Last updated: February 12, 2026v1.0
This Privacy Policy explains how wakesys sàrl ("wakesys", "we", "us", or "our") collects, uses, and protects your personal information when you use our booking platform.
wakesys provides booking and management software for activity-based entertainment venues such as wake parks, aqua parks, trampoline parks, climbing gyms, and similar facilities ("Parks").
Data Controller:
wakesys sàrl
3, montée St. Hubert
8387 Koerich
Luxembourg
Contact: info@wakesys.com
wakesys offers two account systems, depending on the Park you visit:
| Data | Why We Need It |
|---|---|
| Name | To identify you and personalize your experience |
| Email address | Account login, booking confirmations, receipts |
| Phone number | Account recovery, booking confirmations |
| Date of birth | Age verification for activities, waiver requirements |
| Gender | Some Parks require this for safety equipment sizing |
| Address | Required for waivers and some Parks |
| Emergency contact | Safety requirement for many activities |
| Photo | Some Parks take your photo on-site to link you to your profile for identification at check-in |
| Payment information | Processed by our payment providers (Stripe, PayPal, Adyen, Omise); we never see your full card number |
| Data | Purpose |
|---|---|
| Device and browser information | Security, fraud prevention, improving our service |
| IP address | Security, approximate location for language/currency |
| Pages visited and interactions | Understanding how to improve our platform |
| Session recordings (sampled) | Understanding how users interact with our platform to fix issues and improve usability. Personal information and payment details are automatically masked. Not all sessions are recorded. |
When you book at a Park, we collect:
We use your data to:
| Purpose | Legal Basis |
|---|---|
| Processing bookings | Contract performance |
| Sending booking confirmations | Contract performance |
| Waiver management | Legal obligation / Legitimate interest |
| Fraud prevention | Legitimate interest |
| Platform analytics and improvement | Legitimate interest |
| Financial record keeping | Legal obligation |
| Advertising measurement | Legitimate interest |
| Marketing emails | Consent |
When you book at a Park, that Park can access:
Parks may use your contact information to send you marketing communications. Each Park is responsible for their own marketing practices and compliance. To opt out of a Park's marketing, use the unsubscribe link in their emails or contact the Park directly.
These sub-processors are essential to providing the wakesys platform:
| Sub-processor | Purpose | Location |
|---|---|---|
| Vercel | Application hosting and serverless functions | USA (with EU data processing) |
| Amazon Web Services (AWS) | Cloud infrastructure | Frankfurt, Germany (EU) |
| Fly.io | Cloud infrastructure | Frankfurt, Germany (EU) |
| Supabase | Database hosting (PostgreSQL) | Frankfurt, Germany (EU) |
| Stripe | Payment processing | USA (with EU data processing) |
| PayPal | Payment processing | Luxembourg (EU) / USA |
| Adyen | Payment processing | Netherlands (EU) |
| Omise | Payment processing (Asia-Pacific) | Thailand / Singapore |
| SendGrid (Twilio) | Transactional email delivery | USA |
| Google (Gmail API) | Email delivery and threading | USA (with EU data processing) |
| Omnisend | Email marketing (Park integration) | USA / Lithuania (EU) |
| Hotjar | Session recordings and heatmaps (sampled, with PII masking) | Malta (EU) |
When you complete a booking, we share data with advertising platforms to measure the effectiveness of our advertising campaigns. This helps us understand which ads lead to bookings so we can improve our marketing. Personal identifiers are hashed (one-way encrypted) before sharing; technical data is shared unhashed.
| Partner | Purpose | Data Shared |
|---|---|---|
| Meta (Facebook/Instagram) | Conversion measurement | Hashed contact info (email, phone), hashed demographics (name, DOB, gender), hashed location (city, state, zip, country), IP address, browser info, purchase details |
| Conversion measurement | Hashed contact info (email, phone), IP address, browser info, purchase details | |
| TikTok | Conversion measurement | Hashed contact info (email, phone), IP address, browser info, purchase details |
Important:
We may disclose your data if required by law, court order, or to protect our rights, safety, or property.
