Wavelength VR Ltd. Privacy Policy

Last Updated: 16/05/2026

Below is a UK GDPR-aligned Privacy Policy for Wavelength VR Ltd. that incorporates the additional safeguards expected for AI, voice processing, analytics, and behavioural profiling products.

Key upgrades include:

  • clearer lawful basis mapping

  • explicit AI/voice processing disclosures

  • stronger consent language

  • biometric/voice safeguards

  • detailed retention standards

  • security framework language

  • international transfer wording

  • automated decision-making transparency

  • processor/vendor governance

  • children’s protections

  • incident response commitments

  • audit/access control requirements

  • consent withdrawal mechanics

  • clearer user rights process

1. Introduction

Wavelength VR Ltd. (“Wavelength”, “we”, “our”, or “us”) respects your privacy and is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018, and other applicable privacy laws.

This Privacy Policy explains how we collect, use, process, store, disclose, and safeguard your personal data when you use our applications, websites, and related services (collectively, the “Services”).

Wavelength VR Ltd. acts as the data controller for the personal data processed through the Services.

Company Information

Wavelength VR Ltd.
16 Elgin Crescent
London, W11 2JR
United Kingdom

Company Number: 11055409

Contact Email: privacy@wavelengthvr.com

By using our Services, you confirm that:

  • you have read and understood this Privacy Policy;

  • you are at least 18 years old; and

  • you consent to the practices described where consent is requested.

2. Information We Collect

We collect information necessary to provide personalised astrology, horoscope, and AI-driven recommendation services.

Information You Provide Directly

Account Information

  • Name

  • Email address

  • Username

  • Password credentials (encrypted/hashed)

  • Subscription and billing status

Birth & Astrology Information

To generate personalised astrology readings, we may collect:

  • Date of birth

  • Time of birth

  • Place of birth

  • Country of birth

Voice Recordings

We may collect short voice recordings or audio inputs submitted through the Services for:

  • generating personalised readings;

  • improving voice-based features;

  • AI-powered recommendations; and

  • service optimisation where consent is provided.

Voice recordings are processed temporarily and are not retained longer than necessary.

Preferences & User Inputs

  • Horoscope interests

  • Personal goals

  • Saved content

  • App preferences

  • User feedback and support requests

Information Collected Automatically

When you use the Services, we may automatically collect:

Device & Technical Information

  • Device identifiers

  • IP address

  • Operating system

  • Browser type

  • App version

  • Mobile carrier

  • Crash reports and diagnostics

Usage Information

  • Session activity

  • Features used

  • Clickstream interactions

  • Purchase activity

  • Referral source

  • Engagement analytics

Location Information

We may collect:

  • approximate geographic location derived from IP address; and

  • precise location data (GPS) where you explicitly consent.

Information from Third Parties

We may receive information from:

  • analytics providers;

  • attribution providers;

  • advertising platforms;

  • authentication providers; and

  • infrastructure or cloud hosting partners.

Please see Appendix A for our principal service providers.

3. How We Use Your Information

We process personal data only where we have a lawful basis under UK GDPR.

We Use Your Information To:

Provide the Services

Including:

  • generating astrology readings;

  • personalising recommendations;

  • managing accounts and subscriptions;

  • authenticating users; and

  • maintaining platform functionality.

Improve & Develop the Services

Including:

  • product analytics;

  • debugging and diagnostics;

  • service optimisation;

  • feature development; and

  • training and improving internal AI systems.

Where possible, we use anonymised or aggregated datasets for model improvement.

Communications

We may send:

  • service notifications;

  • account alerts;

  • billing communications;

  • support responses; and

  • marketing communications where you have consented.

Security & Fraud Prevention

Including:

  • monitoring abuse;

  • protecting platform integrity;

  • detecting unauthorised access;

  • enforcing our Terms; and

  • maintaining system security.

Legal & Regulatory Compliance

Including:

  • compliance with legal obligations;

  • responding to lawful requests;

  • resolving disputes; and

  • maintaining required records.

4. Lawful Bases for Processing

We rely on the following lawful bases:

Data Type Lawful Basis

Account data Contract

Birth details Contract

Voice recordings Consent and/or Contract Marketing communications

Consent Analytics and tracking Consent where required

Security monitoring Legitimate interests

Legal compliance records Legal obligation

Where we rely on consent, you may withdraw consent at any time.

5. AI Processing & Automated Personalisation

Wavelength uses AI-assisted systems to generate personalised astrology content and recommendations.

This may involve:

  • voice analysis;

  • behavioural profiling;

  • recommendation modelling; and

  • automated content generation.

We do not use AI systems to make legally significant decisions about users.

Where AI systems use personal data for model improvement or training:

  • we minimise identifiable information where possible;

  • we apply access restrictions and security controls;

  • we retain raw voice recordings only for limited periods; and

  • we provide consent controls where legally required.

We do not sell voice recordings or biometric-related data.

