Supplemental State Privacy Notice

Effective Date: 2022-07-07


Wave Life, Inc. (“Wave,” “we,” “us,” “our”) provides this supplemental state privacy notice (“Notice”) to comply with certain state consumer privacy laws, including the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (the “CCPA”). In this Notice, “you” and “your” refer to you as a user of the Covered Services described below, or as a representative of a company we do business with.

This Notice applies to residents of states that have enacted consumer privacy laws granting their residents certain rights, including: California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia.

This Notice explains how we collect, use, and disclose information about users of our website (wavelife.io), including business-to-business interactions and communications with representatives of our vendors or partners (collectively, the “Covered Services”).

These State Privacy Laws, including the CCPA, do not cover protected health information (“PHI”) governed by HIPAA, including PHI that Wave processes as a Business Associate on behalf of a covered-entity partner. This Notice therefore does not apply to that health information, which is addressed in our HIPAA / Business Associate Privacy Statement. The Covered Services are designed for users in the United States only.

By using the Covered Services, you agree to the collection, use, and disclosure of your information as described here. We may update this Notice and will revise the date above; for material changes we will use reasonable efforts to notify you consistent with applicable law.

Collection and Processing of Personal Information

We collect information you provide directly (for example, when you request information, fill out a form, or communicate with us), information collected automatically through cookies and similar technologies, and contact information from third parties such as marketing databases. For more detail, see our Privacy Policy.

In the preceding 12 months, as part of the Covered Services, we collected and disclosed for business purposes the following categories of personal information (“Personal Information”):

  • Identifiers such as name, email address, and IP address;

  • Personal Information categories listed in the CCPA, such as name, address, and telephone number;

  • Internet or other network activity, such as information about your interaction with the website;

  • Geolocation data such as IP address;

  • Professional or employment-related information such as title, industry, role, and employer; and

  • Inferences drawn from other personal information.

Providing the Covered Services does not require us to collect sensitive personal information as defined under applicable law, such as account log-ins, Social Security or passport numbers, financial information, or biometric information.

We use Personal Information to communicate about our products and services; provide and improve the Covered Services; communicate about webinars and events; maintain security; identify and repair errors; and perform services on our behalf such as analytics and customer service. We retain it based on the purposes for which it was collected and applicable legal requirements.

Selling or Sharing of Personal Information

We disclose Personal Information to providers such as cloud storage, security vendors, and event co-sponsors to deliver the Covered Services and for related purposes such as detecting and investigating security incidents — not to enable cross-context behavioral advertising. We do not sell Personal Information, and we do not share it for cross-context behavioral advertising. We have not done so in the preceding 12 months.

Your Rights

Depending on where you live and subject to exceptions, you may have the right to know the Personal Information we collect and how we use and disclose it; to request correction of inaccurate Personal Information; to request deletion, except where we must retain it for legal or business-record obligations; and to non-discrimination for exercising these rights. To exercise a right, you or your authorized agent may contact us below. We may verify your identity before processing a request and will not charge a fee for verification.

Because we do not sell or share Personal Information for cross-context behavioral advertising, we do not recognize opt-out preference signals. If our practices change, we will honor such signals as required by law.

How to Contact Us

If you have questions about this Notice or our privacy practices, email privacy@wavelife.io or write to:

Wave Life, Inc.

Attention: Legal

700 El Camino Real, Suite 120

Menlo Park, CA 94025, United States