our service, changes to our terms of use or privacy policy, there is a problem with your account or an anticipated service interruption, etc.).

Withdrawing your consent will not apply to actions Wave has already taken based on your prior consent.

In order to use certain Services, such as Wave Payroll, you may be required to provide personal information relating to yourself and your employees, agents, contractors and representatives from time to time. You acknowledge, and represent to us that you only collect, use and disclose personal information in compliance with applicable privacy laws. You further represent and warrant to us that you have obtained all required consents (including, if you use Wave Payroll, consents relating to making deposits to and debits from your employees' bank accounts) from your employees, agents, contractors and representatives whose personal information will be disclosed to us or to our third-party service providers in connection with the Services. You further agree to indemnify and hold Wave, its affiliates, subsidiaries, partners, service providers, suppliers and contractors and each of their respective officers, directors, agents, and employees (collectively, the "Wave Parties"), harmless for any loss, cost, complaint, damage, claim or liability whatsoever arising from your collection, use and disclosure of personal information relating to your employees, agents, contractors and representatives.

Limiting Collection

Wave limits the collection of Personal Information by collecting only the information required to fulfill the identified purposes. We will collect only the minimum amount of information required to facilitate the Services. However, we provide you with the option of sharing additional information (e.g. your name or address) to enhance your use of the Services.

Wave does not knowingly or intentionally collect Personal Information from visitors who are under the age of thirteen (13).

You may in connection with some but not all of our Services have the ability to allow others (Guest Collaborators) access to your account. If you choose to allow others access to your account, you will need to provide the individual's name and email address. We will automatically send your guest a one-time email inviting him or her to visit the Site. Wave stores this information for the sole purpose of sending this one-time email and tracking Site usage. The individual may contact us at privacy@waveapps.com to request that we remove this information from our database. A Guest Collaborator who accepts the collaboration invitation will be subject to and must agree to the same terms as a regular Wave customer. Note that by providing Guest Collaborators access to your account, you will also be providing the Guest Collaborator access to any Personal Information in your account. While the Guest Collaborator must agree to our terms of use, we take no responsibility for any collection, use or disclosure of your Personal Information by your Guest Collaborator. It is your responsibility to ensure that your Guest Collaborator complies with privacy standards that are no less stringent than our own.

When you use certain Services, you have the option to share information with other accounts you have signed up for. You may choose from time to time to connect Wave with other third-party service providers in order to utilize these services in conjunction with the Wave Apps. Purposes may include saving copies of records, importing data from external sources, communications with third parties, and conducting payment and direct deposit functions, among others. In such instances, your account and password credentials and other required information in respect of such third-party service may be stored by Wave for the purpose of providing this service.

Limiting Use, Disclosure and Retention

Wave will not use or disclose Personal Information for purposes other than the identified purposes of the Services or such other purposes which we identify from time to time.

We also ensure that only those employees responsible for the Services' operations have physical or technical access to Personal Information and only where such access is required to perform work authorized by their supervisors.

Wave will retain Personal Information only for the duration of your enrollment as a Wave user or to support the Wave Payroll Guarantee, and Personal Information will be retained in access-secured databases. If you choose to withdraw from the Services, we will securely destroy your Personal Information in our possession and control within 45 days unless we are required to retain such Personal Information longer to fulfill our obligations to you or to third parties. However, we may retain non-personal information indefinitely.

Payroll data will be retained for a period of five years from the date of employer's most recent payroll processing in order to comply with government regulations regarding retention of payroll data. Payroll data includes but is not limited to (a) employer name, address, tax rates, exempt status and (b) employee name, address, bank account information, SSN or SIN, rate of pay, hire date, birth date, filing status, allowances, benefits and deductions and (c) gross pay, taxes, deductions and net pay for every payroll processed.

We retain all Personal Information provided by you or your bank on secure servers, as do our third-party partners and service providers. This data will be subject to the laws of the relevant jurisdictions. Our third-party service providers, including financial institutions, have their own terms of use and privacy policies that will govern your relationship with these third parties. You are responsible for reviewing and agreeing to these terms of use and policies. If you do not agree with these terms of use or privacy policies you should not use the services offered by such third-party service providers.

