Privacy Policy

Who we are

Wake on Voice (“the Service”) is operated under the registered business name Wake on Voice (ABN 97 528 586 275), an Australian sole trader. We are the data controller for the personal information described in this policy and the contracting party referenced in the Terms of Service. For privacy questions or data requests, email privacy@wakeonvoice.com.

What Wake on Voice does

Wake on Voice lets you wake and shut down your PC with Amazon Alexa voice commands. There are two tiers:

• Free — 1 PC, voice wake only, permanent, no credit card. No software install; you enter your PC's MAC address on the dashboard. Voice wake works by having your Echo device send a Wake-on-LAN magic packet directly to your PC on your home network.
• Full — $6/year — up to 5 PCs, voice wake + voice shutdown + scheduled shutdown (1 per PC) + 30-day activity log + device groups. Voice shutdown and scheduled shutdown require the Wake on Voice Windows app, which maintains a secure connection to our backend so those commands arrive reliably.

How you sign in

Wake on Voice uses Sign in with Amazon (LWA) as the only way to sign in to the web portal. When you click "Continue with Amazon," Amazon shows its own consent screen asking whether to share your basic profile (name, email address, and an Amazon-issued account identifier) with Wake on Voice. If you approve, Amazon redirects you back to Wake on Voice. We never see your Amazon password; we only receive what the consent screen tells you you're sharing.

There is no magic-link fallback and no email-password login. We do not send sign-in links or billing emails ourselves; Stripe sends billing receipts and subscription notices directly to the email address Amazon shares with us. Enabling the Alexa skill is a separate Amazon-managed consent step: Amazon asks you to allow Wake on Voice to link the skill and send Alexa Smart Home directives for your PCs.

You can review and revoke Wake on Voice's access at any time at amazon.com → Your Account → Login & security → Apps & Websites. Revoking access at Amazon takes effect immediately — subsequent sign-in attempts will require a fresh consent.

Your Amazon-issued account identifier is the stable anchor of your Wake on Voice account. Your email on Amazon can change without affecting your Wake on Voice account; the same Amazon account always resolves to the same Wake on Voice account.

We do not request anything beyond your basic Amazon profile (and the minimal Alexa permissions needed to talk to Alexa on your behalf once you enable the skill). We cannot see your Amazon orders, payment information, addresses, shopping carts, or any other Amazon activity.

Your basic Amazon profile exposes your display name to Wake on Voice during sign-in, but we do not store it beyond the immediate sign-in response. Only your email address and Amazon account identifier are saved to our database.

What we store per tier

The full data inventory is in the next section. Quick summary by tier:

All tiers (Free + Full) — stored regardless of which plan you're on:

• Amazon account identifier — your Wake on Voice account anchor
• Email address (from your Amazon profile) — display + Stripe billing emails
• Device name and MAC address — required for Wake-on-LAN
• Alexa user ID + whether an Echo is linked to your Amazon account — for Alexa to discover and route directives
• Web portal session — your sign-in cookie + the matching database record
• Amazon LWA tokens — minted only when you enable the Alexa skill
• Wake-verification timestamp — set once when you tap I heard it wake up on the post-pair verification prompt

Full plan additionally:

• 30-day activity log (wake / shutdown / scheduled-shutdown events, including the group name when a command targeted a device group, retained 30 days then automatically deleted)
• Transient WebSocket connection identifier (only while the Windows app is running)
• Windows app version + Wake-on-LAN auto-enable result (sent at activation and on each app update; no PII)
• Purchase and payment records (amount, currency, date, payment/refund status, Stripe transaction ids) — written only when you pay for or are refunded on the Full plan; retained indefinitely under a lawful basis and kept even after account deletion (see the inventory below)

No tier stores: voice command audio, browsing history, IP addresses (for tracking), device fingerprints, or hardware identifiers (except inside a diagnostics bundle you explicitly choose to send to support).

What data we collect

The data we hold and why we hold it:

