Privacy Policy

Last updated: May 16, 2026

1. Controller

The data controller for waveshed.io is:
See Impressum
Email: [email protected]

2. What Data We Process

Waveshed is a browser-based RF simulation tool. All simulation computation runs locally in your browser. We process minimal data:

  • Mailing list: Email address, consent timestamp, IP address at signup and confirmation (double opt-in)
  • Contact form: Name, email, message content
  • Analytics: Anonymized page views, browser type, country (via Cloudflare Web Analytics — no cookies, no personal data)
  • Technical: IP address in server logs (Cloudflare), retained for security purposes

We do not collect simulation parameters, results, coordinates, or any data you process in the simulator. All simulation data stays in your browser.

3. Legal Basis (GDPR Art. 6)

  • Consent (Art. 6(1)(a)): Mailing list subscription, contact form
  • Legitimate interest (Art. 6(1)(f)): Security logs, anonymized analytics

4. Data Processors

We use the following third-party processors:

  • Cloudflare, Inc. (USA, EU datacenters) — Hosting (Pages, Workers, D1), DDoS protection, Web Analytics. Privacy Policy
  • MailerLite (Lithuania, EU) — Mailing list management, double opt-in, newsletter delivery. Data stored in EU (ISO 27001 certified). Privacy Policy · GDPR
  • Formspark (Belgium, data stored in Ireland/EU) — Contact form submissions. Privacy Policy · GDPR

Cloudflare is certified under the EU-US Data Privacy Framework. MailerLite is headquartered in the EU (Lithuania) and stores all subscriber data in EU datacenters.

5. Cookies

Waveshed uses no tracking cookies. We use only essential browser storage (localStorage) to remember your map preferences and simulation settings. This data never leaves your device.

Cloudflare Web Analytics operates without cookies and does not track individual users.

6. Data Retention

  • Mailing list: Until you unsubscribe
  • Contact form messages: 12 months, then deleted
  • Server logs: 30 days (Cloudflare default)
  • Analytics: Aggregated, non-personal, retained indefinitely

7. Your Rights

Under the GDPR, Swiss DSG, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request deletion of your data
  • Withdraw consent at any time (e.g., unsubscribe from mailing list)
  • Data portability
  • Lodge a complaint with your supervisory authority

To exercise these rights, contact [email protected].

8. International Transfers

Your data is primarily processed in EU datacenters (Cloudflare). Where data is transferred to the USA (Cloudflare infrastructure), it is protected by the EU-US Data Privacy Framework and Standard Contractual Clauses.

9. Changes

We will update this policy as our services evolve. Material changes will be announced on the website. The "Last updated" date above reflects the current version.

10. Contact

For privacy-related inquiries:
[email protected]

Supervisory authority (Switzerland): FDPIC (Federal Data Protection and Information Commissioner)