Legal

Privacy Policy

Effective Date: February 28, 2026  · Last Updated: February 28, 2026
Applies to United States Residents Only

1.Who We Are

Wavvi LLC (“Wavvi,” “we,” “us,” or “our”) is an Illinois limited liability company with its principal office at 1449 S Michigan Ave STE 13344, Chicago, IL 60605. We operate a marketing platform that enables experts to manage, analyze, and automate their content marketing activities across multiple third-party platforms.

Wavvi acts as a Data Processor with respect to personal data you process through the Services on behalf of your end users, and as a Data Controller with respect to personal data we collect about you as our customer.

This Privacy Policy applies to personal data collected through our website at wavvi.com, our application at app.wavvi.com, and all related services (collectively, the “Services”). The Services are currently available to United States residents only.

2.What Information Do We Collect?

2.1 Information You Provide Directly

When you register, use, or interact with our Services, you may provide us with:

  • Names and job titles
  • Email addresses and usernames
  • Passwords and authentication credentials
  • Contact preferences
  • Company name and billing information
  • Content, instructions, and configurations you input into the AI Agent

All personal information you provide must be true, complete, and accurate. You must notify us of any changes.

2.2 Payment Data

If you make purchases through the Services, payment data (including payment instrument number and security code) is collected and processed by Stripe, Inc. Wavvi does not store full payment card data. Stripe’s privacy practices are described at stripe.com/privacy.

2.3 Connected Social Platform Data

When you connect your social media accounts to Wavvi, we access and process data from those platforms on your behalf. Data collected depends on the platforms you connect and the OAuth scopes you authorize, and may include:

  • Account profiles, page information, and audience data
  • Post and content performance metrics
  • Engagement data (likes, shares, comments, reach)
  • Advertising performance and campaign data
  • Analytics and reporting data

Platform-specific data handling is described in Section 6 below. We operate on a principle of data minimization — we only request the minimum OAuth scopes required to deliver the features you use.

2.4 Automatically Collected Data

When you use the Services, we automatically collect certain technical information, including:

  • IP address and approximate location (country/state level)
  • Browser type, device type, and operating system
  • Language preferences and referring URLs
  • Usage data: pages visited, features used, time spent, click patterns
  • Log data: server logs, error reports, performance data
  • Gamification data: daily login streaks, total login counts, content pieces created, and task completion counts

We collect this information through cookies, web beacons, and similar tracking technologies. See Section 5 for more information.

2.5 Derived Data and Brand DNA

Wavvi generates analytical insights — which we call “Brand DNA” — by processing your connected platform data. Brand DNA includes aggregated benchmarks, audience profiles, content performance patterns, and competitive positioning insights derived from your data.

Brand DNA is generated using anonymized, aggregated data. We warrant that competitive intelligence metrics are only reported when derived from a minimum number of distinct data sources sufficient to prevent re-identification. Wavvi owns all right, title, and interest in Brand DNA as Derived Data.

We do not use Brand DNA for individual surveillance pricing. You may opt out of inclusion in the aggregate benchmarking pool at any time; doing so will disable access to competitive intelligence features.

2.6 What We Do Not Collect

Biometrics: Wavvi does not collect, capture, purchase, receive, or otherwise obtain biometric identifiers or biometric information as defined under the Illinois Biometric Information Privacy Act (740 ILCS 14) or any other applicable law. We do not use facial recognition, retinal scanning, fingerprint collection, voiceprints, or any similar biometric technology.

Minors: Wavvi does not knowingly collect personal data from individuals under 18. The Services are intended for business use by adults. If you become aware that a minor has provided us with personal data, please contact privacy@wavvi.com.

3.How Do We Process Your Information?

We process your personal information for the following purposes:

  • Account creation and authentication: To create, maintain, and secure your account.
  • Service delivery: To operate the AI Agent, generate analytics, and provide all platform features.
  • AI Agent execution: To carry out authorized actions on your connected social accounts within the scope of the authority you grant us. See Section 7 for details.
  • Brand DNA generation: To produce aggregated benchmarks and competitive insights as described in Section 2.5.
  • Communications: To send service-related notices, respond to support requests, and (with your consent) send marketing communications.
  • Security and fraud prevention: To detect, investigate, and prevent security incidents, unauthorized access, and fraudulent activity.
  • Platform compliance: To comply with our obligations under third-party platform API terms, including propagating data deletion requests.
  • Legal compliance: To comply with applicable laws, respond to lawful requests, and enforce our agreements.
  • Service improvement: To analyze usage patterns, fix bugs, and develop new features using anonymized and aggregated data.
  • Vital interests: Where necessary to prevent harm to you or others.

