Creatrix

Hub Wave Mobile App

Privacy Policy

Effective Date: April 24, 2026  ·  Last Updated: April 24, 2026

01 Introduction

Welcome to Hub Wave by Creatrix (the "App"). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our mobile application. By downloading, installing, or using the App, you agree to the practices described in this policy.

Hub Wave is a business communication and engagement platform that enables tenant administrators to manage their WhatsApp messaging, campaigns, and customer interactions, while allowing contacts (end users) to access exclusive discounts, promotions, notifications, and NFC-based business card sharing.

02 Definitions

  • Tenant Admin: A business representative who logs in to the Creatrix dashboard system to manage messaging campaigns, contacts, discounts, and business settings.
  • Contact (Portal User): An individual whose information has been added to a tenant's contact list and who gains access to the portal once activated, enabling them to view discounts, campaigns, notifications, share NFC business cards, and more.
  • Tenant: The business or organization that holds an account on the Creatrix platform and is responsible for the data of its contacts.

03 Data Controller & Responsibility

Hub Wave operates under a shared responsibility model:

  • Creatrix (Data Processor): We act as the technical platform provider. We process data on behalf of tenants strictly to deliver the App's functionality. We do not sell, rent, or monetize your personal data.
  • Tenant (Data Controller): Each tenant is the data controller for all contact information they import, collect, or generate through the platform. The tenant is solely responsible for ensuring lawful data collection, obtaining proper consent from contacts, and complying with applicable data protection regulations (including GDPR, PIPEDA, and other relevant privacy laws).
  • Tenant Liability: The tenant assumes full responsibility for the accuracy, legality, and appropriate handling of all data uploaded to or generated within the platform. Creatrix shall not be held liable for any data misuse, unauthorized access arising from the tenant's negligence, or failure to comply with applicable privacy legislation.

04 Information We Collect

4.1 — Tenant Admin Data

When a tenant admin registers and logs in through the Creatrix dashboard, we collect:

  • Account Credentials: Email address, encrypted password, and multi-factor authentication data used to access the Hub Wave dashboard.
  • Business Information: Company name, business address, phone number, Meta Business ID, and WhatsApp Business Account (WABA) details.
  • Usage Data: Login timestamps, feature usage patterns, campaign statistics, and API interaction logs for service improvement and auditing.

4.2 — Contact (Portal User) Data

When a contact's portal is activated, the following data may be collected and processed:

  • Profile Information: Name, phone number, email address, and any additional details provided by the tenant or the contact themselves.
  • Engagement Data: Discount code redemptions, campaign interactions, notification preferences, and NFC business card sharing activity.
  • Device Information: Device type, operating system version, unique device identifiers, and IP address for security and analytics purposes.

05 Device Permissions

The App requests certain device permissions to deliver its full functionality. Each permission is used only for its stated purpose:

  • Microphone

    Used to record and send voice messages through the AI-powered Meta WhatsApp integration. Voice messages are processed in real time and transmitted within the 24-hour messaging window defined by Meta's WhatsApp Business API. Audio data is not stored on our servers beyond what is necessary for delivery.

  • Camera

    Used to scan QR codes and promotional discount codes. The camera feed is processed locally on your device and no images or video are stored, uploaded, or transmitted to our servers.

  • NFC (Near Field Communication)

    Used to share digital business cards with other users by tapping devices together or holding them near an NFC tag. NFC interactions transmit only the business card data you have chosen to share (name, phone, email, company). No data is read from your device without your explicit action.

All permissions are optional. You may deny any permission and continue using the App with reduced functionality. You can manage permissions at any time through your device's Settings.

