WaveNews ("the App," "we," "us," or "our") is a personalized news aggregator available on iOS, Android, and the web. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights regarding that data.
This policy applies to all users of the WaveNews mobile app (com.wavenews.app) and website at https://wavenews.app. It does not apply to third-party websites or services linked from the App.
Login is optional. You may browse news content without creating an account. Creating an account (via Google Sign-In or Sign in with Apple) unlocks saving articles, social features, and cross-device sync.
By using the App, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use.
When you sign in with Google, we receive from Firebase Authentication:
We do not receive or store your Google password, payment methods, or any other Google account data. Authentication is handled entirely by Google and Firebase Auth. On iOS and Android, sign-in uses the native @capacitor-firebase/authentication plugin via ASWebAuthenticationSession; on web, it uses a browser popup or redirect depending on the browser.
When you sign in with Apple, we receive from Firebase Authentication via Apple's identity service:
We do not receive your Apple ID password, payment methods, or any other Apple account data. On iOS, Sign in with Apple uses the native system dialog provided by ASAuthorizationController via AuthenticationServices framework; on web, it uses a browser redirect. We store the received data in your Firestore profile to maintain your identity across sessions, since Apple only provides name and email once.
To personalize your experience, we store the following in your Firestore user profile (preferences/{uid}):
When you are signed in and use social features, we store in Firestore:
users/{uid}/saved_articles) — bookmarked article data and timestampsreactions/{postId}) — emoji reactions (like, love, haha, wow, sad, angry) linked to your UIDposts/{postId}/comments) — text, userId, and timestampblocked_users/{uid}/blocks/{blockedUid}) — UIDs of users you have blocked, with a timestampcomment_reports) — when you flag a comment, we store the commentId, your UID as reporter, and a timestamp for admin reviewWe infer your approximate geographic location (country level only) from your device's timezone settings using the standard Intl.DateTimeFormat browser API. No external service is contacted and no data is sent to third parties for this purpose. The result is cached locally on your device for up to 7 days. Location is used solely to surface regionally relevant news sources.
We do not collect precise GPS coordinates, cell tower data, or Wi-Fi location data. We do not use your location for advertising.
We may collect the following automatically:
We do not collect advertising IDs, health data, financial data, contacts, microphone input, or camera data.
We process your data on the legal bases of contract performance (providing the service you requested), legitimate interests (operating and improving the App), and consent (for push notifications and optional features).
We use the following third-party services to operate WaveNews. Each processes data under its own privacy policy.
| Service | Purpose | Privacy Policy |
|---|---|---|
| Firebase / Google Cloud | Authentication (Firebase Auth), database (Firestore), push notifications (FCM), crash reporting (Crashlytics), server-side functions (Cloud Run) | policies.google.com/privacy |
| Google Cloud Run | Server-side RSS proxy (rssProxy) and OG image proxy (ogProxy). No article bodies are stored long-term; feeds are cached server-side for 30 minutes only. |
cloud.google.com/terms/cloud-privacy-notice |
| ipapi.co | Previously used for IP-based country detection. No longer in use as of April 2026 — country detection now uses the device's timezone settings only, with no external request. | ipapi.co/privacy/ |
| ui-avatars.com | Generates a default avatar image from your display name when no Google profile photo is available. | ui-avatars.com |
| rss2json.com | Fallback RSS feed validation service used only when you add a custom RSS feed URL. Your custom feed URL is sent to this service for parsing validation. | rss2json.com |
| corsproxy.io | Secondary CORS proxy used as a last-resort fallback for custom feed validation only. | corsproxy.io |
We do not use advertising networks. We do not sell, rent, or share your personal data with third parties for their marketing purposes.
WaveNews aggregates article previews from 150+ publicly available RSS feeds published by news organizations including BBC, Reuters, Al Jazeera, CNN, Bloomberg, G1, DW, Le Monde, El País, and others.
WaveNews is not affiliated with any of these publishers and is not responsible for the accuracy or content of articles from third-party sources.
WaveNews includes a social layer (comments, reactions, article discussions). All user-generated content (UGC) is subject to the following rules:
Anonymous posting is not permitted. All comments and reactions are tied to a verified Google account. Your display name and profile photo appear on every comment and interaction.
You retain ownership of comments you post. By posting, you grant WaveNews a non-exclusive, royalty-free license to display your content to other users within the App.
You may delete your own comments at any time from within the App. You cannot delete other users' comments; this is enforced by Firestore security rules. Deleting a comment removes it from Firestore permanently.
You may report any comment using the Report button. Reports are stored in Firestore (comment_reports) for admin review. WaveNews reserves the right to remove content that violates our Terms of Service without prior notice.
You may block another user at any time. Blocking is unilateral: the blocked user is not notified of the block. Once blocked, that user's comments, reactions, and notifications are hidden from your view. Blocked user records are stored in blocked_users/{uid}/blocks/{blockedUid} with a timestamp and the blocked user's display name at the time of blocking.
We implement industry-standard security measures:
No system is completely secure. While we work hard to protect your information, we cannot guarantee absolute security against all threats. In the event of a breach affecting your data, we will notify you in accordance with applicable law.
| Data Type | Retention Period |
|---|---|
| User profile (email, display name, photo URL) | Until account deletion |
| Saved articles | Until you delete them or close your account |
| Preferences and follow levels | Until you modify or delete them, or close your account |
| Comments and reactions | Until you delete them or close your account |
| Blocked user records | Until you unblock or close your account |
| Comment reports | Up to 90 days after review and resolution |
| Notification records | Until dismissed or account deletion |
| Crash logs (Firebase Crashlytics) | 90 days (managed by Google) |
| Timezone-based location inference | Cached locally on device for up to 7 days; not stored on our servers; no external service contacted |
Upon receiving and verifying your request, we will permanently delete:
Note: Crash logs managed by Firebase Crashlytics are pseudonymized and cannot be individually deleted, but are automatically purged after 90 days.
This deletion process satisfies Google Play's data deletion requirements as well as GDPR and LGPD rights to erasure.
Depending on your location, you have the following rights. To exercise any right, contact privacy@wavenews.app.
EU users may also lodge a complaint with their national data protection authority (DPA) if they believe we have violated GDPR.
Brazil is a primary market for WaveNews and we comply with the Lei Geral de Proteção de Dados Pessoais (LGPD — Law No. 13,709/2018):
WaveNews is not intended for children under the age of 13 (or the applicable age of digital consent in your jurisdiction — 16 in certain EU member states). We do not knowingly collect, solicit, or process personal data from children.
If we become aware that we have inadvertently collected personal data from a child under the applicable age, we will take prompt steps to delete that data from our systems. If you believe a child has provided us with personal data, please contact us immediately at privacy@wavenews.app.
Your data is processed and stored on Google Cloud infrastructure, which operates data centers in multiple regions worldwide (including the United States and Europe). By using WaveNews, you acknowledge and consent to the transfer of your data to these regions.
For EU users, Google LLC complies with Standard Contractual Clauses (SCCs) and other applicable transfer mechanisms under GDPR Chapter V. Details are available in Google's Data Processing Addendum.
We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
Your continued use of WaveNews after the effective date of any update constitutes your acceptance of the revised Privacy Policy. We encourage you to review this page periodically.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out:
We aim to respond to all privacy-related inquiries within 30 days.