4.When and With Whom Do We Share Personal Information?

We do not sell your personal data. We do not share your personal data for third-party advertising purposes.

We may share your information in the following limited circumstances:

4.1 Service Providers

We share data with vetted third-party service providers (sub-processors) who assist us in operating the Services. These include cloud hosting (Amazon Web Services), payment processing (Stripe), and AI infrastructure (Amazon Web Services AI, Anthropic). All sub-processors are bound by contractual data protection obligations and are prohibited from using your data for their own purposes or for training external AI models.

4.2 Third-Party Platform Partners

Our API agreements with Meta, Google, LinkedIn, TikTok, and other platforms require us to cooperate with their data governance requirements. This includes propagating data deletion requests, responding to data subject rights signals, and complying with platform-specific data handling obligations. See Section 6 for details.

4.3 Business Transfers

If Wavvi is involved in a merger, acquisition, financing, or sale of all or a portion of its business, your information may be transferred as part of that transaction. We will notify you before your personal data becomes subject to a different privacy policy.

4.4 Legal Requirements

We may disclose your information where required by law, court order, or governmental authority; to protect the rights, property, or safety of Wavvi, our customers, or others; or to detect, prevent, or address fraud or security issues.

4.5 With Your Consent

We may share your information for any other purpose with your explicit consent.

5.Cookies and Tracking Technologies

We use cookies and similar tracking technologies (web beacons, pixels, local storage) to operate and improve the Services.

5.1 Types of Cookies We Use

  • Strictly necessary cookies: Required for the Services to function. Cannot be disabled.
  • Functional cookies: Remember your preferences and settings.
  • Analytics cookies: Help us understand how the Services are used (aggregated, anonymized data).
  • Security cookies: Protect against unauthorized access and fraud.

5.2 Third-Party Tracking

We permit certain third-party service providers to use tracking technologies on the Services for analytics purposes. To the extent these technologies are deemed a “sale” or “sharing” under applicable US state privacy laws (including targeted advertising as defined under California law), you have the right to opt out. To exercise this right, use the cookie preference center or contact privacy@wavvi.com.

5.3 Do Not Track and Global Privacy Control

Most web browsers include a Do-Not-Track (“DNT”) setting. Because no uniform technical standard for DNT has been finalized, we do not currently respond to DNT signals. California law requires us to disclose this.

The Global Privacy Control (GPC) is a separate browser-level signal that California’s CPRA requires businesses to treat as an opt-out of the sale or sharing of personal data.

6.Platform-Specific Data Handling

Wavvi integrates with multiple third-party social platforms and marketing tools. Each integration imposes specific requirements on how data is collected, stored, and deleted. We comply fully with these requirements.

6.1 Meta (Facebook, Instagram, Threads)

Wavvi is classified as a “Tech Provider” under Meta’s Platform Terms (effective February 2025). This imposes the following obligations:

  • Purpose limitation: Meta user data may only be used for the specific marketing analytics and workflow functions provided by Wavvi.
  • Profile building prohibition: Meta data may not be used to build, augment, or verify user profiles without explicit consent.
  • Data Subject Rights: When Meta sends us a data deletion or access request signal via webhook, we identify the client associated with that user’s data and notify them of their obligations.
  • Prompt deletion: Meta data is deleted promptly when no longer necessary for the authorized purpose or upon request.
  • Instagram: The Instagram Graph API functions only with Instagram Business or Creator accounts. Personal accounts are not supported.

For instructions on how to delete your Meta data from Wavvi’s systems, see Section 14 below.

6.2 YouTube API Services and Google Data

Google Limited Use Compliance Statement: Wavvi’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Wavvi uses YouTube API Services to provide analytics and workflow features. By connecting your YouTube or Google account to Wavvi, you acknowledge and agree to be bound by the YouTube Terms of Service and the Google Privacy Policy.

