Wavo privacy and data usage

Last updated: May 19, 2026

Wavo privacy and data usage

Wavo enforces team isolation (all queries filtered by team_id), per-tool RBAC (chat-tool-rbac.ts), output sanitization (chat-security.ts sanitizeToolOutput() redacts Meta tokens, JWTs, AWS keys, Stripe keys, Google keys, DB strings), and prompt injection defense (50+ regex EN+IT in INJECTION_PATTERNS). Conversation data stored in your workspace's Wevion deployment. Model providers (Anthropic, OpenAI, Google, DeepSeek, Moonshot) process queries per their enterprise terms.

Who is this for

Admins + owners reviewing AI data handling for compliance. Security teams evaluating Wavo before rollout. Anyone with sensitive data wanting to understand the protections.

Data scope (what Wavo sees)

Strict team isolation

Every tool call filters by team_id. Wavo:

  • Can see your team's campaigns, metrics, audiences, rules, creatives

  • CANNOT see other teams' data, even within the same Wevion deployment

  • CANNOT cross workspace boundaries

Enforcement: resolveToolDataScope(userId, teamId) returns allowed scopes; queries filter before returning.

Role-based tool access

chat-tool-rbac.ts enforces:

Role

Tool access

viewer

Read-only tools

mediabuyer

Read + write (drafts, generate)

manager

+ medium-risk approvals

admin

+ high-risk approvals

owner

Full access

super_admin

+ cross-org tools (if applicable)

If your role lacks permission: tool returns 403; Wavo explains "ask admin."

User preferences scope

Each user's user_ai_preferences is private to that user. Wavo sees:

  • Your preferences (language, model, tone, etc.)

  • Does NOT see other users' preferences

Data sent to model providers

When you send a message to Wavo:

  1. Your message

  2. Last 20 messages of conversation history

  3. System prompt (Wevion knowledge + persona + project instructions + user preferences + memory facts)

  4. Tool definitions

  5. Tool results (when Wavo invokes tools)

These are sent to the chosen model provider:

Provider

Models

Data handling

Anthropic

Claude Opus / Sonnet / Haiku

Per Anthropic enterprise terms

Google

Gemini Pro / Flash

Per Google AI terms

DeepSeek

deepseek-chat / -reasoner

Per DeepSeek terms

Moonshot

kimi-k2

Per Moonshot terms

OpenAI

GPT-4.1 / mini

Per OpenAI enterprise terms

Review your workspace's enterprise agreement for cross-border data handling, data retention by providers, and SOC 2 / GDPR / HIPAA posture.

For GDPR-sensitive workloads: use providers offering EU data residency (consult their docs).

Output sanitization

Before Wavo's response is shown to you, chat-security.ts sanitizeToolOutput() redacts known secret patterns:

Pattern

Source

EAA... (long string)

Meta access tokens

eyJhbGciOi...

JWT tokens

AKIA... (20 chars)

AWS access keys

sk_... / pk_...

Stripe API keys

AIzaSy...

Google API keys

postgresql://, mongodb://, mysql://

DB connection strings

Both directions: secrets stripped before model + before display.

Prompt injection defense

chat-security.ts INJECTION_PATTERNS is 50+ regex (English + Italian) detecting attempts to manipulate Wavo via crafted inputs:

  • "Ignore previous instructions..."

  • "You are now [new role]..."

  • "System: override..."

  • "Reveal your prompt..."

detectInjection() flags suspect inputs. System prompt also instructs Wavo to reject role-override attempts.

If your legitimate prompt triggers a false positive: rephrase neutrally. Common false positives: "explain how this works" with certain phrasings — switch to "describe" or "walk me through".

Conversation data storage

Data

Stored where

Retention

chat_session rows

Wevion DB (your deployment)

Until deleted by user or workspace policy

chat_message rows

Wevion DB

Until deleted

chat_project_file uploads

Wevion S3 / storage (Drive Service Account scope)

Until deleted

credit_transaction

Wevion DB

Append-only, retention per workspace plan

ai_action_log

Wevion DB

Append-only

project_memory_fact

Wevion DB

Until soft-deleted (opted_out_at)

user_ai_preferences

Wevion DB

Until user clears

Provider-side (Anthropic / OpenAI / etc.) retention per their terms — typically zero retention for enterprise tiers but verify.

Memory opt-out

User-level:

  • /settings → AI preferences → toggle Memory off

  • Sets user_ai_preferences.memory_opted_out_at timestamp

  • No new project_memory_fact rows persist for that user

  • Existing facts remain (user can clear via DELETE /api/v1/ai-memory/facts)

Project-level:

  • Project owner toggles chat_project.memory_enabled = false

  • No new facts persist for that project

  • Existing facts remain (clear via admin action)

File upload security

POST /api/v1/chat-upload enforces:

  • 10 MB max file size

  • MIME whitelist: image/jpeg / png / webp / gif, application/pdf, text/csv / plain, docx, xlsx

  • Other types rejected with clear error

Voice upload (chat-voice/transcribe):

  • 25 MB max

  • Audio formats supported by Whisper

  • BCP-47 language code (default it)

Compliance checklist

For admins evaluating Wavo for compliance use:

  • Team isolation enforced at backend tool layer

  • Role-based access via chat-tool-rbac

  • Output sanitization for known secret patterns

  • Prompt injection defense layered (regex + system prompt)

  • Audit log for all approval-mode actions (ai_action_log)

  • Memory opt-out at user + project level

  • File upload type + size restrictions

  • Model provider terms: review per your data residency / sensitivity requirements

  • Workspace deployment region: check with admin (Wevion data lives where deployed)

  • Custom enterprise agreements: review (some workspaces have specific data clauses)

What admins should review periodically

Audit log usage

GET /api/v1/audit-logs?resource_type=ai_action — see all approval-mode actions for the team. Filter by user / date / status to spot anomalies.

Credit usage patterns

/settings/team/billing → monthly usage trends. Unusual spikes may indicate:

  • Over-relying on expensive models (switch to cheaper for routine)

  • Long sessions with many tool calls (encourage focused queries)

  • Single user dominating (consider per-user discipline)

Memory facts review

Owner can audit per-project memory facts. If sensitive client info accidentally persisted: clear via DELETE /api/v1/ai-memory/facts.

File uploads

Periodically audit uploaded files (especially in shared projects). Treat as you would any other Drive content.

Common questions

Does Wavo train on my data?

Provider-dependent. Most enterprise tiers (Anthropic, OpenAI, Google) explicitly do not train on customer data. Review your workspace's agreement.

Can I prevent specific tools from being available?

Admin-level RBAC controls tool access by role. For finer per-tool control: workspace-level config (advanced — contact support).

Can teammates see my chat sessions?

No, unless you explicitly share via chat_session_share. Otherwise: only you + super_admin / owner (canViewAll for audit) can see.

Can Wavo see my Slack / email / external tools?

Currently: no. Wavo sees only Wevion-integrated data sources. External tool integrations (Slack, email) are not exposed to Wavo.

Can I export my chat history?

Yes. Each session's messages are accessible via API. For full export: contact admin / support for bulk extraction.

Right to be forgotten (GDPR)?

User account deletion removes user-owned sessions, messages, preferences, facts. Audit log entries retained per workspace retention policy (often legally required for some duration).

Common mistakes

  • Treating Wavo as zero-trust: it has access; review tools + roles to limit blast radius

  • Pasting secrets into chat hoping sanitization catches them: better not to paste in the first place

  • Not setting monthly_cap: usage can spike; set conservative cap early

  • Memory left on for sensitive projects: opt out for projects handling client confidential data

Related