Privacy Policy
Effective Date: January 15, 2026 | Last Updated: January 15, 2026
Table of Contents
- Introduction
- Information We Collect
- How We Use Your Information
- SMS Consent Documentation
- Disclosure to Third Parties
- Data Retention
- Your California Privacy Rights (CCPA)
- Your European Privacy Rights (GDPR)
- Cookies and Tracking Technologies
- Data Security
- International Data Transfers
- Children's Privacy
- Changes to This Policy
- Contact Information
1. Introduction
Wambesha LLC ("Wambesha," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our streaming platform, website, mobile applications, and related services (collectively, the "Service").
Wambesha LLC is a New Mexico Limited Liability Company and serves as the data controller for your personal information. By using our Service, you consent to the data practices described in this Privacy Policy.
Your Privacy Matters: We are committed to transparency about our data practices. If you have questions, please contact us at privacy@wambesha.com.
2. Information We Collect
2.1 Information You Provide Directly
- Account Information: Name, email address, password, and date of birth
- Payment Information: Credit card number, billing address (processed by third-party payment processors; we do not store full card numbers)
- Profile Information: Profile picture, preferences, watchlist, and parental control settings
- Contact Information: Mobile phone number (for 2FA and optional SMS communications)
- Communications: Messages sent to customer support, survey responses, and feedback
2.2 Information Collected Automatically
- Device Information: Device type, operating system, browser type, device identifiers, and IP address
- Usage Data: Viewing history, content preferences, search queries, features used, and time spent on the Service
- Location Data: Approximate geographic location based on IP address
- Log Data: Access times, pages viewed, referring URLs, and error logs
- Cookie Data: Information from cookies and similar tracking technologies (see Section 9)
2.3 Information from Third Parties
- Authentication Providers: If you sign in using Google, Apple, or other third-party services, we receive basic profile information
- Analytics Providers: Aggregated usage data and performance metrics
- Advertising Partners: Information about ad interactions (with your consent, where required)
3. How We Use Your Information
We use your personal information for the following purposes:
3.1 Providing and Improving the Service
- Creating and managing your account
- Processing subscription payments and transactions
- Personalizing your content recommendations
- Enabling multi-device streaming and syncing
- Improving our Service based on usage patterns
3.2 Communications
- Sending account-related notifications (billing, security, service updates)
- Delivering Two-Factor Authentication (2FA) codes via SMS
- Providing customer support
- Sending promotional messages (with your consent)
3.3 Security and Fraud Prevention
- Detecting and preventing fraudulent activity
- Protecting against unauthorized access
- Enforcing our Terms of Service
3.4 Legal Compliance
- Complying with applicable laws and regulations
- Responding to legal requests and court orders
- Protecting our legal rights
4. SMS Consent Documentation
Twilio 10DLC Compliance: Wambesha maintains comprehensive records of SMS consent as required by the Telephone Consumer Protection Act (TCPA), CTIA guidelines, and Twilio's messaging policies.
4.1 Consent Records We Maintain
For each SMS opt-in, we record and retain:
- The mobile phone number provided
- Date, time, and timezone of consent
- IP address at the time of consent
- The exact consent language displayed to the user
- Method of consent (web form, account settings, mobile app)
- Type of messages consented to (transactional, marketing, or both)
- For double opt-in: confirmation reply and timestamp
- User agent/browser information
4.2 Consent Language
For Account Creation (Transactional Messages):
"By providing your mobile number, you agree to receive account-related SMS messages including security codes, transaction confirmations, and service updates. Standard message and data rates may apply."
For Marketing Messages:
"By checking this box, I expressly consent to receive recurring automated promotional text messages from Wambesha LLC at the mobile number provided. Consent is not a condition of purchase. Message frequency varies. Msg & data rates may apply. Reply STOP to cancel, HELP for help."
4.3 Consent Retention Period
We retain SMS consent records for the duration of your account plus 5 years after account deletion or consent withdrawal, as required for regulatory compliance and to respond to potential legal inquiries.
4.4 Proof of Consent for Carriers
Wambesha is registered with The Campaign Registry (TCR) for A2P 10DLC messaging. Our SMS campaigns are verified, and our consent practices comply with all carrier requirements. Consent records may be provided to carriers or regulators upon lawful request.