  • Data collected: Channel statistics, video performance metrics, and public engagement data — used solely to render your analytics dashboard and power configured workflow features.
  • Limited Use: Data obtained through Google APIs is used solely to provide and improve the features described in this Policy. It is not used to serve ads, train generalized AI models, or for any purpose unrelated to the authorized function.
  • Gmail: Wavvi does not use the content of Gmail messages to target advertising. Human access to Workspace data is prohibited except for security purposes or legal compliance.
  • YouTube data retention: Public YouTube metrics may not be stored for more than 30 days. Wavvi automatically refreshes or deletes this data every 30 days.
  • No third-party sharing: We do not sell your YouTube data to third parties, nor do we use it to train external AI models.
  • Revoking access: You may revoke Wavvi’s access at any time via Google Security Settings. Upon revocation, Wavvi will permanently delete all associated data within 30 days.
  • CASA Tier 2: Wavvi maintains compliance with the Google Cloud Application Security Assessment (CASA) Tier 2 framework.

6.3 LinkedIn

  • Commingling prohibition: LinkedIn Member Data may not be combined with data from other sources. Wavvi stores LinkedIn data in logically separated silos.
  • Retention limits: Member Profile Data (non-authenticated) — 24 hours maximum; Member Social Activity Data — 48 hours maximum; Page-Level Aggregate Data — 1 year maximum.
  • Export prohibition: LinkedIn Member Data may not be exported without the member’s explicit consent.
  • No shadow profiling: LinkedIn prohibits use of its data to build competitive profiles or derivative analytics products.

6.4 TikTok

  • Data refresh: Cached TikTok creator data is refreshed regularly; stale data is deleted.
  • Watermarks: Wavvi does not remove watermarks from videos downloaded via the TikTok API.
  • Content Posting API: During TikTok’s review period, content posting is limited to private visibility (SELF_ONLY). Full access requires TikTok’s audit approval.
  • U.S. Data Security: All TikTok-related data is processed and stored exclusively within U.S.-based data centers.

6.5 Email Marketing and CRM Platforms

Wavvi integrates with third-party email marketing and CRM platforms (including Klaviyo, Mailchimp, ActiveCampaign, Flodesk, Kit, and HubSpot). These integrations involve importing personally identifiable information belonging to your subscribers and contacts. Wavvi acts strictly as a Data Processor under your instructions as Data Controller.

  • No commingling or resale: We do not sell, rent, or cross-reference your subscriber lists with other customers’ data.
  • Data minimization: We only sync the specific contact data and campaign metrics necessary to populate your dashboards and trigger workflows.
  • Your responsibilities: You remain the Data Controller of your email lists. You represent that you have obtained all required consents under CAN-SPAM, TCPA, and applicable state privacy laws.

6.6 Bluesky and Open Protocols

Data retrieved via decentralized, open-source protocols such as the AT Protocol (used by Bluesky) is treated as public broadcast data and is processed solely for delivering configured analytics and workflow features.

6.7 Analytics Screenshot Analysis

As an interim feature while direct API integrations are being built, Wavvi provides an AI-assisted analytics screenshot analysis tool. You may upload screenshots of your social media analytics dashboards.

  • Data extracted: Our AI uses OCR and computer vision to extract numeric metrics, text labels, and performance data visible in the uploaded screenshot.
  • Purpose limitation: Extracted data is used solely to populate your Wavvi analytics dashboard and contribute to your Brand DNA profile.
  • Screenshot retention: Uploaded images are deleted from our active servers within 30 days of upload. Extracted metric data is retained as account data per Section 8.
  • Your responsibility: Ensure screenshots do not contain personal data belonging to third parties.

6.8 Data Architecture — Logical Separation

Because different platforms prohibit combining their data with data from other sources, Wavvi employs a “Logical Separation” architecture. Data from each third-party platform is stored in separate logical silos and combined only temporarily in volatile (in-memory) processing for real-time recommendations — never permanently merged into a single unified database record.

7.The Wavvi AI Agent

7.1 Limited Agency Relationship

By connecting your social accounts and configuring the AI Agent, you appoint Wavvi and its automated systems as your limited agent for the specific purpose of accessing your third-party accounts to execute your instructions. This is a limited, revocable authorization scoped to the actions you configure.

7.2 Permitted Actions

The AI Agent is authorized to: retrieve analytics and performance data; draft content; publish approved content; manage scheduling; and perform other actions within your configured Policy Guardrails. Wavvi is not authorized to change your account passwords, delete account archives, modify billing information on third-party platforms, or transfer funds — unless you explicitly initiate these actions through a secure authentication flow.

7.3 Your Responsibility for Approved Content

You retain full responsibility for all content generated, scheduled, and published through the Services. Content approved or published by you is your content. Wavvi is not the publisher of AI-generated content that you approve.

