Wavo privacy and data usage
Team isolation by team_id. RBAC per tool. Output sanitization redacts secrets. Injection defense 50+ regex. Model providers per their terms.
Written By Salvatore Sinigaglia
Last updated About 4 hours ago
Team isolation by team_id. RBAC per tool. Output sanitization redacts secrets. Injection defense 50+ regex. Model providers per their terms.
Wavo privacy and data usage
Wavo enforces team isolation (all queries filtered by
team_id), per-tool RBAC (chat-tool-rbac.ts), output sanitization (chat-security.tssanitizeToolOutput()redacts Meta tokens, JWTs, AWS keys, Stripe keys, Google keys, DB strings), and prompt injection defense (50+ regex EN+IT inINJECTION_PATTERNS). Conversation data stored in your workspace's Wevion deployment. Model providers (Anthropic, OpenAI, Google, DeepSeek, Moonshot) process queries per their enterprise terms.
Who is this for
Admins + owners reviewing AI data handling for compliance. Security teams evaluating Wavo before rollout. Anyone with sensitive data wanting to understand the protections.
Data scope (what Wavo sees)
Strict team isolation
Every tool call filters by team_id. Wavo:
- Can see your team's campaigns, metrics, audiences, rules, creatives
- CANNOT see other teams' data, even within the same Wevion deployment
- CANNOT cross workspace boundaries
Enforcement: resolveToolDataScope(ctx) returns allowed scopes; queries filter before returning.
Role-based tool access
chat-tool-rbac.ts enforces:
If your role lacks permission: tool returns 403; Wavo explains "ask admin."
User preferences scope
Each user's user_ai_preferences is private to that user. Wavo sees:
- Your preferences (language, model, tone, etc.)
- Does NOT see other users' preferences
Data sent to model providers
When you send a message to Wavo:
- Your message
- Last 20 messages of conversation history
- System prompt (Wevion knowledge + persona + project instructions + user preferences + memory facts)
- Tool definitions
- Tool results (when Wavo invokes tools)
These are sent to the model provider powering the mode you picked (Fast / Smart / Expert). Wevion manages which model backs each mode; the underlying provider set includes:
Review your workspace's enterprise agreement for cross-border data handling, data retention by providers, and SOC 2 / GDPR / HIPAA posture.
For GDPR-sensitive workloads: use providers offering EU data residency (consult their docs).
Output sanitization
Before Wavo's response is shown to you, chat-security.ts sanitizeToolOutput() redacts known secret patterns:
Both directions: secrets stripped before model + before display.
Prompt injection defense
chat-security.ts INJECTION_PATTERNS is 50+ regex (English + Italian) detecting attempts to manipulate Wavo via crafted inputs:
- "Ignore previous instructions..."
- "You are now [new role]..."
- "System: override..."
- "Reveal your prompt..."
detectInjection() flags suspect inputs. System prompt also instructs Wavo to reject role-override attempts.
If your legitimate prompt triggers a false positive: rephrase neutrally. Common false positives: "explain how this works" with certain phrasings — switch to "describe" or "walk me through".
Conversation data storage
Provider-side (Anthropic / OpenAI / etc.) retention per their terms — typically zero retention for enterprise tiers but verify.
Memory opt-out
User-level:
/settings → AI preferences→ toggle Memory off- Sets
user_ai_preferences.memory_opted_out_attimestamp - No new
project_memory_factrows persist for that user - Existing facts remain (user can clear via
DELETE /api/v1/ai-memory/facts)
Project-level:
- Project owner toggles
chat_project.memory_enabled = false - No new facts persist for that project
- Existing facts remain (clear via admin action)
File upload security
POST /api/v1/chat-upload enforces:
- 10 MB max file size
- MIME whitelist: image/jpeg / png / webp / gif, application/pdf, text/csv / plain, docx, xlsx
- Other types rejected with clear error
Voice upload (chat-voice/transcribe):
- 25 MB max
- Audio formats supported by Whisper (webm/mp3/wav)
- Optional BCP-47 language hint; if omitted, Whisper auto-detects the spoken language
Compliance checklist
For admins evaluating Wavo for compliance use:
- ✅ Team isolation enforced at backend tool layer
- ✅ Role-based access via chat-tool-rbac
- ✅ Output sanitization for known secret patterns
- ✅ Prompt injection defense layered (regex + system prompt)
- ✅ Audit log for all approval-mode actions (ai_action_log)
- ✅ Memory opt-out at user + project level
- ✅ File upload type + size restrictions
- ⚠️ Model provider terms: review per your data residency / sensitivity requirements
- ⚠️ Workspace deployment region: check with admin (Wevion data lives where deployed)
- ⚠️ Custom enterprise agreements: review (some workspaces have specific data clauses)
What admins should review periodically
Audit log usage
GET /api/v1/ai-action-log — see all approval-mode actions for the team (owner / admin / super_admin, and manager where the team's action_log_visible flag is on). Filter by user / date / status to spot anomalies.
