1. Overview and Scope

WaveNews ("the App," "we," "us," or "our") is a personalized news aggregator available on iOS, Android, and the web. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights regarding that data.

This policy applies to all users of the WaveNews mobile app (com.wavenews.app) and website at https://wavenews.app. It does not apply to third-party websites or services linked from the App.

Login is optional. You may browse news content without creating an account. Creating an account (via Google Sign-In or Sign in with Apple) unlocks saving articles, social features, and cross-device sync.

By using the App, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use.

2. Information We Collect

2.1 Authentication Data (Google Sign-In)

When you sign in with Google, we receive from Firebase Authentication:

We do not receive or store your Google password, payment methods, or any other Google account data. Authentication is handled entirely by Google and Firebase Auth. On iOS and Android, sign-in uses the native @capacitor-firebase/authentication plugin via ASWebAuthenticationSession; on web, it uses a browser popup or redirect depending on the browser.

2.1b Authentication Data (Sign in with Apple)

When you sign in with Apple, we receive from Firebase Authentication via Apple's identity service:

We do not receive your Apple ID password, payment methods, or any other Apple account data. On iOS, Sign in with Apple uses the native system dialog provided by ASAuthorizationController via AuthenticationServices framework; on web, it uses a browser redirect. We store the received data in your Firestore profile to maintain your identity across sessions, since Apple only provides name and email once.

2.2 Preferences and Feed Customization

To personalize your experience, we store the following in your Firestore user profile (preferences/{uid}):

2.3 User Interactions

When you are signed in and use social features, we store in Firestore:

2.4 Approximate Location

We infer your approximate geographic location (country level only) from your device's timezone settings using the standard Intl.DateTimeFormat browser API. No external service is contacted and no data is sent to third parties for this purpose. The result is cached locally on your device for up to 7 days. Location is used solely to surface regionally relevant news sources.

We do not collect precise GPS coordinates, cell tower data, or Wi-Fi location data. We do not use your location for advertising.

2.5 Technical and Device Information

We may collect the following automatically:

We do not collect advertising IDs, health data, financial data, contacts, microphone input, or camera data.

3. How We Use Your Information

We process your data on the legal bases of contract performance (providing the service you requested), legitimate interests (operating and improving the App), and consent (for push notifications and optional features).

4. Third-Party Services

We use the following third-party services to operate WaveNews. Each processes data under its own privacy policy.

Service Purpose Privacy Policy
Firebase / Google Cloud Authentication (Firebase Auth), database (Firestore), push notifications (FCM), crash reporting (Crashlytics), server-side functions (Cloud Run) policies.google.com/privacy
Google Cloud Run Server-side RSS proxy (rssProxy) and OG image proxy (ogProxy). No article bodies are stored long-term; feeds are cached server-side for 30 minutes only. cloud.google.com/terms/cloud-privacy-notice
ipapi.co Previously used for IP-based country detection. No longer in use as of April 2026 — country detection now uses the device's timezone settings only, with no external request. ipapi.co/privacy/
ui-avatars.com Generates a default avatar image from your display name when no Google profile photo is available. ui-avatars.com
rss2json.com Fallback RSS feed validation service used only when you add a custom RSS feed URL. Your custom feed URL is sent to this service for parsing validation. rss2json.com
corsproxy.io Secondary CORS proxy used as a last-resort fallback for custom feed validation only. corsproxy.io

We do not use advertising networks. We do not sell, rent, or share your personal data with third parties for their marketing purposes.

5. Content from Third-Party RSS Sources

WaveNews aggregates article previews from 150+ publicly available RSS feeds published by news organizations including BBC, Reuters, Al Jazeera, CNN, Bloomberg, G1, DW, Le Monde, El País, and others.

WaveNews is not affiliated with any of these publishers and is not responsible for the accuracy or content of articles from third-party sources.

6. User-Generated Content and Moderation

WaveNews includes a social layer (comments, reactions, article discussions). All user-generated content (UGC) is subject to the following rules:

Accountability

Anonymous posting is not permitted. All comments and reactions are tied to a verified Google account. Your display name and profile photo appear on every comment and interaction.

Content Ownership

You retain ownership of comments you post. By posting, you grant WaveNews a non-exclusive, royalty-free license to display your content to other users within the App.

Comment Deletion

You may delete your own comments at any time from within the App. You cannot delete other users' comments; this is enforced by Firestore security rules. Deleting a comment removes it from Firestore permanently.

