Your Security

Data Security

PCI-DSS Certified: Wave received Level 1 PCI-DSS compliant. This means that every year we have a third-party audit to validate our practices and make sure we’re doing the right things for you and your customers.

Secure data transmission: When you load a page in your browser, or upload something to Wave, all that information is encrypted while it’s moving over the internet. We lock up your data with up to 256-bit TLS encryption, the strength of protection you get with online banking and shopping.

Secure data storage: Your accounting data is stored on servers that have strict physical access and technical protocols, meaning there are rules in place limiting access to only the people who need it to do their jobs. The facilities are controlled with 24/7 monitoring, and the technology is digitally protected.

Transparency: We’re not asking you to just take our word for it that we keep your data secure. We want you to understand exactly how it’s done. That’s why we’ve written a very clear and understandable privacy notice.

Mobile Security

Passwords are encrypted when they’re collected, when they’re sent to our servers, and we never store them without encrypting them first. In fact, all communications between our apps and our servers are encrypted using Transport Layer Security (TLS) — the replacement for Secure Sockets Layer (SSL) — the highest level of security protocols available.

Do you have additional questions about the security of Wave? Please contact us. We’d be happy to tell you more about the many steps we take to ensure the security of your sensitive information. If you require secure communication, please use Wave’s PGP key 2A4FBD0B.