Privacy Policy
Last updated: July 2026
This Privacy Policy covers both the Wavelength platform (wavelength.tools) and the Wavelength Sync Chrome Extension. We are committed to protecting the privacy of filmmakers, viewers, and all users of Wavelength products.
1. Information We Collect
Filmmakers
- Name and email address (used for login and notifications)
- Screening session data (title, scheduled date, Vimeo/Frame.io links)
- Filmmaker notes added during screenings
- Subscription tier and billing information (processed by Stripe — we do not store card details)
Viewers
- Name only (no email required to join a screening)
- Engagement reactions (positive/negative, intensity, timecode)
- Voice notes (audio recordings and Whisper transcriptions)
- Session completion status
Wavelength Sync Chrome Extension
- Frame.io playback timecode (read from the active Frame.io tab while sync is active)
- Wavelength Session ID and authentication token (stored locally in Chrome extension storage)
2. How We Use Your Information
- To provide audience engagement analytics to filmmakers
- To accurately timestamp viewer reactions to video timecodes
- To transcribe voice notes using OpenAI Whisper
- To send email notifications when viewers submit reports (filmmakers only)
- To manage subscriptions and billing
3. Wavelength Sync Chrome Extension — Data Practices
The Wavelength Sync extension reads the current playback timecode from Frame.io review pages while sync is active. This timecode is sent to Wavelength servers (wavelength.tools) every 250 milliseconds to enable real-time synchronization.
The extension does not collect:
- Browsing history
- Frame.io login credentials or account data
- Content of the video being watched
- Any data from non-Frame.io pages
4. Extension Permissions
| Permission | Purpose |
| activeTab | Detect when you are on a Frame.io page |
| tabs | Find open Frame.io tabs to send sync commands |
| storage | Save Session ID and Token locally so you don't need to re-enter them each time |
| *.frame.io host access | Read timecode from Frame.io pages |
| wavelength.tools host access | Send timecode data to Wavelength servers |
5. Data Sharing
We do not sell your personal data. We share data only with:
- Railway — cloud hosting for our backend servers
- Cloudflare R2 — storage for voice note audio files
- OpenAI Whisper — transcription of voice notes
- Stripe — payment processing for subscriptions
- Resend — transactional email notifications
Viewer reaction data is shared with the filmmaker who created the screening. Viewer names (not emails) are visible to the filmmaker on the analytics dashboard.
6. Data Retention
- Active session data is retained until the filmmaker deletes the session
- Deleted sessions are soft-deleted and permanently purged after 30 days
- Voice note audio files are deleted from R2 when a voice note is deleted
- Transcriptions may be retained in the database even after audio deletion
- Extension timecode sync data is held in server memory only while the sync session is active and is not permanently stored
7. Security
All data is transmitted over HTTPS. Authentication uses JWT tokens with 7-day expiry. Passwords are hashed using bcrypt. Voice note audio is stored in private Cloudflare R2 buckets accessible only via signed URLs.
8. Your Rights
You may request access to, correction of, or deletion of your personal data at any time by contacting us. Filmmakers can delete their sessions and associated data directly from the dashboard. Viewers can request deletion of their data by contacting the filmmaker or us directly.
9. Contact
For privacy questions or data requests:
privacy@wavelength.tools
© 2026 Wavelength. All rights reserved.