06 Data Encryption & Security

We implement industry-standard security measures to safeguard your data at every stage:

  • Encryption in Transit: All data transmitted between the App, our servers, and third-party APIs is encrypted using TLS 1.3 (Transport Layer Security), ensuring that information cannot be intercepted or tampered with during transmission.
  • Encryption at Rest: All personal data stored on our servers is encrypted using AES-256 encryption. Database backups are also encrypted and stored in geographically distributed, access-controlled facilities.
  • End-to-End Encryption (WhatsApp): Messages exchanged via the WhatsApp Business API are protected by the Signal Protocol, ensuring that only the sender and the intended recipient can read the message content.
  • Secure Key Management: API keys, access tokens, and encryption keys are stored in a dedicated hardware-backed key vault with strict access controls, automatic rotation policies, and audit logging.
  • Infrastructure Security: Our infrastructure is hosted on SOC 2 Type II and ISO 27001 certified cloud providers. We conduct regular vulnerability assessments, penetration testing, and security audits to maintain the highest protection standards.
  • Access Controls: Internal access to production systems is restricted to authorized personnel using role-based access controls (RBAC), multi-factor authentication (MFA), and is logged for audit purposes.

07 How We Use Your Information

We use collected data exclusively for the following purposes:

  • To provide, maintain, and improve the App's core functionality including messaging, campaigns, discounts, and NFC sharing.
  • To authenticate users and secure accounts against unauthorized access.
  • To deliver notifications about campaigns, discounts, and account activity.
  • To process voice messages through the AI Meta WhatsApp integration within the permitted 24-hour conversation window.
  • To analyze aggregated, anonymized usage patterns for service optimization and bug detection.
  • To comply with legal obligations and enforce our Terms of Service.

08 WhatsApp & AI Messaging

Hub Wave integrates with the Meta WhatsApp Business API to enable AI-assisted messaging:

  • 24-Hour Messaging Window: Voice messages and conversational messages are processed within the 24-hour customer service window as defined by Meta's policies. Outside this window, only pre-approved message templates may be sent.
  • AI Processing: Voice messages sent through the App may be processed by AI models to generate responses, transcriptions, or translations. This processing occurs in real time and the audio data is not retained after processing is complete.
  • Meta's Data Practices: When using WhatsApp integration, data is also subject to Meta's data processing terms. We encourage you to review the Meta Privacy Policy for details on how Meta handles information.

09 Data Sharing & Third Parties

We do not sell, rent, or trade your personal data. We may share data only in the following circumstances:

  • With Tenants: Contact data is shared with the respective tenant (your employer or the business you are associated with) for the purpose of delivering the services you signed up for.
  • Service Providers: We use trusted third-party service providers (cloud hosting, analytics, push notifications) that process data on our behalf under strict data processing agreements (DPAs) and confidentiality obligations.
  • Legal Requirements: We may disclose data if required by law, regulation, legal process, or governmental request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

10 Data Retention

  • Active Accounts: Data is retained for as long as your account is active or as needed to provide the Service.
  • Message Data: Voice messages and WhatsApp conversations are not stored on our servers beyond the time necessary for delivery and real-time processing.
  • Inactive Accounts: Data belonging to deactivated or terminated accounts is purged from our active systems within 30 days and from encrypted backups within 90 days.

11 Your Rights & Account Deletion

You have full control over your personal data. As a contact or portal user, you may:

  • Access Your Data: Request a copy of all personal information we hold about you.
  • Correct Inaccuracies: Update or correct any inaccurate personal information within the App's profile settings.
  • Delete Your Account: You can delete your account and all associated personal information at any time directly from the App's account settings. Upon deletion, your profile data, engagement history, and personal preferences are permanently removed from our active database within 30 days and from encrypted backups within 90 days.
  • Withdraw Consent: You may withdraw consent for specific data processing activities (e.g., push notifications, analytics) through the App's settings or by contacting us directly.
  • Data Portability: Request your data in a structured, commonly used, machine-readable format.

To exercise any of these rights, contact us using the details in Section 14 or use the in-app account management features.

12 Children's Privacy

Hub Wave is a business application and is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a person under 16, we will take immediate steps to delete that information. If you believe a child has provided us with personal data, please contact us immediately.

13 Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on this page with a revised "Last Updated" date and, where appropriate, through in-app notifications. Your continued use of the App after any such changes constitutes your acceptance of the revised policy.

14 Contact Us

If you have any questions about this Privacy Policy, your data, or wish to exercise your data rights, please reach out to us:

135 Marlee Avenue, Toronto, Canada
creatrix-lb.ca
support@creatrix-lb.com
+1 416 558 2568 +961 31 70368