5. Disclosure to Third Parties
5.1 Service Providers
We share personal information with service providers who perform services on our behalf. These providers are contractually bound to use your information only for the specific services they provide to us.
SMS Communications Provider - Twilio, Inc.
We use Twilio, Inc. as our authorized communications service provider for SMS messaging, including 2FA codes, account notifications, and marketing messages.
Information shared with Twilio:
- Mobile phone number
- Message content
- Delivery status and timestamps
- Device and carrier information
Twilio's Role:
- Acts as a "data processor" under GDPR
- Acts as a "service provider" under CCPA
- Bound by Twilio's Data Protection Addendum (DPA)
- EU-US Data Privacy Framework certified
- SOC 2 Type II certified
Twilio Privacy Resources:
Other Service Providers
- Cloud hosting and infrastructure (AWS, Cloudflare)
- Payment processing (Stripe)
- Analytics and performance monitoring
- Customer support platforms
- Email communications
5.2 Legal Requirements
We may disclose your information when required by law, including:
- Subpoenas, court orders, or legal process
- Government or regulatory requests
- To protect our rights, safety, or property
- To prevent fraud or illegal activity
5.3 Business Transfers
If Wambesha is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
5.4 We Do Not Sell Your Personal Information
Wambesha does not sell your personal information to third parties for their marketing purposes.
6. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required by law.
| Data Type | Retention Period |
|---|---|
| Account information | Duration of account + 3 years |
| SMS consent records | Duration of account + 5 years |
| Transaction/payment history | 7 years (tax/legal requirements) |
| Viewing/usage data | 2 years from collection |
| Customer support records | 3 years from last interaction |
| Marketing preferences | Until consent withdrawal + 1 year |
| Security/access logs | 1 year |
| Failed login attempts | 90 days |
After Account Deletion
- Most personal data is deleted within 30 days
- Backup systems are purged within 90 days
- SMS consent records are retained for 5 years (legal requirement)
- Transaction records are retained for 7 years (tax/legal)
- Aggregated, de-identified data may be retained indefinitely
7. Your California Privacy Rights (CCPA/CPRA)
California Residents: You have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).
7.1 Your Rights
Right to Know
You have the right to request that we disclose:
- Categories of personal information we collected about you
- Categories of sources from which personal information was collected
- The business purpose for collecting personal information
- Categories of third parties with whom we share personal information
- Specific pieces of personal information we collected about you
Right to Delete
You have the right to request deletion of your personal information, subject to certain exceptions (such as legal obligations to retain data).
Right to Correct
You have the right to request correction of inaccurate personal information we maintain about you.
Right to Opt-Out of Sale/Sharing
You have the right to opt out of the "sale" or "sharing" of your personal information for cross-context behavioral advertising.
Note: Wambesha does not sell personal information as defined by the CCPA.
Right to Limit Use of Sensitive Personal Information
You can limit our use of sensitive personal information to purposes necessary for providing our services.
Right to Non-Discrimination
We will not discriminate against you for exercising your privacy rights.
7.2 How to Exercise Your CCPA Rights
Email: privacy@wambesha.com
Mail:
Wambesha LLC, Privacy Team
1209 Mountain Road Pl NE, Suite N
Albuquerque, NM 87110
7.3 Verification
We will verify your identity before processing your request. For account holders, we verify through your account login. For non-account holders, we may request additional information.
7.4 Response Time
We will respond to verified requests within 45 days. If we need more time, we will notify you of an extension (up to 90 days total).
7.5 Authorized Agents
You may designate an authorized agent to make requests on your behalf. We may require proof of authorization and identity verification.
7.6 Categories of Personal Information
| Category | Collected | Sold | Shared |
|---|---|---|---|
| Identifiers (name, email, phone) | Yes | No | Yes* |
| Commercial information (purchases) | Yes | No | No |
| Internet activity (browsing, usage) | Yes | No | Yes* |
| Geolocation data (approximate) | Yes | No | No |
| Inferences (preferences) | Yes | No | No |
*Shared with service providers for operational purposes only.
8. Your European Privacy Rights (GDPR)
European Residents: If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have specific rights under the General Data Protection Regulation (GDPR).
8.1 Legal Basis for Processing
We process your personal data based on:
- Contract: To provide our streaming services to you
- Consent: For marketing communications and optional features
- Legitimate Interest: For analytics, security, and service improvement
- Legal Obligation: For tax, financial, and regulatory compliance
8.2 Your GDPR Rights
Right of Access (Article 15)
You can request a copy of your personal data and information about how it is processed.
