Privacy Policy

Last Updated: December 7, 2025

UnderWave (“the Company,” “we,” “us,” or “our”) operates the website underwave.io (the “Site”). We are committed to protecting your privacy and handling your personal data with the highest standards of safety, transparency, and accountability. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information when you visit our Site, utilize our services, or engage with us.

As a premier Open-Source Intelligence (OSINT) and digital investigations firm, we specialize in analyzing publicly available data to deliver actionable insights. Our operations are conducted with strict adherence to discretion, confidentiality, and global legal frameworks.

This policy is designed to comply with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and the Israeli Privacy Protection Law (1981). For other jurisdictions, we apply the most stringent applicable standards.

1. Data Controller & Contact Information

UnderWave serves as the Data Controller for your personal information.

  • Founder: Chen Oren

  • Email: info@under-wave.com

  • Phone: +972-51-2051216

  • Global Operations: Based in Israel (Specific address details available upon request).

We have appointed a Data Protection Officer (DPO) to oversee compliance. For GDPR purposes, our EU representative can be reached via the contact details provided above.

2. Information We Collect

We collect personal information that you provide directly, as well as data collected automatically through your interaction with our Site.

2.1 Information You Provide

  • Contact Details: Full name, email, phone number, and organization—collected via inquiry forms or service requests.

  • Service-Related Data: Specifics of your inquiry (subjects of investigation, due diligence targets), and any uploaded documents.

  • Billing Information: Processed via secure third-party providers (we do not store full credit card details).

2.2 Automatically Collected Data

  • Usage Data: IP address, browser type, device identifiers, and page interaction metrics.

  • Cookies: See Section 8 for tracking technologies.

  • OSINT Data: During the course of our services, we aggregate publicly available data. This is handled ethically and is not considered “user personal data” unless you are the subject of an authorized investigation.

2.3 Children’s Privacy

Our services are not directed at individuals under 16 (or 13 in certain jurisdictions). We do not knowingly collect data from children.

3. How We Use Your Information

We process data based on the following legal grounds:

  1. Contractual Necessity: To provide services and deliver OSINT reports.

  2. Legitimate Interests: For communication, support, and Site optimization.

  3. Consent: For marketing communications (Newsletters).

  4. Legal Obligation: To comply with regulatory requirements and prevent fraud.

Note: UnderWave does not “sell” or “share” personal information as defined by the CCPA.

4. Data Disclosure & International Transfers

We do not sell your personal data. Disclosure occurs only under limited circumstances:

  • Service Providers: Cloud hosting (AWS/GCP), email services, and payment processors under strict Data Processing Addendums (DPA).

  • Legal Requirements: In response to valid court orders or law enforcement requests.

  • International Transfers: Data may be transferred globally. Transfers from the EEA are protected by Standard Contractual Clauses (SCCs) or Israel’s Adequacy Status under the GDPR.

5. Data Security

We implement advanced technical and organizational measures aligned with ISO 27001:

  • Encryption: TLS for data in transit; AES-256 for data at rest.

  • Access Control: Multi-Factor Authentication (MFA) and strictly partitioned access.

  • Incident Response: A robust plan to notify authorities within 72 hours of a breach.

6. Data Retention

We retain data only as long as necessary:

  • Service Records: Duration of contract + 7 years (for legal/audit purposes).

  • Marketing Data: Until opt-out or 2 years of inactivity.

  • Technical Logs: 12 months.

7. Your Rights

Depending on your location (EEA, California, or Israel), you may exercise the following rights:

RightDescription
Access & PortabilityRequest a copy of your data in a structured format.
RectificationCorrect inaccurate or incomplete information.
Erasure (“Right to be Forgotten”)Request deletion of your data under certain conditions.
Objection/RestrictionOppose processing based on legitimate interests or marketing.
Non-Discrimination(CCPA) We will not discriminate against you for exercising your rights.

To exercise these rights, please contact us at: info@under-wave.com.

8. Cookies & Tracking

We use cookies to enhance your experience:

  • Essential Cookies: Required for Site functionality.

  • Analytical Cookies: Google Analytics (can be disabled via browser settings).

  • Marketing Cookies: Used only with your explicit consent.

9. Third-Party Links

Our Site may contain links to external websites. We are not responsible for the privacy practices of third parties.

10. Policy Updates

We may update this policy periodically. Material changes will be highlighted on our Site or sent via email. Continued use of our services constitutes acceptance of the updated terms.

11. Contact Us

For any questions, rights requests, or complaints:

UnderWave Data Protection Officer

Email: info@under-wave.com

Phone: +972-51-2051216

Thank you for trusting UnderWave with your privacy.

Scroll to Top