Privacy Policy

Wavely enhances PDF reading inside the browser. It can detect when the current page is a PDF or browser PDF viewer, open that document in Wavely's custom reader, let signed-in users save notes and collections, inspect citations, and send user-selected PDF text to AI features only when the user explicitly asks for explanation, translation, or follow-up help.

PDFs can be served from many different websites and file URLs, so the extension needs host access broad enough to detect when the current page is a PDF document or a browser PDF viewer. That access is used only to determine whether a page is a PDF-compatible document and to enable Wavely's PDF-viewer switch for that document.

On normal non-PDF pages, the extension does not activate unrelated reader features, does not inject ads, and does not use that access to collect general browsing activity or unrelated page content.

We process only the data needed to provide the product's features. This may include account identifiers needed for authentication, PDF URLs and document identifiers, local extension state such as a per-PDF viewer preference, user-selected text from PDFs, notes, annotations, collections, saved document metadata, AI prompts, follow-up questions, AI responses, citation metadata, citation context, reference text, billing identifiers for paid plans, and basic usage or error information needed to keep the service reliable.

Usage and reliability data may include event names, timestamps, browser and device metadata, extension or app version, page or feature context inside Wavely, error messages, stack traces, and account identifiers where needed to debug signed-in issues. We do not intentionally send full general browsing history or unrelated non-PDF page content to analytics or error-monitoring tools.

Where diagnostics or monitoring payloads include viewer URLs, we aim to redact document-routing query parameters such as the current PDF file URL before sending them to monitoring tools.

We use this data to authenticate users, restore saved viewer state for a document, provide AI responses requested by the user, save notes and collections, resolve and display citation metadata, monitor reliability, prevent abuse, and improve the service.

Data is sent to our servers only when needed to provide the requested feature. Examples include signing in, saving notes or collections, restoring a signed-in user's saved data, asking AI to explain, translate, or answer a question, and fetching citation metadata or citation analysis.

Simply detecting that a page is a PDF, deciding whether the browser viewer or Wavely viewer should open for that PDF, and storing a local per-PDF preference do not by themselves require sending full browsing history or unrelated page content to our servers.

We do not sell personal data. We share data only as needed to operate the service and only for the purposes described in this policy.

Depending on the feature a user chooses to use, data may be shared with: Supabase for authentication, database, storage, and session sync; OpenAI for AI features requested by the user; PostHog for product analytics; Sentry for error monitoring and diagnostics; Stripe for checkout, billing, and subscription management; and Vercel for hosting and web analytics related to the public website.

If we add or replace a service provider that receives user data, we will update this policy so the list of receiving parties stays accurate and up to date.

We do not use data collected through the extension for advertising, creditworthiness, unrelated profiling, or sale to data brokers.

Some extension state stays on the user's device and is not sent to our servers unless the user takes an action that requires it. This includes local viewer preferences such as whether Wavely or the browser PDF viewer should open for a specific PDF.

We retain account and saved document data for as long as needed to provide the service, comply with legal obligations, resolve disputes, and enforce our agreements. Users may request deletion of saved account data through our support contact.

Users can choose whether to use the custom viewer or the browser's default PDF view, whether to sign in, whether to send text to AI features, and whether to keep saved notes and document data associated with their account.

We use reasonable technical and organizational measures to protect data in transit and at rest. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

If you have questions about this policy or want to request deletion of account data, contact Wavely at support@thewavely.com.