Credit usage patterns
/settings/team/billing → monthly usage trends. Unusual spikes may indicate:
- Over-relying on the Expert mode (switch to Fast for routine)
- Long sessions with many tool calls (encourage focused queries)
- Single user dominating (consider per-user discipline)
Memory facts review
Owner can audit per-project memory facts. If sensitive client info accidentally persisted: clear via DELETE /api/v1/ai-memory/facts.
File uploads
Periodically audit uploaded files (especially in shared projects). Treat as you would any other Drive content.
Common questions
Does Wavo train on my data?
Provider-dependent. Most enterprise tiers (Anthropic, OpenAI, Google) explicitly do not train on customer data. Review your workspace's agreement.
Can I prevent specific tools from being available?
Admin-level RBAC controls tool access by role. For finer per-tool control: workspace-level config (advanced — contact support).
Can teammates see my chat sessions?
No, unless you explicitly share via chat_session_share. Otherwise: only you + super_admin / owner (canViewAll for audit) can see.
Can Wavo see my Slack / email / external tools?
Currently: no. Wavo sees only Wevion-integrated data sources. External tool integrations (Slack, email) are not exposed to Wavo.
Can I export my chat history?
Yes. Each session's messages are accessible via API. For full export: contact admin / support for bulk extraction.
Right to be forgotten (GDPR)?
User account deletion removes user-owned sessions, messages, preferences, facts. Audit log entries retained per workspace retention policy (often legally required for some duration).
Common mistakes
- Treating Wavo as zero-trust: it has access; review tools + roles to limit blast radius
- Pasting secrets into chat hoping sanitization catches them: better not to paste in the first place
- Not setting monthly_cap: usage can spike; set conservative cap early
- Memory left on for sensitive projects: opt out for projects handling client confidential data
FAQ
Does Wavo isolate my team's data from other teams?
Yes. Wevion enforces strict team isolation in Wavo: every tool call filters by team_id, so Wavo sees your team's campaigns, metrics, audiences, rules, and creatives but cannot see other teams' data or cross workspace boundaries. Enforcement runs through resolveToolDataScope, which returns the allowed scopes before any query returns results.
What secrets does Wavo redact from its responses?
Before showing Wavo's response, Wevion's sanitizeToolOutput() redacts known secret patterns: Meta access tokens, JWTs, AWS access keys, Stripe API keys, Google API keys, and database connection strings. Sanitization runs both directions — secrets are stripped before reaching the model and before display — so credentials that surface in tool output never appear in chat.
How do I opt out of Wavo memory?
You can turn Wavo memory off at two levels in Wevion. User-level: go to /settings → AI preferences and toggle Memory off, which stops new memory facts persisting for you. Project-level: the project owner sets chat_project.memory_enabled = false. Existing facts remain until you clear them via the AI-memory facts endpoint.
What file types and sizes can I upload to Wavo?
Wavo's chat upload accepts files up to 10 MB with a MIME whitelist: JPEG, PNG, WebP, and GIF images, plus PDF, CSV, plain text, DOCX, and XLSX. Other types are rejected with a clear error. Voice uploads for transcription allow up to 25 MB in Whisper-supported audio formats (webm/mp3/wav); if you don't pass a language hint, Whisper auto-detects the spoken language.
FAQ
Does Wavo isolate my team's data from other teams?
Yes. Wevion enforces strict team isolation in Wavo: every tool call filters by team_id, so Wavo sees your team's campaigns, metrics, audiences, rules, and creatives but cannot see other teams' data or cross workspace boundaries. Enforcement runs through resolveToolDataScope, which returns the allowed scopes before any query returns results.
What secrets does Wavo redact from its responses?
Before showing Wavo's response, Wevion's sanitizeToolOutput() redacts known secret patterns: Meta access tokens, JWTs, AWS access keys, Stripe API keys, Google API keys, and database connection strings. Sanitization runs both directions — secrets are stripped before reaching the model and before display — so credentials that surface in tool output never appear in chat.
How do I opt out of Wavo memory?
You can turn Wavo memory off at two levels in Wevion. User-level: go to /settings → AI preferences and toggle Memory off, which stops new memory facts persisting for you. Project-level: the project owner sets chatproject.memoryenabled = false. Existing facts remain until you clear them via the AI-memory facts endpoint.
What file types and sizes can I upload to Wavo?
Wavo's chat upload accepts files up to 10 MB with a MIME whitelist: JPEG, PNG, WebP, and GIF images, plus PDF, CSV, plain text, DOCX, and XLSX. Other types are rejected with a clear error. Voice uploads for transcription allow up to 25 MB in Whisper-supported audio formats (webm/mp3/wav); if you don't pass a language hint, Whisper auto-detects the spoken language.
Last updated: 2026-05-17