Wavo privacy and data usage

Team isolation by team_id. RBAC per tool. Output sanitization redacts secrets. Injection defense 50+ regex. Model providers per their terms.

Written By Salvatore Sinigaglia

Last updated About 1 hour ago

Team isolation by team_id. RBAC per tool. Output sanitization redacts secrets. Injection defense 50+ regex. Model providers per their terms.

Wavo privacy and data usage

Wavo enforces team isolation (all queries filtered by team_id), per-tool RBAC (chat-tool-rbac.ts), output sanitization (chat-security.ts sanitizeToolOutput() redacts Meta tokens, JWTs, AWS keys, Stripe keys, Google keys, DB strings), and prompt injection defense (50+ regex EN+IT in INJECTION_PATTERNS). Conversation data stored in your workspace's Wevion deployment. Model providers (Anthropic, OpenAI, Google, DeepSeek, Moonshot) process queries per their enterprise terms.

Who is this for

Admins + owners reviewing AI data handling for compliance. Security teams evaluating Wavo before rollout. Anyone with sensitive data wanting to understand the protections.

Data scope (what Wavo sees)

Strict team isolation

Every tool call filters by team_id. Wavo:

  • Can see your team's campaigns, metrics, audiences, rules, creatives
  • CANNOT see other teams' data, even within the same Wevion deployment
  • CANNOT cross workspace boundaries

Enforcement: resolveToolDataScope(ctx) returns allowed scopes; queries filter before returning.

Role-based tool access

chat-tool-rbac.ts enforces:

RoleTool access
viewerRead-only tools
mediabuyerRead + write (drafts, generate)
manager+ medium-risk approvals
admin+ high-risk approvals
ownerFull access
super_admin+ cross-org tools (if applicable)

If your role lacks permission: tool returns 403; Wavo explains "ask admin."

User preferences scope

Each user's user_ai_preferences is private to that user. Wavo sees:

  • Your preferences (language, model, tone, etc.)
  • Does NOT see other users' preferences

Data sent to model providers

When you send a message to Wavo:

  1. Your message
  2. Last 20 messages of conversation history
  3. System prompt (Wevion knowledge + persona + project instructions + user preferences + memory facts)
  4. Tool definitions
  5. Tool results (when Wavo invokes tools)

These are sent to the model provider powering the mode you picked (Fast / Smart / Expert). Wevion manages which model backs each mode; the underlying provider set includes:

ProviderData handling
AnthropicPer Anthropic enterprise terms
GooglePer Google AI terms
DeepSeekPer DeepSeek terms
MoonshotPer Moonshot terms
OpenAIPer OpenAI enterprise terms

Review your workspace's enterprise agreement for cross-border data handling, data retention by providers, and SOC 2 / GDPR / HIPAA posture.

For GDPR-sensitive workloads: use providers offering EU data residency (consult their docs).

Output sanitization

Before Wavo's response is shown to you, chat-security.ts sanitizeToolOutput() redacts known secret patterns:

PatternSource
EAA... (long string)Meta access tokens
eyJhbGciOi...JWT tokens
AKIA... (20 chars)AWS access keys
sk_... / pk_...Stripe API keys
AIzaSy...Google API keys
postgresql://, mongodb://, mysql://DB connection strings

Both directions: secrets stripped before model + before display.

Prompt injection defense

chat-security.ts INJECTION_PATTERNS is 50+ regex (English + Italian) detecting attempts to manipulate Wavo via crafted inputs:

  • "Ignore previous instructions..."
  • "You are now [new role]..."
  • "System: override..."
  • "Reveal your prompt..."

detectInjection() flags suspect inputs. System prompt also instructs Wavo to reject role-override attempts.

If your legitimate prompt triggers a false positive: rephrase neutrally. Common false positives: "explain how this works" with certain phrasings β€” switch to "describe" or "walk me through".

Conversation data storage

DataStored whereRetention
chat_session rowsWevion DB (your deployment)Until deleted by user or workspace policy
chat_message rowsWevion DBUntil deleted
chat_project_file uploadsWevion S3 / storage (Drive Service Account scope)Until deleted
credit_transactionWevion DBAppend-only, retention per workspace plan
ai_action_logWevion DBAppend-only
project_memory_factWevion DBUntil soft-deleted (opted_out_at)
user_ai_preferencesWevion DBUntil user clears

Provider-side (Anthropic / OpenAI / etc.) retention per their terms β€” typically zero retention for enterprise tiers but verify.

Memory opt-out

User-level:

  • /settings β†’ AI preferences β†’ toggle Memory off
  • Sets user_ai_preferences.memory_opted_out_at timestamp
  • No new project_memory_fact rows persist for that user
  • Existing facts remain (user can clear via DELETE /api/v1/ai-memory/facts)

Project-level:

  • Project owner toggles chat_project.memory_enabled = false
  • No new facts persist for that project
  • Existing facts remain (clear via admin action)

File upload security

POST /api/v1/chat-upload enforces:

  • 10 MB max file size
  • MIME whitelist: image/jpeg / png / webp / gif, application/pdf, text/csv / plain, docx, xlsx
  • Other types rejected with clear error

Voice upload (chat-voice/transcribe):

  • 25 MB max
  • Audio formats supported by Whisper (webm/mp3/wav)
  • Optional BCP-47 language hint; if omitted, Whisper auto-detects the spoken language

Compliance checklist

For admins evaluating Wavo for compliance use:

  • βœ… Team isolation enforced at backend tool layer
  • βœ… Role-based access via chat-tool-rbac
  • βœ… Output sanitization for known secret patterns
  • βœ… Prompt injection defense layered (regex + system prompt)
  • βœ… Audit log for all approval-mode actions (ai_action_log)
  • βœ… Memory opt-out at user + project level
  • βœ… File upload type + size restrictions
  • ⚠️ Model provider terms: review per your data residency / sensitivity requirements
  • ⚠️ Workspace deployment region: check with admin (Wevion data lives where deployed)
  • ⚠️ Custom enterprise agreements: review (some workspaces have specific data clauses)

What admins should review periodically

Audit log usage

GET /api/v1/ai-action-log β€” see all approval-mode actions for the team (owner / admin / super_admin, and manager where the team's action_log_visible flag is on). Filter by user / date / status to spot anomalies.

