Effective as of: November 16, 2016
At Wave Accounting Inc. (collectively "Wave", "we", "us", or "our"), we value your trust and respect your privacy.
Wave strives to support small business owners like you by offering a fast and easy way to manage your money, while respecting your privacy expectations and protecting your Personal Information.
Wave is serious about protecting you and your data.
By "Personal Information", we mean information about an identifiable individual such as a person's name, email address, residential address, telephone number, and in some cases, more sensitive information such as but not limited to gender, demographic information, family status, investment particulars, consumption preferences, business expenditures, credit score, accounting data, social security or social insurance numbers, bank account information, and payment card information. If you or your employer use our payroll service, Personal Information may include employment status, names, addresses, bank account data, hours worked, hire date, marital status, rates of pay and taxes paid and payable about you, your employees, agents, contractors and representatives.
The long list of things we define as personal information — the things this policy is designed to protect.
In some instances, we may receive information about you from other sources, or third parties from whom we obtain data, and combine this data with information we already have about you. This helps us to update, expand, analyze our records, and to reduce payments and payroll fraud on our platform. Examples of the types of personal information that may be obtained from third parties and combined with information we already have about you may include: credit reports, due diligence Information, and fraud indicators - payments processing due diligence information.
When you use certain services, we may collect additional information about you, beyond what you've provided.
This policy sets out the rules of what we do with your data, and we didn't just make it up. It's based on actual laws and international standards and principles.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request
If you're not satisfied with our responses, you can contact our U.S.-based third-party dispute resolution provider to escalate the issue.
235 Carlaw Ave., Suite 501
Toronto, ON M4M 2S1
Attention: Privacy Officer
"Site" refers only to Wave-owned web properties and not any third-party sites. Wave Apps are our web, mobile and any other applications that provide access to our services.
You can contact our Privacy Officer:Brian Masson
Information Security Officer
235 Carlaw Ave., Suite 501
Toronto, ON M4M 2S1
Phone: (416) 521-9141 extension 130
Attention: Privacy Officer
Accountability: That's me! I'll be the one making the changes, notifying you, and answering your questions.
Wave collects, uses, and discloses Personal Information only for the purposes of providing you with our Services and for such other ancillary purposes consented to by you as a user of the Wave Apps.
More specifically, Wave collects, uses and discloses information (which may include Personal Information) for the following purposes:
To provide you with our Services. For example, in order to allow us to retrieve banking information for use within the Wave Apps, we collect your or your business' online banking credentials (i.e. account number, username and password; see Storage of Online Banking Credentials, below, for details) if you choose to provide them.
To promote or offer you products, services and offers (including new and other Services which are offered by us, our sponsors and partners) that may be relevant to you and your business. When you are using our Services you may be provided with relevant savings opportunities and related links based on information related to your use of the Services. Wave will use your Personal Information for the purpose of tailoring savings opportunities to your interests. However, we will never share your Personal Information with companies offering the savings opportunities. We only provide these companies with non-identifiable, aggregate information (e.g. the number of times one of their savings opportunities was clicked).
To contact you for the purposes of product information, service updates, notifications relating to the Services, newsletters and tailored savings opportunity messages. Wave will never sell your contact details to a third party.
To monitor system usage, server and software performance, to improve system design, to create benchmarks and to conduct trending analyses.
To assist you with technical support issues. It is important to remember that most technical issues can be resolved without a Wave customer service representative viewing your Personal Information.
To comply with any laws, regulation, court orders, subpoenas or other legal process or investigation and to protect ourselves and other individuals from harm.
To assist in due diligence relating to any corporate action such as a financing,merger, amalgamation, sale or divestiture, provided that reasonable safeguards are taken to protect the confidentiality of Personal Information in our possession. You will be notified via email and/or a prominent notice on our Site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
We collect your information to better provide our services to you. These services include things like:
- hooking up to your bank
- promoting products and offers that may be relevant to your business (but only based on aggregate, non-identifiable data)
- providing tech support
- monitoring our systems
- compliance with the law
At any time and without penalty, Wave users can withdraw their consent and close their Wave account by taking the following actions:
If you are a Payroll by Wave user, place your payroll account on hold. Open the "Your Profile" page within our application.
