Last updated: June 12, 2026 (draft)
This policy describes how AffiWave (affiwave.com) processes personal data in connection with the platform. For program operators using AffiWave to run their own programs, AffiWave acts as a processor; for our own account and billing data, AffiWave is the controller.
We process account data (name, email, company), program and partner data entered by operators, and technical tracking data (IP address, user agent, country, click and conversion events) required to attribute conversions and calculate commissions.
Data is processed to provide the service (performance of a contract), to calculate commissions and payouts, to detect abuse and fraud (legitimate interest), to handle billing (legal obligation) and, where applicable, with consent for optional features.
AffiWave uses an attribution cookie (aff_attr) and equivalent identifiers to link a click to a later conversion. Server-side tracking via API and webhooks works without cookies. Operators are responsible for obtaining any consent required from their end users.
We share data only with sub-processors necessary to run the service (hosting, email delivery, payment providers) and with the relevant program operator. We do not sell personal data.
Data is retained for as long as the account is active and as required for settlements, accounting and legal obligations. Tracking data may be retained for the attribution window and audit purposes, then deleted or anonymised.
Subject to applicable law, you may request access, rectification, erasure, restriction or portability of your data, and object to certain processing. End users should direct requests to the program operator who collected their data.
Where data is transferred outside your country or the European Economic Area - for example to a sub-processor - we rely on appropriate safeguards such as standard contractual clauses or an adequacy decision. We use providers that offer a level of protection consistent with applicable law.
We apply technical and organisational measures appropriate to the risk, including encryption in transit, hashed credentials and API keys, access controls and backups. No method of transmission or storage is completely secure, but we work to protect data against unauthorised access, loss or alteration.
We may update this policy as the service, our sub-processors or the law evolve. The current version is always available on this page; material changes will be communicated through the panel or by email. The "last updated" date reflects the latest revision.
For privacy questions or to exercise your rights, contact: privacy@affiwave.com. Full contact details are available on the Contact page.
