IndicWave
Privacy Policy
Last Updated: April 17, 2026
This Privacy Policy explains how IndicWave LLC ("IndicWave," "we," "us," or "our") collects, uses, and protects your personal information when you use our platform and services.
1. Information We Collect
In plain terms:
We collect information you give us (like your name and email), data about how you use the platform, and technical information from your device.
Information You Provide
- Account data: Name, email address, profile photo, and authentication credentials (via Google Sign-In, Apple Sign-In, or email/password)
- Profile preferences: Visa status, immigration category, location/city, preferred corridors for money transfer, language preferences
- Payment data: Billing information processed and stored by Stripe (we do not store your full card number on our servers)
- Communication data: WhatsApp phone number (if you opt in to WhatsApp notifications as a Premium user), support inquiries, feedback
- Business listing data: If you claim or create a professional listing, we collect business name, category, address, phone, website, description, and verification documents
- Referral data: Referral codes, referred user information, and referral reward status
Information Collected Automatically
- Device and usage data: IP address, browser type and version, operating system, device identifiers, referring URLs, pages viewed, features used, and timestamps
- Push notification tokens: Firebase Cloud Messaging tokens for delivering push notifications to your device
- Location data: Approximate location derived from IP address or, with your permission, more precise location from your device
- Analytics data: Interaction events, session duration, and engagement metrics collected via Google Analytics 4
Information from Third Parties
When you sign in using Google or Apple, we receive your name, email address, and profile photo as permitted by those providers. We do not receive your password from these services.
2. How We Use Your Information
In plain terms:
We use your data to run the platform, personalize your experience, process payments, send you relevant notifications, and improve our services.
We process your personal information for the following purposes:
- Providing the Services: Creating and managing your account, displaying personalized rate comparisons, showing relevant directory listings, and delivering immigration tools
- Payments: Processing subscription payments and managing billing through Stripe
- Communications: Sending transactional emails (via Brevo), push notifications (via Firebase Cloud Messaging), and WhatsApp messages (for opted-in Premium users)
- Marketing: Sending promotional emails about new features, rate alerts, or relevant content (you can opt out at any time)
- Analytics and improvement: Understanding how the platform is used and improving features, performance, and user experience
- Security: Detecting and preventing fraud, abuse, and unauthorized access
- Legal compliance: Meeting legal obligations, responding to lawful requests, and protecting our rights
- Referral program: Tracking referrals and administering referral rewards
3. Third-Party Service Providers
In plain terms:
We share data with trusted third-party services that help us run the platform. They only use your data as needed to perform their specific function.
We share personal information with the following categories of service providers:
| Provider | Purpose | Data Shared |
|---|---|---|
| Firebase (Google) | Authentication, push notifications, hosting | Email, name, device tokens, usage data |
| Stripe | Payment processing | Billing name, email, payment method details |
| Brevo (Sendinblue) | Email delivery | Email address, name |
| Google Analytics 4 | Usage analytics | Device data, usage events, IP address (anonymized) |
| Google Maps / Places | Location features, business data | Location data, search queries |
| Wise, Remitly, Xoom | Rate data (API) | No personal data shared — rate data is fetched server-side |
We may also share information when required by law, in response to legal process, or in connection with a merger, acquisition, or sale of assets.
Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
5. Data Retention
In plain terms:
We keep your data while your account is active. After you delete your account, we retain data for up to 12 months before permanent deletion, unless legally required to keep it longer.
We retain your personal information for as long as your account is active or as needed to provide the Services. When you delete your account, we will delete or anonymize your personal information within twelve (12) months, except where retention is required by law (e.g., tax records, fraud prevention, or legal disputes).
Aggregated, anonymized data that cannot identify you may be retained indefinitely for analytics and product improvement.
6. Data Security
In plain terms:
We use industry-standard security measures to protect your data, but no system is 100% secure.
We implement appropriate technical and organizational measures to protect your personal information, including:
- Encryption in transit (TLS/HTTPS) and at rest
- Firebase Authentication with secure token management
- Payment data handled exclusively by PCI-compliant Stripe infrastructure
- Access controls and regular security reviews
Despite these measures, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security.
7. Your Rights
In plain terms:
You can access, correct, or delete your personal data at any time. You can also opt out of marketing communications.