7.4 AI Limitations — Hallucinations

The Services use generative artificial intelligence technology, which is probabilistic in nature. AI-generated content may be inconsistent, inaccurate, or unsuitable for your specific context (“Hallucinations”). Wavvi makes no representations or warranties regarding the accuracy, reliability, or suitability of AI-generated content. You agree to independently review all AI-generated content before publishing or relying on it.

7.5 Drafting Mode vs. Execution Mode

The AI Agent operates in two modes: Drafting Mode, where content is generated for your review, and Execution Mode, where you explicitly approve content for automatic publishing. This structure ensures a human review step before content reaches your connected platforms.

7.6 Revoking Agent Authorization

You may revoke the AI Agent’s authorization to access any connected account at any time by disconnecting that platform integration within your Wavvi account settings.

7.7 Prohibited Uses of the AI Agent

You may not use the AI Agent to generate or publish deceptive content, fake reviews, or fabricated engagement metrics. You may not use the AI Agent to make decisions regarding employment, hiring, termination, promotion, creditworthiness, housing eligibility, or insurance underwriting. These uses are prohibited under the Illinois Human Rights Act (as amended by HB 3773, effective January 1, 2026) and constitute a material breach of our Terms of Service.

8.How Long Do We Keep Your Information?

We retain personal data only as long as necessary for the purposes described in this Policy, unless a longer period is required or permitted by law.

Data TypeRetention Period
Account dataDuration of your account, plus a reasonable period for legal obligations and dispute resolution
LinkedIn member profile data24 hours maximum
LinkedIn social activity data48 hours maximum
YouTube public metrics30 days maximum
Brand DNA / Derived DataAs long as needed for competitive intelligence features
Usage and log data90 days (then deleted or anonymized)
Uploaded screenshots30 days (images deleted; extracted metrics retained as account data)

When we have no ongoing legitimate business need to process your personal data, we delete it or anonymize it. Data subject to an active legal hold will be retained for the required period.

9.How Do We Keep Your Information Safe?

We implement appropriate technical and organizational security measures to protect your personal data:

Encryption at restAES-256 encryption for all stored data including OAuth tokens and credentials
Encryption in transitTLS 1.2+ for all data between your browser and our servers
Access controlsRBAC, row-level security, zero-trust architecture
AuthenticationMFA support, JWT sessions, secure secrets management
InfrastructureHosted exclusively on AWS US East (N. Virginia — us-east-1). No cross-border transfers.
Third-party auditingRegular penetration testing, OWASP ASVS compliance

No electronic transmission or storage technology is 100% secure. If you believe your account has been compromised, contact security@wavvi.com immediately.

9.1 Breach Notification

In the event of a security incident that compromises your personal data, Wavvi will notify affected users without unreasonable delay. If a breach affects more than 500 Illinois residents, we will notify the Illinois Attorney General as required by the Illinois Personal Information Protection Act (815 ILCS 530). Our notification will describe the nature of the incident, the data affected, the number of individuals affected, and the steps we are taking to address it.

10.United States Residents — Your Privacy Rights

Depending on the state where you reside, you may have specific rights regarding your personal data.

10.1 Rights Available to All Covered US Residents

Residents of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, New York, Oregon, Rhode Island, Tennessee, Texas, Utah, Virginia, and Illinois may have some or all of the following rights:

  • Right to know whether we are processing your personal data
  • Right to access your personal data and obtain a copy
  • Right to correct inaccuracies in your personal data
  • Right to request deletion of your personal data
  • Right to data portability (receive your data in a portable format)
  • Right to opt out of the sale or sharing of your personal data
  • Right to opt out of targeted advertising
  • Right to opt out of profiling in furtherance of decisions with legal or significant effects
  • Right to non-discrimination for exercising your rights
We do not sell personal data. We do not use personal data for targeted advertising to consumers. We do not engage in profiling that produces legal or similarly significant effects on consumers.

10.2 California Residents (CCPA/CPRA)

California residents have rights under the CCPA as amended by the CPRA. Categories of personal information collected include: Identifiers (name, email, IP address); commercial information (subscription data); internet activity (usage data); professional information (job title, company); and AI-generated inferences (Brand DNA).

We do not process sensitive personal information beyond what is necessary to provide the Services. If our use of tracking technologies constitutes “sharing” under California law, you have the right to opt out (see Section 5.2).

