Wolf & Hat Studio, and its product carewave (collectively, “carewave”, “we”, “us”, or “our”), are committed to protecting your information. This Privacy Policy (“Policy”) explains how we collect, use, secure and share your Personal Information when you visit our Websites, use our Services, visit our branded social pages, receive communication from us, register or attend our events or webinars, or ask questions about our products.
We may change this Policy from time to time. The date above shows the most recent update. Any material changes will appear on this page, and we encourage you to review it regularly.
We will never rent, sell, or share your Personal Information except as described here. If you do not agree with this Policy, please stop using our Websites and Services.
carewave is committed to protecting the privacy of individuals who interact with us. This Policy applies to Personal Information we collect and use for our own purposes (as a “data controller”).
We explain how we collect, use, and share Personal Information about people who:
Definitions:
Websites: www.carewave.studio and any site operated by carewave linking to this Policy.
Services: any paid or free service offered through those Websites.
Subscriber: any individual or organisation that has entered into a Services Agreement with us.
Account: a carewave instance created by or for a Subscriber.
User: an individual authorised to use our Services through that Account.
When acting on behalf of Subscribers, we process data as a data processor; the Subscriber remains the data controller responsible for its own privacy compliance.
We collect basic information such as name, email, phone number, IP address and (if applicable) payment details to deliver our Services. We may verify identity with supporting documents.
We collect technical data (via cookies and similar tools) when Users interact with Subscriber Accounts, subject to applicable consent laws.
carewave does not intentionally collect data on behalf of Subscribers; Subscribers are responsible for any information they input or share with us.
Cookies & Tracking: used to enable features, improve experience and analyse usage. Disabling cookies may limit functionality.
Logs: IP address, browser type, ISP, operating system, timestamps and similar metadata are stored for diagnostics and security.
Session Replay: anonymised session-replay analytics may record clicks and scrolls for usability improvement.
Do Not Track: carewave does not track users across third-party sites and therefore does not respond to DNT signals.
No Protected Health Information: carewave is not a HIPAA Business Associate and must not be used to store PHI.
No Unsolicited Requests: we will never request sensitive data (e.g., credit-card numbers) through insecure or unexpected channels.
We may receive information from:
Social media widgets (e.g., Facebook Like, LinkedIn Share);
Third-party services used for authentication or analytics.
Your interaction with those services is governed by their respective privacy policies.
We process Personal Information to:
provide, operate and improve our Websites and Services;
process payments and transactions;
respond to enquiries and support requests;
send service-related or marketing communications;
monitor and secure our systems; and
comply with legal obligations.
Depending on your location, our lawful bases include:
Legitimate interests (to operate and improve our business);
Contract performance (to deliver Services you requested);
Legal obligation (to meet regulatory requirements); and
Consent (where you have clearly agreed).
Questions about our lawful basis may be directed to hello@carewave.studio.
We may share data:
with trusted service providers (hosting, analytics, payment, communications);
to comply with laws or legal processes;
during business transactions (e.g., merger or acquisition);
with Wolf & Hat Studio (our parent organisation); or
with your consent.
We never sell Personal Information for monetary value.
We maintain appropriate technical and organisational measures—encryption, firewalls, and access controls—to protect Personal Information.
No system is entirely secure, but we continuously review and improve our safeguards.
Security questions: hello@carewave.studio
We retain data only as long as necessary for legitimate business or legal reasons. When no longer needed, we securely delete or anonymise it.
We primarily store data within the United Kingdom, European Economic Area (EEA) and the United States.
Where data leaves these regions, we rely on Standard Contractual Clauses (SCCs) or the UK IDTA Addendum to ensure adequate protection.
Unsubscribe: click the “unsubscribe” link in our emails or email hello@carewave.studio.
Correction or Update: contact us at the same address to amend inaccurate data.
Access & Portability: request a copy of your data in a portable format.
Erasure: ask us to delete information we no longer need.
Objection or Restriction: request limits on processing in specific contexts.
Complaints: see Section 12 for regulatory contacts.
carewave complies with the UK General Data Protection Regulation (UK GDPR), the EU GDPR, and the Data Protection Act 2018.
You have the right to:
access your Personal Information;
request correction of inaccurate data;
request erasure (“right to be forgotten”);
restrict or object to processing;
request portability of your data; and
withdraw consent at any time.
To exercise these rights, email hello@carewave.studio with “Data Rights Request” in the subject line.
We may need to verify your identity before completing your request.
Responses are usually provided within 30 days.
If you believe your data has been misused, you may lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk or with your local EU supervisory authority.
For transparency, carewave recognises key principles from major U.S. state privacy laws (including the California Consumer Privacy Act (CCPA/CPRA), Colorado Privacy Act, Connecticut Data Privacy Act, Utah Consumer Privacy Act, and Virginia Consumer Data Protection Act).
U.S. residents may have the right to:
access and delete their Personal Information;
opt out of the sale or sharing of data;
correct inaccurate information; and
appoint an authorised agent to act on their behalf.
Requests can be made to hello@carewave.studio with the subject “U.S. Privacy Rights”. carewave does not sell or share Personal Information for value and will not discriminate against anyone exercising their privacy rights.
We do not knowingly collect information from anyone under 16 years of age.
If you believe a child has provided data to us, contact hello@carewave.studio and we will remove it promptly.
carewave’s use and transfer of information received from Google APIs comply with the Google API Services User Data Policy, including the Limited Use requirements.
Questions about this Policy or our privacy practices may be sent to:
hello@carewave.studio
Wolf & Hat Studio
Attn: Data Privacy
United Kingdom
Your Creative In-house Partner
