Security & Responsibility Statement

Last updated: February 9, 2026

This Security & Responsibility Statement describes the operational boundaries, security assumptions, and allocation of responsibilities applicable to WAVER hardware products and their accompanying software, offered under the name WAVER OS.

This document is provided for informational purposes only and does not replace, amend, or override any contractual agreement, including the End User License Agreement (EULA), Terms of Service, Order Terms, or Privacy Policy.

This document does not constitute legal, compliance, or security advice.

1. Product nature and scope

WAVER devices are standalone, on-premise network appliances designed to be deployed, configured, and operated by the customer or their designated integrator. WAVER devices provide functionality related to guest WiFi access management, captive portal operation, and locally executed authentication and policy workflows.

WAVER devices are not managed services, security monitoring services, intrusion detection systems, or incident response solutions. No continuous service, supervision, or oversight is provided as part of normal product operation.

WAVER devices are intended for use in standard commercial or enterprise networking environments and are not designed for use in safety-critical, life-critical, or high-risk systems.

2. Operational model and isolation

WAVER devices operate entirely within the operator’s local network environment.

As part of normal operation:

Wavertech does not have remote administrative access to deployed devices during normal standalone operation
Wavertech does not receive telemetry, analytics, or operational data during normal standalone operation
Wavertech has no visibility into network traffic, device usage, authentication activity, or security events
Wavertech does not monitor, manage, or supervise deployed systems

Outbound system-initiated connections for updates, licensing, or validation are limited to the minimum technical data required for these functions. These connections do not include traffic inspection, guest data, or remote administrative access. Any optional cloud connectivity or external integration features, where available, are disabled by default and require explicit operator action. When such features are enabled, their behavior is limited to the configuration performed by the operator and the functionality described in the relevant documentation.

3. Allocation of responsibility

Security and compliance responsibilities are allocated as follows.

Wavertech’s responsibilities are limited to:

Supplying WAVER hardware and firmware in accordance with their documented specifications at the time of delivery
Making firmware updates, documentation, or advisories available based on severity, product lifecycle, and technical feasibility
Receiving and evaluating vulnerability reports in accordance with the Security and Vulnerability Disclosure policy

Wavertech does not assume responsibility for deployment, configuration, monitoring, compliance, or operational security outcomes.

The operator or integrator is solely responsible for:

Installation, configuration, and ongoing operation of the device
Physical security of the device and infrastructure
Network design, segmentation, firewalling, and exposure control
Administrator access control and credential management
Applying firmware updates and configuration changes
Implementing monitoring, logging, and incident response measures
Compliance with applicable laws and regulations
Providing guest-facing legal notices, consent mechanisms, and retention disclosures

4. Security assumptions and configuration

WAVER devices include configurable mechanisms typical of embedded network appliances. The effectiveness of these mechanisms depends entirely on operator configuration, deployment context, and surrounding infrastructure.

Operators are responsible for assessing their own threat model and implementing controls appropriate to their environment. Guest networks should be treated as untrusted by default.

Wavertech does not validate, audit, or certify customer configurations.

5. Data handling and privacy roles

Depending on configuration, WAVER devices may locally store limited data related to authentication and access management, such as identifiers, session timestamps, and usage metadata.

Data collection features beyond basic operational logging are optional and disabled unless explicitly enabled by the operator.

Wavertech does not act as a data controller or data processor for personal data processed locally on customer-operated WAVER devices during standalone operation. Where optional cloud or external services are enabled, roles may vary depending on configuration and applicable agreements. Operators are solely responsible for determining lawful basis, consent requirements, retention periods, deletion procedures, and compliance with applicable data protection and privacy legislation.

6. Limitations

No hardware or software system can be guaranteed to be free from vulnerabilities. Wavertech does not warrant that WAVER devices are secure, error-free, or immune from vulnerabilities.

Security outcomes depend on factors outside the control of Wavertech, including but not limited to:

Configuration choices
Network exposure
Third-party infrastructure or integrations
Physical access
Environmental conditions
Unsupported modifications

Wavertech does not guarantee that WAVER devices will prevent all security incidents, unauthorized access, or data loss. WAVER devices are provided subject to the limitations and disclaimers defined in the applicable EULA or Order Terms.

7. Vulnerability reporting and updates

Security issues may be reported according to the published Security and Vulnerability Disclosure policy. If a reported issue is validated, Wavertech may choose to release an update, mitigation, or advisory.

Operators are responsible for evaluating applicability and applying any updates or mitigations. Wavertech aims to address validated security issues within a reasonable timeframe, taking into account product lifecycle, technical feasibility, and deployment constraints.

8. Firmware updates and lifecycle

WAVER devices support firmware updates to improve functionality, stability, and security.

Firmware updates may include:

Security improvements and vulnerability fixes
Performance and stability enhancements
Feature updates or compatibility improvements

Firmware updates are made available through official Wavertech channels and can be applied through the device management interface.

Operators are responsible for:

Monitoring for available updates
Evaluating applicability to their environment
Applying updates in a timely manner

Wavertech may provide security updates, mitigations, or advisories for validated issues, taking into account severity, product lifecycle, and technical feasibility. Firmware updates are provided for supported devices during their active lifecycle. The duration of support may vary depending on the product model and release cycle. Legacy or end-of-life devices may no longer receive updates, including security updates.

Firmware should only be installed from official Wavertech sources. Wavertech is not responsible for issues resulting from unauthorized modifications or third-party firmware.

9. Versioning and legacy products

Security features and behavior may vary by hardware model, firmware version, and configuration. Legacy products may have functional or technical limitations. Documentation reflects general behavior and may not cover all deployment scenarios. Firmware updates may be provided for supported products during their active lifecycle. Legacy or end-of-life products may no longer receive security updates. Operators are responsible for planning maintenance, upgrades, or replacements as appropriate.

10. Contact

Security reports: security@wavertech.com
Support requests: support@wavertech.com

Admin Panel

Voucher Manager App

Live! Menu App

Coupon Manager App

First Login

Dashboard Overview

Dashboard Customization

Notifications and Tools

WAN Configuration

Firewall and URL Filtering

VPN Client

LAN Network and IP Settings

Guest Network and IP Settings

Guest Ethernet and VLANs

Third-Party AP Integration

Builder Overview

Landing Page

Authentication Page

OTP Validation

Connected Page

Feedback System

Translations

Theme Editor

Media Gallery

Legal Compliance

Templates

Free Access (with or without validation)

Facebook Login Authentication

Email Connect (with or without OTP)

Mobile/SMS Authentication (with OTP)

Voucher Authentication

Paid Access

Persistent Login & Auto-Reconnect

Network and Device Speed Limits

Time Limits and Connection Keep-Alive

Concurrent Device Limit (Vouchers)

Bypass Portal or Block access for specific devices

Bypass Authentication for specific URLs (Walled Garden)

Accessing Voucher Manager

Creating, Editing and Printing Vouchers

Voucher Generator (Click and Print)

Managing Payment Plans

Payment Portal Settings

Printing Options

Data Export and Reporting

Dashboard Analytics

Login Log

Vouchers

Free Users

Email Users

Mobile Users

Facebook Users

User Ratings

Mailchimp Integration

API Access with Examples

Automatic Export with FTP Uploader

PointX CM Integration

Automations

Coupon Campaigns

Bulk Messages

Connectivity Settings

Users and Privileges

Cloud Access

System Log & Connection Tracking

Data Retention

LED Controller

Backup and Restore

Time & Region

Maintenance

HTTPS & Certificates