At the bottom of the "Your Profile" page, click the "Close this Account" button and then confirm by clicking "Yes, close my account."
You will be sent an email for confirmation that the account is being closed by the rightful account holder. Click the link in the email.
In the web page that opens, click "Yes, please close my account" to complete your account closure.
Once your account is closed, we will take the following actions:
For users of all Wave products except Payments and Payroll:
All Personal Information relating to your account will be deleted from our databases. However, anonymous transactional data (which does not personally identify you or any of your employees, agents, contractors and representatives) will be retained in our database.
You can close your account whenever you want by following the steps on the left — we'll miss you, but we won't hold it against you, and there's no penalty.
For users of Payroll by Wave:
In order to support our Payroll Guarantee, account information related to Payroll will be retained for a period of 7 years after the date of the most recent payroll you ran.
When you confirm the closure, we'll delete your personal information from our apps — except for payroll. We need to keep payroll information based on IRS/CRA rules.
For users of Payments by Wave:
In order to support our regulatory compliance, payments information will be retained for a period of 3 years after the date of your last processed payment.
If you’re a payments customer, even after you close your account we’ve got to keep some of your data for a few years.
Withdrawing your consent will not apply to actions Wave has already taken based on your prior consent.
You can opt-out of our emails on the email preferences page. This won't affect emails we've already sent you.
The only exception: We may still send you critical email messages even if you opt out from other messages. (But we won't abuse this.)
In order to use certain Services, such as Wave Payroll, you may be required to provide personal information relating to yourself and your employees, agents, contractors and representatives from time to time. You acknowledge, and represent to us that you only collect, use and disclose personal information in compliance with applicable privacy laws. You further represent and warrant to us that you have obtained all required consents (including, if you use Wave Payroll, consents relating to making deposits to and debits from your employees' bank accounts) from your employees, agents, contractors and representatives whose personal information will be disclosed to us or to our third-party service providers in connection with the Services. You further agree to indemnify and hold Wave, its affiliates, subsidiaries, partners, service providers, suppliers and contractors and each of their respective officers, directors, agents, and employees (collectively, the "Wave Parties"), harmless for any loss, cost, complaint, damage, claim or liability whatsoever arising from your collection, use and disclosure of personal information relating to your employees, agents, contractors and representatives.
To use some services, like payroll, you'll need to provide information about other people. Only do this if you're legally allowed to. If problems come up around your collection and use of this data, that's on you.
Wave limits the collection of Personal Information by collecting only the information required to fulfill the identified purposes. We will collect only the minimum amount of information required to facilitate the Services. However, we provide you with the option of sharing additional information (e.g. your name or address) to enhance your use of the Services. We will share your personal information with third parties only in the ways that are described in this privacy statement.
We only collect the personal information we need to provide our services. You can give us more info to improve your Wave experience, though.
Wave does not knowingly or intentionally collect Personal Information from visitors who are under the age of thirteen (13).
Sorry, but no kids allowed!
You'll be providing them access to your information, so make sure they're safe with it: We aren't responsible if they misuse that info.
When you use certain Services, you have the option to share information with other accounts you have signed up for. You may choose from time to time to connect Wave with other third-party service providers in order to utilize these services in conjunction with the Wave Apps. Purposes may include saving copies of records, importing data from external sources, communications with third parties, and conducting payment and direct deposit functions, among others. In such instances, your account and password credentials and other required information in respect of such third-party service may be stored by Wave for the purpose of providing this service.
In order to connect with certain third-party services, you may have to provide us your credentials. In some cases we may need to store these in order to continue providing that connection.
Limiting Use, Disclosure and Retention
Wave will not use or disclose Personal Information for purposes other than the identified purposes of the Services or such other purposes which we identify from time to time.
We won't use, share, or store your information in ways you aren't made aware of.
We also ensure that only those employees responsible for the Services' operations have physical or technical access to Personal Information and only where such access is required to perform work authorized by their supervisors.
We'll make sure nobody at Wave can see your personal info unless they need it to do their job.