10.3 Colorado Residents (CPA and Colorado AI Act)

Colorado residents have rights under the Colorado Privacy Act. The Colorado AI Act (CAIA), fully effective February 1, 2026, imposes a duty of care on deployers of high-risk AI systems. We do not intentionally infer sensitive personal characteristics from your data. Where Wavvi’s AI Agent automates marketing decisions that could affect protected groups, we maintain transparency about the criteria used and provide mechanisms to request human review.

10.4 Illinois Residents

As Wavvi’s home state, Illinois residents receive proactive extended rights consistent with proposed Illinois privacy legislation and existing Illinois law:

  • Biometrics (BIPA): We do not collect biometric identifiers or information. No BIPA consent is required.
  • Breach notification (PIPA): See Section 9.1.
  • Proactive rights: We voluntarily extend rights to access, correct, delete, and port personal data; to opt out of targeted advertising and profiling; and to appeal a denial of a rights request.
  • Predictive analytics (HB 3773): We prohibit use of our Services for employment, credit, housing, or insurance decisions. See Section 7.7.

10.5–10.8 Other States

Residents of Indiana (ICDPA, effective January 1, 2026), Kentucky (KCDPA, effective January 1, 2026), Rhode Island (RIDPA, effective January 1, 2026), and Virginia (VCDPA) may exercise the rights listed in Section 10.1 by contacting privacy@wavvi.com.

Rhode Island’s law requires us to identify sub-processors: our current list includes Amazon Web Services (cloud), Stripe (payments), and Anthropic (AI processing). A current list is available upon request.

Kentucky requires opt-in consent for processing sensitive personal data. If our platform processes data revealing sensitive categories inferred from social media content, we will obtain your explicit consent.

10.9 How to Exercise Your Rights

Contact us at privacy@wavvi.com with subject line “Privacy Rights Request.” Include your name, the email associated with your Wavvi account, the right(s) you are exercising, and your state of residence.

We will respond within 45 days of receiving a verifiable request (extendable by an additional 45 days where necessary). We will not discriminate against you for exercising your rights.

10.10 Authorized Agents

You may designate an authorized agent to submit rights requests on your behalf. We may require written proof of authorization and may verify your identity directly.

10.11 Appeals

If we decline to act on your request, we will inform you in writing with an explanation. You may appeal by contacting privacy@wavvi.com with subject line “Privacy Rights Appeal.” If your appeal is denied, you may submit a complaint to your state Attorney General.

11.Automated Decision-Making and Profiling

Wavvi uses automated processing and AI to generate Brand DNA profiles and provide analytics and recommendations. We distinguish between two types of profiling:

  • Service-necessary profiling: Processing required for the platform to function (e.g., generating your analytics dashboard, producing content recommendations). This processing cannot be disabled without disabling core functionality.
  • Marketing profiling (opt-out available): Inclusion in the aggregate benchmarking pool used to generate competitive intelligence features. You may opt out at any time in your account settings. Opting out disables access to competitive intelligence features but does not affect other functionality.

11.1 Tone Analysis

As you create content through Wavvi’s recipe tools, the platform generates an AI-powered Tone Analysis — a profile of your writing style across six dimensions: Formality, Directness, Humor, Energy, Complexity, and Spiciness. Each dimension is scored on a 1–5 scale and visualized as a radar chart within your profile.

  • What it is based on: Content you generate through Wavvi recipes. More content creates a more refined analysis.
  • How it is used: Personalizes AI-generated content so recipe outputs reflect your individual voice. It is a component of your Brand DNA profile.
  • Who can see it: Visible only to you within your account profile. Not shared with other users or third parties.
  • Opt-out: Request deletion at any time by contacting privacy@wavvi.com. Deletion resets content personalization to defaults.

11.2 Gamification

Wavvi tracks platform activity metrics — including daily login streak, total login count, content pieces created, and task completion counts — to power gamification features such as streak counters and progress indicators. These metrics are visible only to you. We do not use gamification data to make decisions that produce legal or significant effects on you.

We do not use profiling to make decisions that produce legal or similarly significant effects on individuals. Our Services are designed for business use and produce recommendations for your business marketing decisions — not automated decisions about individuals.

12.AI Training and Model Improvement

Wavvi uses anonymized interaction data (such as how users engage with recommendations, which AI-generated content performs well, and how configurations are adjusted) to improve our AI models. This is the “Feedback Loop” that makes Wavvi smarter over time.

Opt-out available: You may opt out of having your anonymized interaction data used for model training by contacting privacy@wavvi.com. This does not affect the quality of your individual experience.
  • Google Workspace data (including Gmail content) is not used for AI training, consistent with Google’s Limited Use Policy.
  • No customer data is shared with third-party AI providers for training purposes beyond what is required for the immediate inference task.

