NoteWave
NoteWave Logo
Help Center
Home
Updated Feb 2, 2026|4 min read

Compliance & Certifications

GDPR, POPIA, CCPA, and SOC 2 compliance information.

Introduction

NoteWave complies with major international privacy and data protection regulations. Our infrastructure providers maintain independent security certifications to ensure the highest standards of data protection.

Privacy Regulations We Comply With

We are committed to following global privacy standards and regulations.

GDPR (EU/UK)

General Data Protection Regulation compliance for users in the European Union and United Kingdom.

  • • Right to access your data
  • • Right to erasure ("right to be forgotten")
  • • Data portability
  • • 72-hour breach notification
POPIA (South Africa)

Protection of Personal Information Act compliance for South African users.

  • • Information Officer designated
  • • Data subject access requests
  • • Processing limitations
  • • Security safeguards
CCPA/CPRA (California)

California Consumer Privacy Act compliance for California residents.

  • • Right to know what data we collect
  • • Right to delete personal information
  • • We don't sell your data
  • • Non-discrimination rights
PIPEDA (Canada)

Personal Information Protection and Electronic Documents Act for Canadian users.

  • • Consent for collection
  • • Limited use of data
  • • Access to personal information
  • • Complaint mechanisms

Infrastructure Provider Certifications

Our infrastructure providers maintain industry-recognized security certifications and compliance standards.

SOC 2 Type II Compliance:

  • Supabase - SOC 2 Type II certified for security, availability, and confidentiality
  • Vercel - SOC 2 compliant infrastructure and content delivery
  • LemonSqueezy - PCI-DSS Level 1 compliant payment processing
What is SOC 2?
SOC 2 (Service Organization Control 2) is an auditing standard developed by the American Institute of CPAs (AICPA) that verifies a company's controls for security, availability, processing integrity, confidentiality, and privacy.

International Data Transfers

Your data may be processed in countries outside your location, including the United States and European Union.

Safeguards for EU/EEA/UK data:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequate data protection measures in place
  • Transparency in data processing locations

Copies of our Standard Contractual Clauses are available upon request by emailing contact@blazesolutions.ai.

Your Privacy Rights

Regardless of where you're located, you have fundamental privacy rights when using NoteWave.

  • Access - Request a copy of your personal data
  • Rectification - Correct inaccurate or incomplete data
  • Erasure - Delete your personal data (with certain exceptions)
  • Portability - Export your data in a machine-readable format
  • Object - Object to processing for direct marketing
  • Restrict - Limit how we use your data
  • Withdraw Consent - Withdraw consent at any time

To exercise your rights, email contact@blazesolutions.ai with your request. We respond within 30 days.

Third-Party AI Processing

Your audio recordings are processed by third-party AI services to generate transcripts and summaries.

No Training on Your Data
According to our agreements with AI providers, your data is processed solely to deliver services to you. It is NOT used to train general AI models or for purposes outside of providing NoteWave services.

Supervisory Authorities

You have the right to lodge a complaint with your local data protection authority if you believe your privacy rights have been violated.

EU/EEA Residents

Contact your local Data Protection Authority or the European Data Protection Board.

South African Residents

Contact the Information Regulator of South Africa (POPIA).

Was this article helpful?

Your feedback helps us improve our documentation.