Wavo and your data — what it sees
Wavo sees ONLY your team's data (team_id-scoped). Row-level RBAC per tool. Strategic context cached 5 min. Never fabricates. Output sanitizes secrets.
Written By Salvatore Sinigaglia
Last updated About 4 hours ago
Wavo sees ONLY your team's data (team_id-scoped). Row-level RBAC per tool. Strategic context cached 5 min. Never fabricates. Output sanitizes secrets.
Wavo and your data — what it sees
Wavo sees your team's data only — strictly scoped by
team_idviaresolveToolDataScope(ctx)inapps/backend/src/services/chat/chat-tool-handlers.ts. Per-tool RBAC enforces role hierarchy. Strategic context cached 5 min (STRATEGIC_CONTEXT_CACHE_TTL_MS=300000). Wavo never fabricates metrics — always cites the tool that produced the number. Output sanitization strips secrets before display.
Who is this for
Anyone wondering "can Wavo see my private data?" or "why doesn't Wavo know about my other workspace?"
What Wavo sees
Your team's data
- Campaigns, ad sets, ads: performance tools read whatever platforms you've connected and synced (data is queried by
platform, not limited to a fixed list). Coverage per tool varies — some tools (for example audience insights) currently support a subset of platforms (Meta, Google, TikTok, Taboola, Snapchat) - Performance metrics (spend, impressions, clicks, ROAS, CPA, etc.)
- Audiences + demographics
- Rules + automation history
- Creative Hub files (subject to your RBAC visibility)
- Tracker data (if integrated)
- Project memory facts (per-project, max 20)
- Conversation history (last 20 messages)
Static platform knowledge
- Wevion feature overview (embedded in system prompt)
- Common workflows (campaign launch, rule setup, etc.)
- Not company-internal data — generic platform docs
Your preferences
user_ai_preferences (per user):
instructions(custom user-level instructions)preferred_language(defaultauto— matches input)preferred_modeltone,response_formatmetrics[](your priority KPI list)currencymemory_enabled/memory_opted_out_at
What Wavo does NOT see
Other teams' data
Hard team isolation. Cannot cross workspace boundaries.
Other users' personal data
Wavo sees:
- Your name + role
- Your preferences
Wavo does not see:
- Other users' chat histories
- Other users' preferences
- Other users' personal info
Exception: when you share a session (ai-106), the recipient can read it.
Sensitive system data
- Encryption keys / secrets
- DB connection strings
- Internal admin actions
These are explicitly redacted by chat-security.ts sanitizeToolOutput() if they accidentally surface in tool output.
Real-time external info (without web_search)
Wavo doesn't have live internet access by default. It can:
- Call
web_searchtool when needed - Otherwise: relies on training data + your in-Wevion data
How team scoping works
Backend implementation:
- Request reaches a tool handler (e.g.
get_performance_data) resolveToolDataScope(ctx)returns allowed sheet_ids + team_ids- Tool query filters by these scopes — typically
WHERE team_id IN (allowed) AND ... - Result includes only data the user can see
Privileged roles (super_admin / owner) get broader scope; standard roles get tighter scope. See team-101 role hierarchy.
Per-tool RBAC
Each tool has a requiredRole + mode (read / write / approval). chat-tool-rbac.ts checks:
- Viewer: read-only tools
- Mediabuyer: read + write (drafts, generate)
- Manager: + approval for medium-risk
- Admin: + approval for high-risk
- Owner: full access
If your role lacks permission: tool returns 403 with reason. Wavo explains "you don't have permission for this action; ask your admin."
Caching layers
Strategic context cache (5 min)
STRATEGIC_CONTEXT_CACHE_TTL_MS=300000. Strategic context (your top-level intent, current focus) cached for 5 min to reduce repeat tool calls.
Implication: rapidly-changing data may take up to 5 min to reflect.
Conversation history (20 messages)
Always fresh — pulled per-turn from DB.
Memory facts (per-project)
Persisted in project_memory_fact table. No TTL — facts live until explicitly removed OR until project deleted.
Never fabricates
Wavo cites tools. When you ask "what's my ROAS?":
- Wavo invokes
get_performance_data - Returns the actual number
- Cites: "I checked your performance data for [period] and your ROAS is X"
If a tool fails or returns no data:
- Wavo says so ("I couldn't find data for that period")
- Does NOT make up a number
Hallucinations are a known risk in LLMs. Wavo's system prompt explicitly forbids fabricating metrics. If you suspect hallucination: ask Wavo to "cite the tool" or "re-query the source."
Output sanitization
chat-security.ts sanitizeToolOutput() redacts:
Both directions:
- Before sending to model (so model doesn't see your secrets)
- Before displaying to you (so the on-screen output doesn't leak them)
Prompt injection defense
chat-security.ts INJECTION_PATTERNS (50+ regex in English + Italian):
Blocks attempts to manipulate Wavo via crafted inputs (e.g. "Ignore previous instructions and...").
detectInjection() flags suspect inputs; the system prompt also instructs Wavo to reject role-override attempts.
