GDPR Compliance

Effective Date: November 2, 2025

At wav.arena, we respect your privacy and are committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR). This page provides detailed information about how we comply with GDPR requirements for users in the European Economic Area (EEA) and United Kingdom.

For our complete Privacy Policy, please see our Privacy Policy page.

1. Data Collection and Categories

We collect and process personal data to provide our services, including account creation, authentication, and battle participation. The categories of personal data we collect include:

•Identifiers: Email address, username, user ID
•Profile Information: Avatar, social links, bio, location, musical preferences, DAW, instrument, experience level
•Device and Technical Data: IP address, browser type, device information, user agent
•Usage Data: Battles entered, votes cast, page views, session data, interaction patterns
•Audio Files: Uploaded beats/songs with metadata (title, genre, BPM, tempoRange, beatType, vibe, bounce, aiUsage)
•User-Generated Content: Ratings, messages, battle history, voting records

2. Lawful Bases for Processing

Under GDPR, we must have a lawful basis for processing your personal data. We process your data based on the following legal grounds:

•Performance of Contract: To provide the services you've requested (battles, uploads, rankings, messaging, and other platform features). This is our primary legal basis for most processing activities.
•Legitimate Interests: Platform security, fraud prevention and detection, analytics, service improvement, and system operations. We balance our legitimate interests against your privacy rights.
•Consent: Optional features like marketing communications or non-essential cookies (where applicable). You may withdraw consent at any time.
•Legal Obligation: Compliance with applicable laws, court orders, regulatory requirements, and DMCA takedown procedures.

3. Your Rights Under GDPR

As a user from the European Economic Area (EEA) or United Kingdom, you have the following rights under GDPR:

•Right of Access: Request a copy of the personal data we hold about you
•Right to Rectification: Correct inaccurate or incomplete data
•Right to Erasure ("Right to be Forgotten"): Request deletion of your data (subject to legal retention obligations)
•Right to Restriction: Limit how we process your data in certain circumstances
•Right to Data Portability: Receive your data in a structured, machine-readable format and transmit it to another controller
•Right to Object: Object to processing based on legitimate interests or for direct marketing purposes
•Right to Withdraw Consent: Where processing is based on consent, you may withdraw at any time (does not affect lawfulness of processing before withdrawal)
•Right to Lodge a Complaint: File a complaint with your local supervisory authority if you believe we have violated GDPR

To exercise these rights, contact us at support@wavarena.com with your request. We will respond within 30 days of receiving your request. We may need to verify your identity before processing your request.

4. Data Retention

We retain personal data for as long as necessary to provide services, comply with legal obligations, and resolve disputes. Specific retention periods include:

•Account data (profile, email, settings): Duration of active account + 2 years after account deletion request
•Battle history and voting records: Duration of active account + 2 years (retained for ranking integrity and fraud prevention)
•Audio files (beats/songs): Duration of active account + 30 days after deletion request or content removal
•AI verification reports: 2 years from analysis date (for platform integrity and dispute resolution)
•Server logs and security data: 12 months (for security, fraud prevention, and system diagnostics)
•Messages and notifications: Duration of active account + 30 days after deletion request

Some data may be retained longer if required by law, for legitimate business purposes (fraud prevention, legal disputes), or to comply with legal holds or investigations. Anonymized or aggregated data that cannot identify you may be retained indefinitely for analytics and platform improvement.

5. Third-Party Processors and International Transfers

IRCAM Amplify (AI Content Verification)

We share uploaded audio files with IRCAM Amplify SAS ("IRCAM Amplify"), a French company, solely for the purpose of performing AI-music-detection analysis to verify the accuracy of user-disclosed AI usage labels. Processing occurs in accordance with IRCAM Amplify's Privacy Policy and Terms of Service.

wav.arena acts as a data controller for your audio submission, and IRCAM Amplify acts as a data processor for the purpose of performing AI verification. Processing is carried out under French and EU GDPR standards. The analysis result and model metadata are returned to wav.arena and stored in our database. No additional personal data beyond the audio file itself is transferred to IRCAM Amplify.

Other Third-Party Processors

We work with the following service providers to operate wav.arena:

•Amazon Web Services (AWS): Cloud hosting infrastructure, authentication services (AWS Cognito), database (Amazon DynamoDB), file storage (Amazon S3), and email delivery (Amazon SES)
•Analytics: We do not currently use third-party analytics or tracking services beyond essential platform operations

International Transfers: Personal data may be transferred to and processed in the United States and other countries where our service providers operate. For EU/EEA users, we ensure adequate protection of your personal data through:

•Standard Contractual Clauses (SCCs) approved by the European Commission with our service providers (AWS, IRCAM Amplify)
•EU-U.S. Data Privacy Framework where applicable
•Technical and organizational measures to protect data in transit and at rest

6. Automated Decision-Making

AI verification analysis is automated but does not result in solely automated decisions with legal or similarly significant effects on you. The analysis is used to verify accuracy of user-disclosed AI usage labels.

You may contact support at support@wavarena.com to request manual review of any AI verification result or to discuss the automated processing.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience and operate the platform:

•Essential cookies: Required for authentication, security, session management, and core functionality. These cannot be disabled without impacting platform operations.
•Functional cookies: Remember your settings, preferences, and choices to improve your user experience.
•Analytics: We do not currently use third-party analytics cookies. Platform analytics are derived from server logs and essential operations only.

You can manage your cookie preferences through your browser settings. Note that disabling essential cookies will impact platform functionality, including your ability to log in and use core features. Non-essential cookies require your consent, which you can manage through your browser or by contacting us at support@wavarena.com.

8. Data Security

We implement industry-standard security measures to protect your data, including encryption, access controls, and secure data transmission. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

9. Contact Us

If you have any questions or requests regarding your data, wish to exercise your GDPR rights, or need to report a privacy concern, please contact us at:

Email: support@wavarena.com

Service: wav.arena

Mailing Address: 2154 Inner Cass Circle, Sarasota, FL 34231

We will respond to your inquiry within a reasonable timeframe. For data subject requests, we aim to respond within 30 days of receiving your request.

You also have the right to lodge a complaint with your local supervisory authority if you believe we have violated GDPR. To find your local supervisory authority, visit the European Data Protection Board website.