Wave will retain Personal Information only for the duration of your enrollment as a Wave user or to support the Wave Payroll Guarantee and other regulatory or legal requirements. Personal Information will be retained in access-secured databases. If you choose to withdraw from the Services, we will securely destroy your Personal Information in our possession and control within 45 days unless we are required to retain such Personal Information longer to fulfill our obligations to you or to third parties. However, we may retain non-personal information indefinitely.
We'll only keep your data while you're a Wave user. We'll keep it secure. We'll delete the data that can be tied back to you within 45 days of you closing your account. This doesn't include data that can't identify you.
Payroll data will be retained for a period of seven years from the date of employer's most recent payroll processing in order to comply with government regulations regarding retention of payroll data. Payroll data includes but is not limited to:
a. employer name, address, tax rates, exempt status and
b. employee name, address, bank account information, SSN or SIN, rate of pay, hire date, birth date, filing status, allowances, benefits and deductions and
c. gross pay, taxes, deductions and net pay for every payroll processed.
If you're a payroll user, we've got to keep your payroll data due to IRS/CRA requirements.
Payments data will be retained for a period of three years from the date of your most recent payment transaction in order to comply with regulatory requirements. Payments data includes, but is not limited to:
a. banking details and
b. personal information such as name, SSN/SIN, credit information and
c. business details such as legal name, type, tax ID and
d. transaction details such as amount, card type, expiry date and
e. transfer details such as amount, bankaccount.
If you’re a payments customer, even after you close your account we’ve got to keep some of your data for a few years.
We keep our data secure and so do our partners and providers. If you want to use any of our third-party service providers, you're responsible for reading their terms and privacy policies.
For example, you can connect a service called Shoeboxed to Wave. If you do that, you are entering into a separate agreement with Shoeboxed, and you will be subject to the terms they give you.
We might collect some information to enable the use of third-party providers. Again, if you want to give us that information and use those services, read their terms and policies and make sure you agree with them before use.
When Wave data is viewed in the Wave Apps mobile apps, some data is cached in the memory of the device. That data is deleted when the related application is closed and does not persist. If the application is put in the background without closing, the data may remain in the cache. We take no responsibility for any unauthorized viewing of this data by third parties.
When you use our mobile app(s), we store some data in memory on your mobile device. If you don't close the app when you're done, some of that information may still be in memory and could be viewed by others. We can't take responsibility for this, so be sure to close your apps when you're done.
Wave relies on you to ensure that the Personal Information you provide to us while using the Services is as accurate, complete and up-to-date as necessary for the purposes for which it is to be used. Upon request Wave will provide you with information about whether we hold any of your personal information. You are welcome to make changes, request deletion or corrections to Personal Information at any time by contacting us at the contact information listed below. We will respond to your request within a reasonable timeframe.
We also make every effort to ensure the accuracy of the information in our reports, displays, articles and support queries. However, you must verify all information created from your use of the Services and we recommend that you consult an accounting professional before completing any government or regulatory filing or otherwise relying upon the information, as the use of this information is at your own risk.
You are responsible for ensuring that the information you have provided is truthful, accurate, reliable and complete.
We will retain your information for as long as your account is active, or as needed to provide the Services to you. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
When you give us your personal information, we rely on you for accuracy. You can contact us to update or delete it. Whenever we use this information — for reports, display, filings, etc — we'll do our best to make sure it's accurate. Before using this information for anything official, we recommend you consult an accounting professional.
Wave implements industry best practices appropriate to the sensitivity of your Personal Information. We use administrative, technical, and physical safeguards to protect your Personal Information against loss, theft, and unauthorized access, use, disclosure, copying, modification, disposal, or destruction in accordance with applicable legal requirements and industry best practices.
For example, we implement encryption and security controls to protect against unauthorized access to Personal Information during electronic transmission, and we train our employees to follow privacy and security practices specific to the Services. We also undertake security assessments to ensure that we maintain strong security controls.
We ensure that any third party acting on our behalf in respect of your Personal Information maintains reasonable and appropriate safeguards. For example, these third parties classify customer account data as "super sensitive". This means that access to such data is strictly limited based on business need and this data cannot be transmitted without the use of approved encryption methods. These third parties also employ both an Intrusion Detection System and an Intrusion Prevention System, and run regular network vulnerability scans. Additional information about our third parties' privacy practices is available upon request.