13.International Data Transfers

Wavvi currently serves United States residents only. All data is stored and processed within the United States on AWS infrastructure in the US East (N. Virginia) region.

If we expand internationally in the future, we will update this Policy to describe the legal mechanism for international transfers. For transfers from the European Union or United Kingdom, we would rely on Standard Contractual Clauses (SCCs) and Transfer Impact Assessments (TIAs). We will notify users before any international expansion.

14.Meta User Data Deletion Instructions

If you have connected your Facebook, Instagram, or Threads account to Wavvi and wish to remove our access and delete your data:

Step 1 — Remove Wavvi from your Meta Settings

  1. Log into your Facebook account.
  2. Navigate to Settings & Privacy → Settings.
  3. In the left-hand menu, click Apps and Websites.
  4. Find “Wavvi” in the list of active integrations.
  5. Click Remove next to Wavvi.

Step 2 — Request Server-Side Data Deletion

Removing the app from Meta revokes future access but does not automatically delete historical data from Wavvi’s servers. To request complete deletion:

  • Email privacy@wavvi.com with subject line: “Meta Data Deletion Request”
  • Include the email address associated with your Wavvi account.

We will process your request and permanently delete all associated Meta data from our active servers within 7 days, confirming via email when complete.

Meta’s Data Deletion Callback URL for Wavvi is: https://wavvi.com/api/auth/facebook/deletion

15.Google and YouTube Data Access and Revocation

For the Google Limited Use Compliance Statement, see Section 6.2 above.

You may revoke Wavvi’s access to your Google or YouTube account at any time:

  1. Visit Google Security Settings.
  2. Locate Wavvi in the list of connected applications.
  3. Click Remove Access.

Upon revocation, Wavvi will permanently delete all associated YouTube and Google data from our active servers within 30 days. You may also request deletion by emailing privacy@wavvi.com with subject line “Google Data Deletion Request.”

16.Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or platform integrations. The updated version will be indicated by an updated “Last Updated” date at the top of this Policy.

For material changes, we will notify you either by prominently posting a notice on the Services or by sending a direct notification to the email address associated with your account at least 30 days before the change takes effect.

17.How to Contact Us

Privacy inquiriesprivacy@wavvi.com
Rights requestsSubject line: “Privacy Rights Request”
Meta data deletionSubject line: “Meta Data Deletion Request”
Google data deletionSubject line: “Google Data Deletion Request”
Mailing addressWavvi LLC, 1449 S Michigan Ave STE 13344, Chicago, IL 60605
Security issuessecurity@wavvi.com

We aim to respond to all privacy inquiries within 5 business days and to all formal rights requests within 45 days.

Appendix: Applicable Laws Reference

This Privacy Policy is designed to comply with the following laws and platform requirements, among others:

Illinois Law

  • Illinois Biometric Information Privacy Act (BIPA) — 740 ILCS 14
  • Illinois Personal Information Protection Act (PIPA) — 815 ILCS 530
  • Illinois Human Rights Act as amended by HB 3773 (effective Jan 1, 2026)
  • Illinois Automatic Contract Renewal Act — 815 ILCS 601

State Privacy Laws

  • California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA)
  • Colorado Privacy Act (CPA) and Colorado AI Act (CAIA — effective Feb 1, 2026)
  • Virginia Consumer Data Protection Act (VCDPA)
  • Indiana Consumer Data Protection Act (ICDPA — effective Jan 1, 2026)
  • Kentucky Consumer Data Protection Act (KCDPA — effective Jan 1, 2026)
  • Rhode Island Data Transparency and Privacy Protection Act (RIDPA — effective Jan 1, 2026)
  • Connecticut, Delaware, Florida, Montana, Texas, Utah, and other applicable state privacy laws

Federal Law

  • CAN-SPAM Act and Telephone Consumer Protection Act (TCPA)

Platform Terms

  • Meta Platform Terms and Tech Provider Addendum (effective February 2025)
  • Google API Services User Data Policy (Limited Use requirements)
  • YouTube Terms of Service and YouTube API Services Terms
  • LinkedIn Marketing API Terms of Service
  • TikTok Developer Terms and USDS requirements
  • AT Protocol Developer Guidelines (Bluesky)

Frameworks

  • NIST AI Risk Management Framework

© 2026 Wavvi LLC. All rights reserved. Chicago, Illinois.