Credit usage patterns

/settings/team/billing β†’ monthly usage trends. Unusual spikes may indicate:

  • Over-relying on the Expert mode (switch to Fast for routine)
  • Long sessions with many tool calls (encourage focused queries)
  • Single user dominating (consider per-user discipline)

Memory facts review

Owner can audit per-project memory facts. If sensitive client info accidentally persisted: clear via DELETE /api/v1/ai-memory/facts.

File uploads

Periodically audit uploaded files (especially in shared projects). Treat as you would any other Drive content.

Common questions

Does Wavo train on my data?

Provider-dependent. Most enterprise tiers (Anthropic, OpenAI, Google) explicitly do not train on customer data. Review your workspace's agreement.

Can I prevent specific tools from being available?

Admin-level RBAC controls tool access by role. For finer per-tool control: workspace-level config (advanced β€” contact support).

Can teammates see my chat sessions?

No, unless you explicitly share via chat_session_share. Otherwise: only you + super_admin / owner (canViewAll for audit) can see.

Can Wavo see my Slack / email / external tools?

Currently: no. Wavo sees only Wevion-integrated data sources. External tool integrations (Slack, email) are not exposed to Wavo.

Can I export my chat history?

Yes. Each session's messages are accessible via API. For full export: contact admin / support for bulk extraction.

Right to be forgotten (GDPR)?

User account deletion removes user-owned sessions, messages, preferences, facts. Audit log entries retained per workspace retention policy (often legally required for some duration).

Common mistakes

  • Treating Wavo as zero-trust: it has access; review tools + roles to limit blast radius
  • Pasting secrets into chat hoping sanitization catches them: better not to paste in the first place
  • Not setting monthly_cap: usage can spike; set conservative cap early
  • Memory left on for sensitive projects: opt out for projects handling client confidential data

FAQ

Does Wavo isolate my team's data from other teams?

Yes. Wevion enforces strict team isolation in Wavo: every tool call filters by team_id, so Wavo sees your team's campaigns, metrics, audiences, rules, and creatives but cannot see other teams' data or cross workspace boundaries. Enforcement runs through resolveToolDataScope, which returns the allowed scopes before any query returns results.

What secrets does Wavo redact from its responses?

Before showing Wavo's response, Wevion's sanitizeToolOutput() redacts known secret patterns: Meta access tokens, JWTs, AWS access keys, Stripe API keys, Google API keys, and database connection strings. Sanitization runs both directions β€” secrets are stripped before reaching the model and before display β€” so credentials that surface in tool output never appear in chat.

How do I opt out of Wavo memory?

You can turn Wavo memory off at two levels in Wevion. User-level: go to /settings β†’ AI preferences and toggle Memory off, which stops new memory facts persisting for you. Project-level: the project owner sets chat_project.memory_enabled = false. Existing facts remain until you clear them via the AI-memory facts endpoint.

What file types and sizes can I upload to Wavo?

Wavo's chat upload accepts files up to 10 MB with a MIME whitelist: JPEG, PNG, WebP, and GIF images, plus PDF, CSV, plain text, DOCX, and XLSX. Other types are rejected with a clear error. Voice uploads for transcription allow up to 25 MB in Whisper-supported audio formats (webm/mp3/wav); if you don't pass a language hint, Whisper auto-detects the spoken language.

FAQ

Does Wavo isolate my team's data from other teams?

Yes. Wevion enforces strict team isolation in Wavo: every tool call filters by team_id, so Wavo sees your team's campaigns, metrics, audiences, rules, and creatives but cannot see other teams' data or cross workspace boundaries. Enforcement runs through resolveToolDataScope, which returns the allowed scopes before any query returns results.

What secrets does Wavo redact from its responses?

Before showing Wavo's response, Wevion's sanitizeToolOutput() redacts known secret patterns: Meta access tokens, JWTs, AWS access keys, Stripe API keys, Google API keys, and database connection strings. Sanitization runs both directions β€” secrets are stripped before reaching the model and before display β€” so credentials that surface in tool output never appear in chat.

How do I opt out of Wavo memory?

You can turn Wavo memory off at two levels in Wevion. User-level: go to /settings β†’ AI preferences and toggle Memory off, which stops new memory facts persisting for you. Project-level: the project owner sets chatproject.memoryenabled = false. Existing facts remain until you clear them via the AI-memory facts endpoint.

What file types and sizes can I upload to Wavo?

Wavo's chat upload accepts files up to 10 MB with a MIME whitelist: JPEG, PNG, WebP, and GIF images, plus PDF, CSV, plain text, DOCX, and XLSX. Other types are rejected with a clear error. Voice uploads for transcription allow up to 25 MB in Whisper-supported audio formats (webm/mp3/wav); if you don't pass a language hint, Whisper auto-detects the spoken language.

Last updated: 2026-05-17