We use industry best practices, both technical (like encryption) and physical (like secure, locked-up server facilities), to protect your data, its storage, transmission, and disposal. Any third parties acting on our behalf also do what's necessary to protect any data they receive. We'll give you more details if you request them.
Storage of Online Banking Credentials
You may choose to provide your online banking information, for the purpose of importing transactions into Wave and reducing your manual entry workload. To provide improved security and reliability, Wave employs a respected provider of global online banking solutions. This partner stores account and password information. Wave does not store these. This third party uses Triple DES encryption and secure storage protocols to protect Wave customer data.
If you want to connect your bank, you'll need to provide some credentials. To make sure this is safe, we're relying on a third party provider. They store account and password information securely, they encrypt it, and Wave never sees it.
Payment Card Information
To ensure the security of your and your customers’ credit card data, Wave does not store credit card numbers. Instead, we rely on tokenization - a process of substituting sensitive data with a unique identification code.
Card data is encrypted and exchanged directly from the browser to our payments processor, who then returns a token.
Wave makes use of these tokens to facilitate the payments process.
Wave protects you and your customers by not storing cardholder data. We replace this sensitive data with tokens that can be used in their place. If the data isn’t stored anywhere, we greatly reduce the chance of it being stolen.
No method of transmission over the internet or method of electronic storage is 100% secure. Therefore while we do protect your information, we cannot guarantee its absolute security. If you have questions about security on our Site, you can contact us at firstname.lastname@example.org.
What we're saying here is that "perfect security" doesn't exist. That might sound scary, but anyone promising "100% secure" is probably lying and we don't want to do that. Wave makes use of a variety of security and monitoring tools, penetration testing, and resilient code frameworks to ensure we're as secure as possible. In addition to that, we'll stay transparent on security issues. If something ever does happen, we'll let you know.
Wave makes clear and transparent notice of its privacy practices publicly available via our Privacy Commitment and this policy. Our notices describe the collection, use, disclosure, and protection of Personal Information and provide the contact information of our privacy contact person.
Wave will advise you at the first reasonable opportunity upon discovering or being advised of an incident where your personal information is lost, stolen, accessed, used, disclosed, copied, modified or disposed of by unauthorized persons or in an unauthorized manner.
We're very clear about our stance on privacy and we'll let you know ASAP of any unauthorized incidents involving your data.
You own your data which you input using the Wave Apps and can download your own data via the Site at any time. Upon request, Wave will also provide you with a list of the entities (e.g. third-party service providers) to whom Wave has disclosed your Personal Information, and the countries in which our servers are located.
Your data is yours. You can download it from the site and if you ask we'll let you know which other places your data has gone.
The Wave Apps may offer publicly accessible blogs and community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. We take no responsibility for any information which you or your employees, agents, contractors and representatives post or publish on the Wave Apps and you agree to indemnify and hold the Wave Parties harmless for any loss, cost, complaint, damage, claim or liability whatsoever arising from any such post or publication.
With your consent we may post your testimonial along with your name. If you want your testimonial removed please contact us at email@example.com.
You can log in to our site using single sign-on (SSO) services such as Google and Yahoo. These services will allow the third party to authenticate your identity and provide you the option to share certain personal information with us such as your name and email address to pre-populate our sign up form.
The blogs and forums are open, and only moderated in a limited way. Anything you post there can be seen by others, and we're not responsible for the things people post.
If you give us consent, we might use one of your quotes for a testimonial — and if you want that removed, let us know.
If you use Google or Yahoo to sign in via SSO, those services will let us see your name and email.
Our blog has some social media features (Facebook Like, etc) which, if you use them, may collect your IP, set a cookie, etc. The companies providing these tools have their own rules and policies which apply to the use of these features.
People may use our interfaces to write programs to interact with Wave. Wave may write programs to interact with third-party interfaces. These can be used to collect and share data, but only if you authorize it. If you authorize the sharing of data, the use of that data will be governed by the rules and policies of the third party you're sharing it with.