6. Voice Data & Biometric Safeguards

Voice recordings may constitute biometric-related personal data under applicable privacy laws where processed for identification or analysis purposes. (Information Commissioner's Office)

To protect voice data, we implement safeguards including:

  • encryption in transit and at rest;

  • isolated cloud processing environments;

  • restricted role-based access controls;

  • audit logging and monitoring;

  • limited retention periods;

  • least-privilege infrastructure access;

  • MFA for administrative systems; and

  • vendor security assessments.

Raw voice recordings are retained for no longer than 30 days unless you separately consent to extended retention for model improvement or support purposes.

7. Marketing & Analytics

We may use analytics and advertising technologies including cookies, SDKs, APIs, and similar tools.

These may include:

  • Firebase

  • AppsFlyer

  • Mixpanel

  • Meta platforms

We use consent-based controls where required by law.

You may withdraw consent or manage tracking preferences through:

  • in-app settings;

  • cookie preferences; or

  • device privacy settings.

8. International Data Transfers

Some of our service providers may process personal data outside the United Kingdom.

Where international transfers occur, we implement appropriate safeguards, including:

  • UK International Data Transfer Agreements (IDTAs);

  • Standard Contractual Clauses (SCCs);

  • vendor risk reviews; and

  • contractual security obligations.

9. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Policy.

Data Type Retention Period

Account data Duration of account + up to 12 months

Birth details Duration of account

Voice recordings Up to 30 days unless extended consent obtained

Support tickets Up to 24 months

Analytics data Up to 24 months

Marketing consent records Up to 6 years

Legal/compliance records As required by law

Where data is no longer required, it will be securely deleted or irreversibly anonymised.

10. Data Security

We maintain technical and organisational security measures designed to protect personal data against unauthorised access, misuse, alteration, disclosure, or destruction.

Security measures include:

  • encrypted communications (TLS);

  • encryption at rest;

  • secure cloud hosting;

  • SOC 2-aligned infrastructure providers;

  • role-based access controls;

  • least-privilege permissions;

  • MFA for privileged systems;

  • security monitoring and logging;

  • vulnerability management; and

  • incident response procedures.

No system can be guaranteed completely secure, but we continuously review and improve our security controls.

11. Your Rights

Under UK GDPR, you may have the following rights:

  • Right of access

  • Right to rectification

  • Right to erasure

  • Right to restrict processing

  • Right to object

  • Right to data portability

  • Right to withdraw consent

  • Rights relating to automated processing

To exercise your rights, contact:

privacy@wavelengthvr.com

We may request identity verification before processing requests.

We aim to respond within 30 days unless an extension is legally permitted.

You also have the right to complain to the UK Information Commissioner’s Office (ICO):

Information Commissioner’s Office (ICO)

12. Children’s Privacy

Our Services are intended only for individuals aged 16 or older.

We do not knowingly collect personal data from children under 16.

If we become aware that we have collected such data, we will delete it promptly.

13. Disclosure of Information

We may share personal data only where necessary and lawful.

This may include:

Service Providers

Third-party processors providing:

  • hosting;

  • analytics;

  • infrastructure;

  • customer support;

  • attribution; and

  • communications services.

Legal & Regulatory Authorities

Where required by:

  • law;

  • court order;

  • regulatory obligation; or

  • lawful governmental request.

Corporate Transactions

In connection with:

  • mergers;

  • acquisitions;

  • financing events; or

  • sale of assets.

Aggregated or Anonymous Data

We may share anonymised statistical information that does not identify individuals.

14. Data Protection Impact Assessments (DPIAs)

Because our Services involve:

  • voice data;

  • behavioural profiling;

  • AI-assisted recommendations; and

  • analytics processing,

we conduct Data Protection Impact Assessments (DPIAs) where required under UK GDPR.

We regularly review processing risks, security controls, and vendor compliance.

15. Personal Data Breaches

We maintain incident response procedures for security and privacy incidents.

Where required by law:

  • relevant regulators may be notified within 72 hours; and

  • affected users will be informed without undue delay where there is a high risk to their rights or freedoms.

16. Changes to This Policy

We may update this Privacy Policy periodically.

Where material changes occur, we may notify users via:

  • the Services;

  • email; or

  • website notices.

The “Last Updated” date at the top of this Policy indicates the latest revision.

17. Contact Us

Wavelength VR Ltd.
16 Elgin Crescent
London, W11 2JR
United Kingdom

Email: privacy@wavelengthvr.com

APPENDIX A – Third-Party Service Providers

We currently use the following categories of providers:

Provider Purpose Firebase (Google LLC)Analytics, crash reporting

Apps Flyer Attribution analytics

Mixpanel Product analytics

Meta Platforms Advertising and attribution Cloud Hosting Providers Infrastructure and storage

Provider privacy policies:

Your existing internal compliance documents already align well with this revised version, particularly around DPIAs, retention, DSAR handling, and incident response procedures.