Keywave

Privacy Policy

Last updated: February 1, 2026

Keywave is a product of Blocra, Inc. ("Company", "we", "us", or "our"). This Privacy Policy explains how we collect, use, share, and protect information in connection with our voice verification API, developer dashboard, documentation, and related services (collectively, the "Service").

Important note about roles: Many customers integrate the Service into their own applications. In those cases, the customer determines why and how End User data is collected and used, and the customer is responsible for providing notices and obtaining any required consents from End Users. We process data for the customer in order to provide the Service.

By using the Service, you agree to this Privacy Policy. If you do not agree, do not use the Service.

1. Definitions

  • "Customer" means the individual or entity that registers for and uses the Service.
  • "End User" means an individual whose voice or personal data is processed through a Customer application.
  • "Personal Information" means information that identifies, relates to, describes, or can reasonably be linked to an individual.
  • "Voice Data" means audio samples submitted for verification and any derived representations, such as embeddings or templates.
  • "Customer Application" means software, websites, or services operated by Customer that integrate the Service.

2. Information We Collect

2.1 Account and Billing Information

If you are a Customer account holder, we collect information such as your name, email address, organization name (if applicable), and billing details needed to manage your account and process payments.

2.2 Voice Data

The Service processes voice samples to help Customers verify a speaker. From audio samples, we may create derived representations such as voice embeddings or voice templates. Depending on applicable law, this information may be considered biometric information or a similar regulated category.

Our design aims to minimize retention of raw audio in production environments and focus on storing derived representations and metadata needed for the verification workflow. In some situations, raw audio may be temporarily retained for troubleshooting, quality analysis, or security review when requested by a Customer or when needed to investigate abuse. Where raw audio is retained, we limit access and retention time.

  • Derived voice representations are used to compare samples and perform verification
  • We do not operate the Service for the purpose of reconstructing full audio from derived representations
  • We may generate cryptographic hashes of certain verification artifacts for optional anchoring by Customers
  • Anchoring on a public blockchain can create records that are public and persistent, and may not be removable once written

2.3 API and System Usage Data

We collect technical information about use of the Service, such as:

  • Request timestamps, endpoints, response status codes, and performance metrics
  • IP address and user agent information associated with requests
  • Error logs and diagnostic events
  • Account level usage and plan related billing metrics

We use this information for reliability, security, fraud and abuse prevention, debugging, support, and billing.

2.4 Website and Dashboard Data

When you access our website or dashboard, we may collect information such as browser type, operating system, pages viewed, referring pages, and approximate location derived from IP address. This helps us operate, secure, and improve the Service.

3. How We Use Information

We use information for purposes including:

  • Providing the Service: to operate the API, dashboard, and related functionality
  • Security and integrity: to prevent fraud, detect abuse, and respond to incidents
  • Support: to respond to requests and provide technical assistance
  • Billing and account management: to process payments and provide usage reporting
  • Service improvement: to analyze performance and improve reliability and accuracy
  • Legal compliance: to comply with lawful requests and enforce our agreements

We do not sell personal information.

4. Legal Bases for Processing

Where required by applicable law, we process personal information based on one or more of the following: performing a contract, complying with legal obligations, legitimate interests such as operating and securing the Service, and consent where applicable. Customers are responsible for establishing an appropriate legal basis for End User data processed through their integrations.

5. How We Share Information

We may share information in the following circumstances:

5.1 Service Providers

We use third party vendors to help us operate the Service, including infrastructure, storage, monitoring, support tools, and payment processing. These providers are permitted to process information only to provide services to us and must protect it consistent with their contractual obligations.

5.2 Legal and Safety

We may disclose information if required by law or if we reasonably believe disclosure is necessary to comply with legal process, protect rights and safety, investigate fraud or abuse, or respond to government requests.

5.3 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of that transaction. We will take reasonable steps to ensure continued protection of information.

5.4 With Your Instructions

We may share information when you instruct us to do so, such as enabling optional integrations or optional anchoring by a Customer.

6. Data Security

We use reasonable administrative, technical, and organizational measures designed to protect information. Examples may include encryption in transit, access controls, environment separation, and monitoring for suspicious activity. No system can be guaranteed to be completely secure.

7. Data Retention

We retain information only as long as reasonably necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. Retention can vary based on data type, Customer configuration, and operational requirements. In general:

  • Account and billing information: retained for the life of the account and for a reasonable period afterward for billing, audits, and legal compliance.
  • Derived voice representations: retained as needed for the Customer’s verification workflow or as configured by the Customer.
  • API and system logs: retained for a limited period for operations, security, and billing, and may be retained longer for investigations or compliance.
  • Raw audio (when retained): retained only as needed for the specific purpose for which it was collected and then deleted or de identified where appropriate.

You may request deletion by contacting support@keywave.io. If you are an End User of a Customer application, we may direct you to the Customer that controls your data, unless we are legally required to handle the request directly.

8. Your Privacy Rights

Depending on your location and applicable law, you may have rights such as access, correction, deletion, portability, and objection or restriction. To exercise rights as a Customer account holder, contact support@keywave.io. If you are an End User of a Customer application, you should also contact the Customer directly.

We may need to verify your identity and your relationship to an account before responding. We will respond as required by applicable law.

9. International Data Transfers

We may process and store information in countries other than where you live, including the United States and other regions where our providers operate. Where required, we use appropriate safeguards for international transfers, such as contractual protections.

10. Children

The Service is not intended for individuals under 18. We do not knowingly collect personal information from children. If you believe a child has provided personal information, contact us and we will take reasonable steps to delete it.

11. Third Party Services

The Service may link to third party sites or services. We are not responsible for their privacy practices. Review their policies before using them.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated policy and revise the "Last updated" date above. Your continued use of the Service after the update means you accept the updated policy.

13. Contact

Questions or requests can be sent to:

Blocra, Inc. (Keywave)

Email: support@keywave.io

Website: https://keywave.io