NoteWave Logo
NoteWaveHelp Center
Home
Updated Feb 2, 2026|4 min read

Compliance & Certifications

Our commitment to POPIA, GDPR, CCPA, and security standards.

Introduction

NoteWave is committed to handling personal information in accordance with applicable data protection laws. Our infrastructure providers maintain independent security certifications to support strong data protection standards.

Privacy Regulations We Are Committed To

We are committed to following global privacy standards and regulations.

GDPR (EU/UK)

We aim to align with the General Data Protection Regulation for users in the European Union and United Kingdom.

  • • Right to access your data
  • • Right to erasure ("right to be forgotten")
  • • Data portability
  • • 72-hour breach notification
POPIA (South Africa)

We are committed to compliance with the Protection of Personal Information Act for South African users.

  • • Privacy contact designated
  • • Data subject access requests
  • • Processing limitations
  • • Security safeguards
CCPA/CPRA (California)

We aim to honour the rights of California residents under the California Consumer Privacy Act.

  • • Right to know what data we collect
  • • Right to delete personal information
  • • We don't sell your data
  • • Non-discrimination rights

Infrastructure Provider Certifications

Our infrastructure providers maintain industry-recognized security certifications and compliance standards.

SOC 2 Type II Compliance:

  • Supabase - SOC 2 Type II certified for security, availability, and confidentiality
  • Vercel - SOC 2 compliant infrastructure and content delivery
  • LemonSqueezy - PCI-DSS Level 1 compliant payment processing
What is SOC 2?
SOC 2 (Service Organization Control 2) is an auditing standard developed by the American Institute of CPAs (AICPA) that verifies a company's controls for security, availability, processing integrity, confidentiality, and privacy.

International Data Transfers

Your data may be processed in countries outside your location, including the United States and European Union.

Safeguards for EU/EEA/UK data:

  • Our infrastructure providers may use mechanisms such as Standard Contractual Clauses (SCCs) to support lawful transfers
  • Reasonable data protection measures in place
  • Transparency in data processing locations

For questions about international data transfers, contact us at contact@blazesolutions.ai.

Your Privacy Rights

Regardless of where you're located, you have fundamental privacy rights when using NoteWave.

  • Access - Request a copy of your personal data
  • Rectification - Correct inaccurate or incomplete data
  • Erasure - Delete your personal data (with certain exceptions)
  • Portability - Export your data in a machine-readable format
  • Object - Object to processing for direct marketing
  • Restrict - Limit how we use your data
  • Withdraw Consent - Withdraw consent at any time

To exercise your rights, email contact@blazesolutions.ai with your request. We respond within 30 days.

Third-Party AI Processing

Your audio recordings are processed by third-party AI services to generate transcripts and summaries.

No Training on Your Data
According to our agreements with AI providers, your data is processed solely to deliver services to you. It is NOT used to train general AI models or for purposes outside of providing NoteWave services.

Supervisory Authorities

You have the right to lodge a complaint with your local data protection authority if you believe your privacy rights have been violated.

EU/EEA Residents

Contact your local Data Protection Authority or the European Data Protection Board.

South African Residents

Contact the Information Regulator of South Africa (POPIA).

Was this article helpful?

Your feedback helps us improve our documentation.