Right to Rectification (Article 16)
You can request correction of inaccurate or incomplete personal data.
Right to Erasure / "Right to be Forgotten" (Article 17)
You can request deletion of your personal data in certain circumstances.
Right to Restrict Processing (Article 18)
You can request limitation of processing in certain circumstances.
Right to Data Portability (Article 20)
You can request your data in a structured, commonly used, machine-readable format and have it transferred to another controller.
Right to Object (Article 21)
You can object to processing based on legitimate interests, including profiling and direct marketing.
Right to Withdraw Consent
Where processing is based on consent, you can withdraw consent at any time without affecting the lawfulness of prior processing.
Rights Related to Automated Decision-Making (Article 22)
You have the right not to be subject to decisions based solely on automated processing that significantly affect you.
8.3 How to Exercise Your GDPR Rights
Email: gdpr@wambesha.com
Data Protection Officer: dpo@wambesha.com
Mail:
Wambesha LLC, GDPR Requests
1209 Mountain Road Pl NE, Suite N
Albuquerque, NM 87110, USA
8.4 Response Time
We will respond within one month. Complex requests may take up to three months with notification.
8.5 International Data Transfers
Data may be transferred to the United States. We rely on:
- Standard Contractual Clauses (SCCs)
- Twilio's Binding Corporate Rules
- EU-US Data Privacy Framework (where applicable)
8.6 Right to Lodge a Complaint
You have the right to lodge a complaint with your local data protection authority (supervisory authority).
8.7 Data Controller
Wambesha LLC
1209 Mountain Road Pl NE, Suite N
Albuquerque, NM 87110, USA
Email: privacy@wambesha.com
9. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance your experience and analyze usage.
9.1 Types of Cookies We Use
| Cookie Type | Purpose |
|---|---|
| Essential | Required for basic site functionality, authentication, and security |
| Performance | Collect anonymous data about site usage to improve performance |
| Functional | Remember your preferences and settings |
| Analytics | Help us understand how visitors use our Service |
| Marketing | Used to deliver relevant advertisements (with consent) |
9.2 Managing Cookies
You can manage cookie preferences through:
- Your browser settings
- Our cookie consent banner (where applicable)
- Third-party opt-out tools (e.g., NAI, DAA)
Note: Disabling certain cookies may affect Service functionality.
10. Data Security
We implement appropriate technical and organizational measures to protect your personal information:
- Encryption of data in transit (TLS/HTTPS) and at rest
- Access controls and authentication requirements
- Regular security assessments and penetration testing
- Employee training on data protection
- Incident response procedures
- Secure data centers with physical security controls
While we strive to protect your information, no method of transmission or storage is 100% secure. You are responsible for maintaining the security of your account credentials.
11. International Data Transfers
Wambesha is based in the United States. If you access our Service from outside the US, your information may be transferred to and processed in the United States or other countries.
For transfers from the EEA, UK, or Switzerland, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Binding Corporate Rules (BCRs) where applicable (e.g., Twilio)
- EU-US Data Privacy Framework for participating providers
12. Children's Privacy
Our Service is not directed to children under 13 (in the US) or 16 (in the EU). We do not knowingly collect personal information from children under these ages.
If you believe we have collected information from a child, please contact us at privacy@wambesha.com, and we will delete the information.
Parents and guardians can create child profiles under their accounts with appropriate parental controls.
13. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes by:
- Posting the updated policy on our website
- Sending an email notification to registered users
- Displaying a notice in the Service
Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.
14. Contact Information
For questions or concerns about this Privacy Policy or our data practices, please contact us:
General Privacy Inquiries:
Email: privacy@wambesha.com
CCPA Requests (California Residents):
Email: privacy@wambesha.com
GDPR Requests (European Residents):
Email: gdpr@wambesha.com
Data Protection Officer:
Email: dpo@wambesha.com
Mailing Address:
Wambesha LLC
Attn: Privacy Team
1209 Mountain Road Pl NE, Suite N
Albuquerque, NM 87110
United States
Legal Entity: Wambesha LLC
State of Formation: New Mexico
EIN: 38-4373438
Entity ID: 0008057749