Reporting and Moderation

You may report any comment using the Report button. Reports are stored in Firestore (comment_reports) for admin review. WaveNews reserves the right to remove content that violates our Terms of Service without prior notice.

User Blocking

You may block another user at any time. Blocking is unilateral: the blocked user is not notified of the block. Once blocked, that user's comments, reactions, and notifications are hidden from your view. Blocked user records are stored in blocked_users/{uid}/blocks/{blockedUid} with a timestamp and the blocked user's display name at the time of blocking.

7. Data Security

We implement industry-standard security measures:

No system is completely secure. While we work hard to protect your information, we cannot guarantee absolute security against all threats. In the event of a breach affecting your data, we will notify you in accordance with applicable law.

8. Data Retention

Data TypeRetention Period
User profile (email, display name, photo URL)Until account deletion
Saved articlesUntil you delete them or close your account
Preferences and follow levelsUntil you modify or delete them, or close your account
Comments and reactionsUntil you delete them or close your account
Blocked user recordsUntil you unblock or close your account
Comment reportsUp to 90 days after review and resolution
Notification recordsUntil dismissed or account deletion
Crash logs (Firebase Crashlytics)90 days (managed by Google)
Timezone-based location inferenceCached locally on device for up to 7 days; not stored on our servers; no external service contacted

9. Data Deletion and Account Removal

How to Delete Your Account and Data

You have the right to request full deletion of your account and all associated personal data at any time. To submit a deletion request, email us at:

privacy@wavenews.app

Use the subject line: "Data Deletion Request" and include the email address associated with your WaveNews account.

Deletion completed within 30 days of verified request

Upon receiving and verifying your request, we will permanently delete:

Note: Crash logs managed by Firebase Crashlytics are pseudonymized and cannot be individually deleted, but are automatically purged after 90 days.

This deletion process satisfies Google Play's data deletion requirements as well as GDPR and LGPD rights to erasure.

10. Your Privacy Rights

Depending on your location, you have the following rights. To exercise any right, contact privacy@wavenews.app.

GDPR — European Union Users

  • Right of Access: Request a copy of all personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data (see Section 9).
  • Right to Restriction: Request that we restrict processing of your data in certain circumstances.
  • Right to Data Portability: Receive your personal data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests.
  • Right to Withdraw Consent: Withdraw consent for notification or other consent-based processing at any time.

EU users may also lodge a complaint with their national data protection authority (DPA) if they believe we have violated GDPR.

CCPA — California Residents

  • Right to Know: Know what personal data we collect, use, share, or sell (we do not sell data).
  • Right to Delete: Request deletion of your personal information (see Section 9).
  • Right to Opt-Out of Sale: We do not sell personal information, so no opt-out is required.
  • Right to Non-Discrimination: We will not discriminate against you for exercising CCPA rights.

LGPD — Brazilian Users

Brazil is a primary market for WaveNews and we comply with the Lei Geral de Proteção de Dados Pessoais (LGPD — Law No. 13,709/2018):

  • Confirmação e Acesso: Confirm whether we process your data and request a copy.
  • Correção: Request correction of incomplete, inaccurate, or outdated data.
  • Eliminação: Request deletion of your personal data (see Section 9).
  • Portabilidade: Request transfer of your data to another service provider.
  • Revogação do consentimento: Withdraw consent at any time for consent-based processing.
  • Oposição ao tratamento: Object to processing activities that you believe are not in compliance with LGPD.

11. Children's Privacy

WaveNews is not intended for children under the age of 13 (or the applicable age of digital consent in your jurisdiction — 16 in certain EU member states). We do not knowingly collect, solicit, or process personal data from children.

If we become aware that we have inadvertently collected personal data from a child under the applicable age, we will take prompt steps to delete that data from our systems. If you believe a child has provided us with personal data, please contact us immediately at privacy@wavenews.app.

12. International Data Transfers

Your data is processed and stored on Google Cloud infrastructure, which operates data centers in multiple regions worldwide (including the United States and Europe). By using WaveNews, you acknowledge and consent to the transfer of your data to these regions.

For EU users, Google LLC complies with Standard Contractual Clauses (SCCs) and other applicable transfer mechanisms under GDPR Chapter V. Details are available in Google's Data Processing Addendum.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

Your continued use of WaveNews after the effective date of any update constitutes your acceptance of the revised Privacy Policy. We encourage you to review this page periodically.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out:

We aim to respond to all privacy-related inquiries within 30 days.