Last updated: June 10, 2026
OneWave ("OneWave," "we," "us," or "our") provides a software platform (OneWave Systems, Inc., operating as OneWave at app.onewavesystems.com and through the OneWave mobile apps, the "Service") that sports medicine and performance clinics ("Clinics") use to manage scheduling, treatment programs, communications, and billing for their patients and athletes ("Patients"). This Privacy Policy explains what information we collect, how it is used and shared, and the choices available to you.
This Policy applies to Clinic staff and administrators ("Staff"), Patients, and visitors to our websites. By using the Service, you agree to the collection and use of information as described here.
OneWave is provided to Clinics on a business-to-business basis. If you are a Patient, your Clinic is generally the "data controller" (or equivalent) for your health and treatment information — your Clinic decides what information is collected about you and how your care is documented. OneWave acts as a service provider / data processor on the Clinic's behalf for that information, processing it only to provide, secure, and support the Service and as instructed by the Clinic.
For information you give us directly as a Clinic owner or Staff member (such as account, subscription, and billing information), and for the operation of our own websites and apps, OneWave acts as the controller.
If you have questions about your health records, the best first step is usually to contact your Clinic directly, since they manage your care relationship. You're welcome to contact us as well — see Contact Us below.
Where you are a Patient, your Clinic and its Staff may enter or record, and the Service may store and display:
This information is sensitive, and we limit access to it to the Patient, the Patient's treating Clinic and authorized Staff, and OneWave personnel or systems that need it to operate the Service (e.g., for backups, security, and support).
If you choose to connect a wearable or fitness account, the Service can import data from providers including Apple Health, Health Connect, Whoop, Oura, Fitbit, Garmin, and Google Fit. Depending on the provider and your authorization, this may include steps, heart rate, sleep, recovery scores, active minutes, and calorie data, which may be shown to your Clinic as part of your wellness or recovery program.
Connecting a wearable account is optional and controlled by you. You can disconnect a wearable provider at any time from your account settings, which stops new data from being imported; previously imported data is handled per the retention practices described below.
Clinic subscription payments and, where enabled, patient invoice payments are processed through Square. We do not store full payment card numbers on our servers — Square handles card data directly and provides us limited information needed for billing, such as payment status, invoice amounts, and a reference/transaction ID.
If your Clinic enables community/social features (such as "WaveCommunity"), your profile information, posts, and direct messages within that community are visible to other members of that community as described in the relevant in-app settings. Community content is separate from your private clinical record.
We use limited analytics and error-monitoring tools to keep the Service reliable and to understand how features are used:
We also automatically collect standard technical information such as IP address, browser/app version, device type, and timestamps of activity.
Our web app uses essential cookies/local storage to keep you signed in and remember preferences (such as theme), and may use analytics cookies from the providers above. You can control cookies through your browser settings, though disabling essential cookies may prevent the Service from working correctly.
We do not sell personal information, and we do not use Patient health information for advertising.
We retain account and clinical information for as long as your account or your Clinic's account is active, and for a reasonable period afterward to comply with legal, tax, and recordkeeping obligations (which, for clinical records, may be longer than for general account data) and to resolve disputes. Clinics are responsible for instructing us regarding retention or deletion of their Patients' records, subject to applicable law.
We use technical and organizational measures designed to protect information against unauthorized access, alteration, disclosure, or destruction, including encryption in transit, access controls, and restricted internal access to clinical data. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
To exercise these rights, contact us at hello@onewavesystems.com.
OneWave is used by athletes of varying ages, including minors, but accounts for minors are created and managed by a Clinic and/or a parent or legal guardian, in line with the Clinic's own consent and intake process. We do not knowingly allow minors to create their own accounts without Clinic or guardian involvement. If you believe a minor has provided us with information outside of this process, please contact us at hello@onewavesystems.com.
OneWave and its service providers may process and store information in countries other than your own. Where required, we use appropriate safeguards for such transfers in accordance with applicable law.
We may update this Privacy Policy from time to time. If we make material changes, we will update the "Last updated" date above and, where appropriate, notify Clinics or Patients through the Service or by email.
Questions about this Privacy Policy or how your information is handled can be sent to hello@onewavesystems.com.