WaverSec Protect is designed to minimize retained message data. Policy and DLP engines run on-device, ML/NLP scanners can run in your environment, and optional cloud AI is reserved for deeper analysis when customers enable it.
Search section titles and key privacy topics, then jump straight to the relevant part of the page.
Traditional email security often depends on broad inbox access or mail-flow changes. WaverSec Protect is designed to minimize retained message data and avoid that deployment pattern.
Our detection architecture prioritizes privacy boundaries. Two layers run on-device, one can run in your environment, and the advanced AI layer is optional and customer-controlled.
47 policies
Fully on-device. Keeps core recipient and policy logic close to the sender.
46+ detectors
Fully on-device. Handles structured content checks without creating retained message records.
4 scanners
Can run in the customer environment for deeper contextual analysis.
5 models
Optional cloud analysis under customer control for harder edge cases.
Message content is not kept as an application record
Recipient fields are not retained in service databases as part of normal operation
Attachment files are not kept in application databases
No mailbox copy or historical inbox mirror is required
No SMTP relay archive is required for the current product design
The product does not require syncing an address book to operate
No cross-context behavioral advertising profile is built from product data
The service does not require months of historic inbox data to start working
WaverSec Protect still retains a limited set of operational data needed to run the service and manage customer environments.
Authentication and account records can include names, email addresses, usernames, avatars, and internal account identifiers.
We retain customer-administered settings such as organization names, internal domains, policies, allow lists, deny lists, segments, and related configuration.
We retain usage, seat, request, subscription, and payment reference data needed for quotas, support, analytics, and billing operations.
When deeper context understanding is needed, optional cloud AI/LLM models can add analysis under customer control. They are separate from the core local processing layers.
Admins choose whether advanced AI/LLM analysis is available at all
Each organization decides how optional intelligence features fit its own governance model
Only the context needed for the requested analysis should be sent
Core protection still exists without enabling optional cloud intelligence
Operational usage counts and token metrics can still be stored even when message content is not
Customers should review the AI provider and contractual terms that apply to their chosen deployment
Common questions about data handling and privacy.
Core policy and DLP checks run on-device. Additional scanners can run in the customer environment, and optional cloud AI can be enabled for deeper analysis. WaverSec Protect is designed so message bodies, recipient lists, and attachment files are not retained in its application databases as normal service records.
WaverSec Protect is designed not to keep attachment files in its application databases as part of normal operation. The service still stores operational data such as accounts, configuration, usage records, and billing references.
Policy and DLP engines run locally on the device. Additional scanners can run in the customer environment. Optional cloud AI features are separate and customer-controlled. Operational account, config, usage, and billing data are retained to run the service.
Yes. Cloud AI/LLM models are an optional additional layer under admin control. On-device policies and DLP detectors, combined with customer-side scanners, can still provide strong protection without that layer.
Landing-site analytics are presented through a consent banner where required. Optional product analytics in the admin dashboard and Outlook add-in are disabled by default and can be managed by an organization administrator through the admin dashboard's Optional product analytics setting. The Outlook add-in follows that organization setting. Operational usage and security records needed to run WaverSec Protect are still collected regardless.
Deleting your organization removes the associated configuration, usage records, and subscription links in the current service design. Account deletion removes the linked admin account as well. Some records can still be retained longer if needed for legal, tax, or security reasons.
Start securing your emails in minutes. Try it free.