Your data is primarily stored in the European Union (AWS and Fly.io, Frankfurt, Germany). However, some of our service providers are based in the United States. Where we transfer data outside the EU, we ensure appropriate safeguards are in place, such as:
We use only essential cookies required for our service to function:
| Cookie | Purpose | Duration |
|---|---|---|
| Session cookie | Keeps you logged in | Session |
| Security cookies | Prevents fraud and abuse | Session |
We do not use advertising or tracking cookies.
| Data Type | Retention Period |
|---|---|
| Account information | Until you request deletion |
| Booking history | Until you request deletion |
| Signed waivers | Retained indefinitely for legal protection |
| Receipts and invoices | Minimum 10 years (legal requirement) |
| Acceptance of legal terms | Retained indefinitely for legal protection |
| Visit records | Retained indefinitely for legal protection |
| Payment records | Minimum 10 years (legal requirement) |
When you request account deletion, we:
Under GDPR, UK GDPR, and other privacy laws, you have the right to:
| Right | What It Means |
|---|---|
| Access | Request a copy of your personal data |
| Rectification | Correct inaccurate data |
| Erasure | Request deletion of your data (subject to legal retention requirements) |
| Restriction | Limit how we process your data |
| Portability | Receive your data in a portable format |
| Objection | Object to processing based on legitimate interest, including advertising measurement |
| Withdraw consent | Withdraw consent for marketing at any time |
To exercise any of these rights, including opting out of advertising measurement, contact us at info@wakesys.com with the subject line "Privacy Request".
Response Time: We will respond to your request within 30 days. If your request is complex or we receive many requests, we may extend this by an additional 60 days, but we will notify you within the first 30 days.
Identity Verification: To protect your privacy, we may ask you to verify your identity before processing your request.
Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights. You will not receive different pricing or quality of service for exercising your rights.
You have the right to object to our processing of your data for advertising measurement purposes. If you object, we will stop sending your hashed data to advertising platforms (Meta, Google, TikTok) for conversion tracking.
To opt out, email info@wakesys.com with subject line "Opt Out of Advertising Measurement".
You have the right to lodge a complaint with a data protection supervisory authority:
We may send you:
Our emails may contain tracking pixels and links that help us understand whether you opened the email and which links you clicked. This helps us improve our communications and ensure important messages are being received. You can disable image loading in your email client to prevent pixel tracking.
When you book at a Park, they may contact you about offers, events, and promotions related to their services. Each Park is the data controller for their customer communications and is responsible for their own marketing compliance. To opt out, use the unsubscribe link in their emails or contact the Park directly.
Parks may use email marketing platforms (such as Omnisend) integrated with wakesys to send you marketing communications. When a Park uses these integrations, your data at that Park (email address, name, booking history at that Park) may be transferred to the email marketing platform on the Park's behalf.
Protecting the privacy of children is important to us. You must be at least 18 years old to create a wakesys account.
Children under 18 can be added to a booking by a parent or legal guardian, who provides information on their behalf and accepts responsibility for their data.
We do not knowingly collect personal information from children under 18 without parental involvement. If we learn that personal data has been collected from a person under 18 years of age without parental consent, we will take appropriate steps to delete this information.
If you are a parent or guardian and discover that your child under 18 has created an account without your consent, please contact us at info@wakesys.com and we will delete that child's personal data from our systems.
We protect your data using:
If we become aware of a security breach affecting your personal data, we will inform you and the relevant authorities in accordance with applicable law.
wakesys team members are authorized to access the administrative sections of the platform when fulfilling customer service requests, providing technical support, and investigating errors or issues. In such cases, they may be able to view:
We will not disclose any personal data without your consent, unless required by law, necessary to enforce our Terms of Service, or needed to provide services through third-party providers as described in this policy.
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).
Categories of Personal Information Collected:
We share data with advertising partners (Meta, Google, TikTok) to measure advertising effectiveness. This includes hashed contact and demographic information, as well as unhashed technical data (IP address, browser info) and purchase details. Under CCPA, this may constitute "sharing" of personal information.
Your California Rights:
Email us at info@wakesys.com with subject line "Do Not Share My Information"
We will respond to your request within 45 days.
If you are a UK resident, the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 apply to your personal information. Your rights are substantially the same as under EU GDPR.
International Transfers:
Your data may be transferred to countries outside the UK. Where we transfer data internationally, we rely on:
If you are an Australian resident, the Australian Privacy Principles (APPs) under the Privacy Act 1988 apply to your personal information.
Cross-Border Disclosure:
Your personal information may be disclosed to recipients in countries outside Australia, including:
Access and Correction:
You may request access to or correction of your personal information by contacting us at info@wakesys.com. We will respond within 30 days.
Complaints:
If you have a complaint about how we handle your personal information, contact us first at info@wakesys.com. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.
We may update this Privacy Policy from time to time. We will notify you of significant changes by:
If you have questions about this Privacy Policy or your personal data:
Email: info@wakesys.com
Address:
wakesys sàrl
3, montée St. Hubert
8387 Koerich
Luxembourg