Depending on your location, you may have the following rights regarding your personal information:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate or incomplete data
- Deletion: Request deletion of your personal data (subject to legal retention requirements)
- Opt out of marketing: Unsubscribe from marketing emails at any time using the unsubscribe link in any email, or by contacting us
- Withdraw consent: Where processing is based on consent, you may withdraw it at any time
- Data portability: Request your data in a structured, machine-readable format
To exercise any of these rights, email us at hello@indicwave.com. We will respond within 30 days (or sooner if required by applicable law).
8. US State-Specific Privacy Rights
In plain terms:
If you live in California, Virginia, Colorado, Texas, or other states with privacy laws, you have additional rights over your data, including the right to know what we collect and to request deletion.
California (CCPA/CPRA)
If you are a California resident, you have the right to:
- Know what personal information we collect, use, disclose, and sell
- Request deletion of your personal information
- Opt out of the sale or sharing of personal information
- Non-discrimination for exercising your privacy rights
- Correct inaccurate personal information we hold about you
We do not sell your personal information. We do not use or disclose sensitive personal information for purposes other than those permitted under the CCPA/CPRA.
Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), and Other States
Residents of states with comprehensive privacy laws have similar rights, including the right to:
- Confirm whether we are processing your personal data
- Access and obtain a copy of your personal data
- Correct inaccuracies
- Delete your personal data
- Opt out of targeted advertising, profiling, or sale of personal data
To exercise these rights, contact us at hello@indicwave.com. If we decline a request, you may appeal by contacting us and we will respond in accordance with applicable law.
9. Canada (PIPEDA)
In plain terms:
If you are in Canada, you have rights under PIPEDA to access and correct your personal information. We obtain consent before collecting your data.
If you are located in Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial legislation may apply. Under PIPEDA, you have the right to:
- Be informed about the collection, use, and disclosure of your personal information
- Access your personal information held by us and request corrections
- Withdraw consent for the collection, use, or disclosure of your personal information (subject to legal or contractual restrictions)
- File a complaint with the Office of the Privacy Commissioner of Canada
We process your information based on express or implied consent, depending on the nature of the information and the context. You may withdraw your consent at any time by contacting us.
10. International Data Transfers
In plain terms:
Our services are primarily operated in the United States. If you access them from outside the US, your data may be transferred to and processed in the United States.
IndicWave LLC is based in the United States. If you access the Services from Canada or other countries, your personal information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Services, you consent to such transfers. We take reasonable steps to ensure your data is treated securely and in accordance with this Privacy Policy.
11. Children's Privacy
In plain terms:
IndicWave is not intended for children under 13. We do not knowingly collect data from children under 13.
The Services are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at hello@indicwave.com.
13. Do-Not-Track Signals
In plain terms:
We honor Global Privacy Control (GPC) signals. There is currently no universal standard for Do-Not-Track browser signals.
At this time, no uniform technology standard for recognizing and implementing Do-Not-Track (DNT) browser signals has been finalized. As such, we do not currently respond to DNT signals.
We do recognize and honor Global Privacy Control (GPC) signals. If your browser or an extension sends a GPC signal, we will treat it as a valid request to opt out of any sale or sharing of your personal information. Learn more at globalprivacycontrol.org.
14. Changes to This Policy
In plain terms:
We may update this policy from time to time. We will notify you of material changes.
We may update this Privacy Policy periodically to reflect changes in our practices, services, or applicable law. When we make material changes, we will update the "Last Updated" date at the top of this page and may notify you via email or in-app notification. We encourage you to review this Privacy Policy regularly.
15. Contact Us
In plain terms:
Questions about your privacy? We are here to help.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Email: hello@indicwave.com
- Entity: IndicWave LLC, United States
12. Social Logins
In plain terms:
If you sign in with Google or Apple, we receive basic profile information from them. We do not receive your password.
Our Services allow you to register and sign in using Google Sign-In or Apple Sign-In. When you do so, we receive your name, email address, and profile photo from the identity provider. We use this information solely to create and manage your account. We do not post to your social media accounts or access your contacts without your explicit permission. The information we receive is governed by the privacy policies of Google and Apple, respectively.