If you choose to use our referral service to tell your accountant about our website, we will ask you for their name and email address. We will automatically send them a one-time email inviting him or her to visit the website. Wave does not store this information and uses it for the sole purpose of sending this one-time email. If you believe that one of your contacts has provided us with your personal information and you would like to request that it be removed from our database, please contact us at firstname.lastname@example.org.
If you refer someone, we'll send them a single email invite, but won't keep their information.
Cookies and Other Tracking Technologies
Third-Party Tracking Technologies & Cookies
As is true of most websites, we gather certain information automatically and store it in log files. This information may include, but is not limited to, internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data.
We may combine this automatically collected log information with other information we collect about you. We do this to improve the Services we offer you, to improve marketing, analytics, and site functionality.
Technologies such as cookies or similar technologies are used by Wave, our advertising and analytics partners, and affiliates. These technologies are used in analyzing trends, administering the Site, tracking users' movements around the Site and to gather demographic information about our userbase as a whole.
We use local storage objects (LSOs) such as HTML5 to store preferences. Third parties with whom we partner to provide certain features on our site or to display advertising based on your browsing activity use LSOs such as HTML5 to collect and store information.
Various browsers may offer their own management tools for removing HTML5 LSOs.
We track some basic information about your use of the site and we might combine this with other information we have to help improve the site and services.
Some of our partners use small/clear images (tracking pixels) and some scripts to help manage content. Similarly we might use these things for analytics (to help us better understand how people use our site).
If we or our partner change cookie behaviour, we'll let you know.
We partner with a third party to either display advertising on our Site or to manage our advertising on other sites. Our third-party partner may use technologies such as cookies to gather information about your activities on this site and other sites in order to provide you advertising based upon your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking here. Please note this does not opt you out of being served ads. You will continue to receive generic ads.
Our ad partner uses a variety of web tools to collect non-personal information about your online activities, in order to display targeted ads. You can opt out of targeted ads, but you'll still see ads - if you want to do this, click the link over to the left.
In order for Wave to communicate with you via the Wave Apps mobile applications which you may choose to install on your mobile device, we save a "device token" on your device. We use the device token to provide you with notifications relating to the Services. The device token identifies your mobile device to us but cannot be used to identify you. We store the token in encrypted format (256-bit encrypted) and retain it only as long as necessary to provide you with the Services.
To enable our servers to talk to our mobile apps, we save an identifier on your device. We use this for notifications and can uniquely identify your device, but not you. This token is encrypted while it is stored and only kept as long as necessary to offer you our services.
Wave uses third-party email services providers in order to provide certain services to Wave to help us run our operations, including, without limitation, for purposes of delivering emails to you. If required, we will disclose your personal information to these service providers to the extent required by us to receive these services. For instance: (i) for occasional messages from Wave, we will share only your email address and name (where applicable) with a service provider; and (ii) for the weekly summary of your account information (the "Your week in numbers" email), we will share your email address and name (where applicable) and send via our providers news about your account balances, year-to-date financial overview, overdue invoices and expenses and other select account details. For other service providers, we will provide such additional information as may be required for us to receive the services; however, these companies are authorized to use your personal information only as necessary to provide these services to us. To unsubscribe from either or both emails, please see the "Consent" section above.
We send our emails through third-party providers. For the occasional messages we send, we share your email and sometimes your name — otherwise they wouldn't know where to deliver the message! For our weekly email, we do the above but also include some of your account information to provide the summary you see. These email providers can only use your information for the purposes of sending these emails.
For other service providers, the same thing goes: We'll share what's necessary for the service to function, and only permit the info to be used for that service.
You can unsubscribe if you want: See the ‘Consent' section above.
If we change what we do, we'll update this policy to reflect that. If we make any serious changes, we'll notify you by email or a notice on the website before the changes are in effect. We recommend you read through this every once in a while for the latest information on how we deal with privacy.
Information Security Officer
235 Carlaw Ave., Suite 501
Toronto, ON M4M 2S1
Phone: (416) 521-9141 extension 130
We have someone dedicated to answering your privacy questions (me) and to respond to you if you think we're not doing the things we say we do.
My contact information is available over in the left column.