Memory opt-out
If you don't want Wavo to persist facts across conversations:
/settings → AI preferences→ toggle Memory off- Sets
user_ai_preferences.memory_opted_out_attimestamp - No new facts persist; existing facts not deleted (clear manually if desired)
Data residency
Conversation data stored in your workspace's Wevion deployment (same region as your other Wevion data). Model providers process queries per their terms — review your enterprise agreement for cross-border data handling specifics.
Common surprises
- "Wavo doesn't know about an ad I just created" — strategic context cache (5 min) or sync delay; ask again in 5 min
- "Wavo says it can't see X" — RBAC check failed; verify your role
- "Wavo cited an old number" — postback lag or cache; ask "what's the most recent value"
- "Wavo refused to help" — probably injection-defense triggered; rephrase neutrally
FAQ
Can Wavo see my private or other teams' data?
No. Wavo sees your team's data only, strictly scoped by team_id via resolveToolDataScope(), with hard team isolation that cannot cross workspace boundaries. It also can't read other users' chat histories, preferences, or personal info — the exception being a session you explicitly share, which the recipient can then read. Per-tool RBAC further enforces role hierarchy on every query.
Does Wavo ever make up metrics?
No. Wavo never fabricates numbers — it always cites the tool that produced the value. When you ask for ROAS, it invokes get_performance_data and reports the actual figure with a citation. If a tool fails or returns no data, Wavo says so rather than inventing a number. Its system prompt explicitly forbids fabricating metrics; you can ask it to "cite the tool" to verify.
How does Wavo protect secrets in its output?
Wevion's sanitizeToolOutput() in chat-security.ts redacts sensitive patterns in both directions — before sending to the model and before displaying to you. It strips Meta access tokens (EAA...), JWTs, AWS keys (AKIA...), Stripe keys (sk_.../pk_...), Google API keys (AIzaSy...), and database connection strings, so secrets that accidentally surface in tool output never leak on screen.
Why doesn't Wavo know about an ad I just created?
Likely the strategic context cache, which holds for 5 minutes (STRATEGIC_CONTEXT_CACHE_TTL_MS=300000), or a sync delay. Rapidly-changing data can take up to 5 minutes to reflect, so ask again shortly. By contrast, conversation history is always pulled fresh per-turn from the database, and project memory facts persist with no TTL until removed.
Can I stop Wavo from remembering things across conversations?
Yes. Go to /settings → AI preferences and toggle Memory off, which sets your user_ai_preferences.memory_opted_out_at timestamp. After that, no new facts persist. Existing facts aren't deleted automatically, so clear them manually if you want them gone. This memory opt-out is per user and controls only cross-conversation fact persistence.
FAQ
Can Wavo see my private or other teams' data?
No. Wavo sees your team's data only, strictly scoped by team_id via resolveToolDataScope(), with hard team isolation that cannot cross workspace boundaries. It also can't read other users' chat histories, preferences, or personal info — the exception being a session you explicitly share, which the recipient can then read. Per-tool RBAC further enforces role hierarchy on every query.
Does Wavo ever make up metrics?
No. Wavo never fabricates numbers — it always cites the tool that produced the value. When you ask for ROAS, it invokes getperformancedata and reports the actual figure with a citation. If a tool fails or returns no data, Wavo says so rather than inventing a number. Its system prompt explicitly forbids fabricating metrics; you can ask it to "cite the tool" to verify.
How does Wavo protect secrets in its output?
Wevion's sanitizeToolOutput() in chat-security.ts redacts sensitive patterns in both directions — before sending to the model and before displaying to you. It strips Meta access tokens (EAA...), JWTs, AWS keys (AKIA...), Stripe keys (sk.../pk...), Google API keys (AIzaSy...), and database connection strings, so secrets that accidentally surface in tool output never leak on screen.
Why doesn't Wavo know about an ad I just created?
Likely the strategic context cache, which holds for 5 minutes (STRATEGICCONTEXTCACHETTLMS=300000), or a sync delay. Rapidly-changing data can take up to 5 minutes to reflect, so ask again shortly. By contrast, conversation history is always pulled fresh per-turn from the database, and project memory facts persist with no TTL until removed.
Can I stop Wavo from remembering things across conversations?
Yes. Go to /settings → AI preferences and toggle Memory off, which sets your useraipreferences.memoryoptedout_at timestamp. After that, no new facts persist. Existing facts aren't deleted automatically, so clear them manually if you want them gone. This memory opt-out is per user and controls only cross-conversation fact persistence.
Steps
- Request reaches a tool handler (e.g. getperformancedata)
- resolveToolDataScope(ctx) returns allowed sheetids + teamids
- Tool query filters by these scopes — typically WHERE team_id IN (allowed) AND ...
- Result includes only data the user can see
Last updated: 2026-05-17