In the future we may collect information, including Personal Information, to enable you to access services provided by our third-party partners and service providers. You will be subject to the terms of use and privacy policies of these third-party service providers. You are responsible for reviewing and agreeing to these terms of use and policies. If you do not agree with these terms of use or privacy policies you should not use the services offered by such third-party service providers.

When Wave data is viewed in the Wave Apps mobile apps, some data is cached in the memory of the device. That data is deleted when the related application is closed and does not persist. If the application is put in the background without closing, the data may remain in the cache. We take no responsibility for any unauthorized viewing of this data by third parties.

Storage of Online Banking Credentials

You may choose to provide your online banking information, for the purpose of importing transactions into Wave and reducing your manual entry workload. To provide improved security and reliability, Wave employs a respected provider of global online banking solutions. This partner stores account and password information. Wave does not store these. This third party uses Triple DES encryption and secure storage protocols to protect Wave customer data.

Accuracy

Wave relies on you to ensure that the Personal Information you provide to us while using the Services is as accurate, complete and up-to-date as necessary for the purposes for which it is to be used. You are welcome to make changes, request deletion or corrections to Personal Information at any time by contacting us at the contact information listed below.

We also make every effort to ensure the accuracy of the information in our reports, displays, articles and support queries. However, you must verify all information created from your use of the Services and we recommend that you consult an accounting professional before completing any government or regulatory filing or otherwise relying upon the information, as the use of this information is at your own risk.

You are responsible for ensuring that the information you have provided is truthful, accurate, reliable and complete.

Safeguards

Wave implements industry best practices appropriate to the sensitivity of your Personal Information. We use administrative, technical, and physical safeguards to protect your Personal Information against loss, theft, and unauthorized access, use, disclosure, copying, modification, disposal, or destruction in accordance with applicable legal requirements and industry best practices.

For example, we implement encryption and security controls to protect against unauthorized access to Personal Information during electronic transmission, and we train our employees to follow privacy and security practices specific to the Services. We also undertake security assessments to ensure that we maintain strong security controls.

We ensure that any third party acting on our behalf in respect of your Personal Information maintains reasonable and appropriate safeguards. For example, these third parties classify customer account data as "super sensitive". This means that access to such data is strictly limited based on business need and this data cannot be transmitted without the use of approved encryption methods. These third parties also employ both an Intrusion Detection System and an Intrusion Prevention System, and run regular network vulnerability scans. Additional information about our third parties' privacy practices is available upon request.

Openness

Wave makes clear and transparent notice of its privacy practices publicly available via our Privacy Commitment and this policy. Our notices describe the collection, use, disclosure, and protection of Personal Information and provide the contact information of our privacy contact person.

Wave will advise you at the first reasonable opportunity upon discovering or being advised of an incident where your personal information is lost, stolen, accessed, used, disclosed, copied, modified or disposed of by unauthorized persons or in an unauthorized manner.

Individual Access

You own your data which you input using the Wave Apps and can download your own data via the Site at any time. Upon request, Wave will also provide you with a list of the entities (e.g. third-party service providers) to whom Wave has disclosed your Personal Information, and the countries in which our servers are located.

Additional Features

The Wave Apps may offer publicly accessible blogs and community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. We take no responsibility for any information which you or your employees, agents, contractors and representatives post or publish on the Wave Apps and you agree to indemnify and hold the Wave Parties harmless for any loss, cost, complaint, damage, claim or liability whatsoever arising from any such post or publication.

With your consent we may post your testimonial along with your name. If you want your testimonial removed please contact us at privacy@waveapps.com.

You can log in to our site using single sign-on (SSO) services such as Google and Yahoo. These services will allow the third party to authenticate your identity and provide you the option to share certain personal information with us such as your name and email address to pre-populate our sign up form.

The blog portion of the Site includes Social Media Features, such as the Facebook Like button and Widgets, such as the Share button or interactive mini-programs that run on our site. These Features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the Feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our Site. Your interactions with these Features are governed by the privacy policy of the company providing it.

Some of the functionality of the Services and the Wave Apps interoperate with, and are highly dependent upon, application programming interfaces (APIs) from third parties, such as Google and Yahoo!. We may collect Personal Information from these third party APIs to the extent you authorize us to do so, and our collection, use and disclosure of that Personal Information will be governed by this privacy policy. In addition, if you authorize us to do so, we may grant third parties access to some or all (depending on the permission you give) of your Personal Information to third parties through our own API for use in connection with their services. You have the ability to control what Personal Information you share with these third parties through our API, but please note that any Personal Information you share with third parties through our API will be governed by their privacy policies and we do not assume any responsibility for such third party’s use of your Personal Information once shared through our API.

Cookies and Other Tracking Technologies

Third-Party Tracking Technologies & Cookies

A cookie is a small text file that is stored on a user's computer for record-keeping purposes. A session ID cookie expires when you close your browser. A persistent cookie remains on your hard drive for an extended period of time. We and some of our affiliates and third-party service providers use session ID cookies on the Site. We do not link the information we store in cookies to any personal information you submit while on our Site. We use session cookies to make it possible to navigate the secure environment inside our Site. When you log into Wave, your browser may ask if you want it to remember you as a registered user of Wave. If you accept, the session ID becomes a persistent cookie, which expires after two weeks of non-use. You can remove persistent cookies manually by following directions provided in your Internet browser's "help" file. If you refuse cookies, you will not be able to use Wave, since session ID cookies are essential to navigation.

Our third-party partners employ clear gifs (a.k.a. Web Beacons/Web Bugs), images, and scripts that help them better manage content on our site.

Wave may from time to time implement other third-party analytics services that also use cookies. Wave will ensure that no personal information is included in those cookies. If the use of cookies by any service provider differs materially from the practices already listed, we will revise this document accordingly and notify existing customers of the change(s).

Behavioral Targeting/Re-Targeting

We partner with a third-party ad network to either display advertising on our Web site or to manage our advertising on other sites. Our ad network partner uses cookies and Web beacons to collect non-personal information about your activities on this and other Web sites to provide you targeted advertising based upon your interests. If you wish to not have this information used for the purpose of serving you targeted ads, you may opt-out by clicking here. Please note this does not opt you out of being served advertising. You will continue to receive generic ads.

Device Tokens

In order for Wave to communicate with you via the Wave Apps mobile applications which you may choose to install on your mobile device, we save a "device token" on your device. We use the device token to provide you with notifications relating to the Services. The device token identifies your mobile device to us but cannot be used to identify you. We store the token in encrypted format (256-bit encrypted) and retain it only as long as necessary to provide you with the Services.

Agents/Service Providers

Wave uses third-party email services providers in order to effectively deliver emails to you. For occasional messages from Wave, we will share only your email address and name (where applicable) with this provider. For the weekly summary of your account information (the "Your week in numbers" email), we will share your email address and name (where applicable) and send via our providers news about your account balances, year-to-date financial overview, overdue invoices and expenses and other select account details. These companies are authorized to use your personal information only as necessary to provide these services to us. To unsubscribe from either or both emails, please see the "Consent" section above.

Notification of Privacy Policy Changes

We may update this privacy policy to reflect changes to our information practices. If we make any material changes we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on our website prior to the change becoming effective. We encourage you to periodically review our Privacy Policy for the latest information on our privacy practices.

Challenging Compliance

Wave's Privacy Officer is responsible for receiving your privacy-related questions. You may send us your privacy-related questions or challenge our compliance with our Privacy Commitment and Privacy Policy by submitting your concern to:

Brian Masson
Information Security Officer
235 Carlaw Ave., Suite 601
Toronto, ON M4M 2S1
Canada
Email: privacy@waveapps.com
Phone: (416) 521-9141 extension 130