• Amazon account identifier (all tiers) — primary key of your Wake on Voice account. Stored in our encrypted cloud database (United States) until account deletion.
• Email address (all tiers) — display in the portal; Stripe uses it to send billing receipts to you. Updated automatically if you change your email at Amazon. Stored until account deletion.
• Device name (all tiers) — display name in Alexa and on the dashboard. Stored until device removal.
• MAC address (all tiers) — required for Wake-on-LAN magic packets. Passed to your Echo device so it can wake your PC on the local network. Stored until device removal.
• Alexa user ID + Echo-linked flag (all tiers) — lets us confirm you have the prerequisite Amazon-side setup and lets us send Alexa directives on your behalf. Stored until account unlink or account deletion.
• Wake-verification timestamp (per device) (all tiers) — set once when you tap "I heard it wake up" on the post-pair verification prompt. Used only to swap that prompt for a "Verified" indicator on your device row. Never shared, never used for tracking.
• Web portal session (all tiers) — opaque session identifier tying your browser to your Wake on Voice account. Stored as a secure, browser-only cookie. Session rows live in a dedicated database table and are deleted when you sign out. All sessions are cleared as part of the account-delete cascade. Refreshed automatically while you're active; expires after 30 days of inactivity.
• Amazon LWA tokens (all tiers; access + refresh) — sent to the Alexa backend on your behalf so Alexa can discover and control your PCs. Revoked cleanly when you delete your account. These are SEPARATE tokens from the basic-profile sign-in exchange and are only minted when you enable the Alexa skill. Stored encrypted at rest (managed keys) in a dedicated, access-controlled token store; deleted when you unlink the skill in the Alexa app or delete your Wake on Voice account.
• Activity log (Full plan only) — timestamp, command (wake/shutdown/scheduled-shutdown), device name, outcome, and — when the command targeted a device group — the group name. Surfaces your recent history in the dashboard and in your data export. Retained 30 days, then automatically deleted.
• WebSocket connection identifier (Full plan only, while the Windows app is running) — used transiently to route shutdown and scheduled commands to the correct Windows app instance. Overwritten on each reconnect; cleared on disconnect.
• Windows app version + Wake-on-LAN auto-enable result (Full plan only) — sent once on successful activation and once on each update (not on a schedule). Used to decide whether to surface the Setup Check troubleshooting UI. No hardware serials, no install GUIDs, no IP. Overwritten on each app update.
• Purchase and payment records (Full plan, paid) — written only when you complete a Full-plan payment or receive a refund. We store the originating Stripe transaction id, amount, currency, date, and payment/refund status in a dedicated, access-controlled purchase store. Retained indefinitely on a lawful basis — tax/accounting records and chargeback-dispute evidence. Because of that basis, an account-deletion request does not erase them (GDPR Art. 17(3)), so they are kept even after you delete your account (see "Delete your data").

What we do not collect

• We do not run a heartbeat or automatic diagnostic-telemetry channel. Earlier plans included one; it was removed when the live-status feature was dropped on 2026-04-20. The Windows app sends command acknowledgements (e.g., "shutdown accepted") back to our servers.
• We do not collect device fingerprints, browser family, user agent, or any other identifying browser signal beyond the opaque session cookie.
• We do not collect your IP address for tracking purposes. (Our hosting infrastructure sees IPs in request logs, retained briefly per normal server log retention, but we do not correlate these to user activity.)
• We do not collect browsing history, location data, or contacts.
• We do not record voice commands. Alexa processes voice on-device and in Amazon's cloud — those transcripts never reach Wake on Voice.
• We do not sell, share, license, or transfer your data to third parties.

Technical data from the Wake on Voice Windows app

Full plan only. When the Windows app registers with our backend, it sends:

• Windows app version (e.g., 1.2.3)
• Your PC's Wake-on-LAN status — whether the Windows app successfully auto-enabled WoL in your NIC settings, or whether you need to configure it manually

This is sent once on successful activation and once on each update, not on an ongoing schedule. We use it to decide whether to show you the Setup Check troubleshooting UI.

No personally identifying information is included. No hardware serial numbers, no Windows install GUIDs, no IP information.

Diagnostics you choose to send. The Windows app has a Send diagnostics to support option. It does nothing unless you click it; when you do, it uploads a one-time diagnostics bundle (app logs with tokens redacted, your network-adapter and Wake-on-LAN settings, and recent backend response codes) so we can investigate a problem you reported. We retain it only for that support and diagnostics purpose, then delete it automatically after 30 days — and immediately if you delete your account.

How your data is used

Your data is used exclusively to provide the Wake on Voice service:

• Your Amazon account identifier and email are used for sign-in (via Login with Amazon) and to let Stripe address billing emails to you (receipts, failed-payment notifications, pre-renewal reminders). We may also email you directly for support and to notify you of material product or pricing changes that affect your service.
• Your MAC address is provided to Alexa so your Echo device can send Wake-on-LAN packets on your local network.
• Your device name is used as the Alexa endpoint name ("Alexa, turn on [device name]").
• Your WebSocket connection identifier is used transiently to route shutdown + scheduled commands to the correct Windows app.
• Your activity log (Full plan) is used to populate the dashboard activity view and is included in your data export.

Under the General Data Protection Regulation (GDPR), our legal basis for processing the data above is contractual necessity (GDPR Art. 6(1)(b)) — each item is required to deliver the service you signed up for. Where law requires us to retain certain records (for example, tax or financial records under Australian tax law), we rely on legal obligation (GDPR Art. 6(1)(c)) and process only the minimum data needed to meet that obligation.

Data security

• All data is stored in our cloud database with encryption at rest (AES-256).
• All communication between the Windows app and our servers uses TLS (HTTPS/WSS).
• The Windows app's session token is stored in Windows Credential Manager.
• Web portal sessions live in a dedicated database table and are referenced by a secure, browser-only session cookie. The cookie is cleared when you sign out; the backing row is deleted synchronously so any other tab using the same session is signed out within one request.
• Per-device revocation — deleting a PC from your dashboard also revokes that PC's Windows-app bearer; the daemon must re-pair to regain access. Account deletion clears every paired device's bearer in one cascade.
• The Sign in with Amazon flow uses a signed, short-lived, browser-only sign-in cookie (valid about 10 minutes) to bind your sign-in attempt to the matching Amazon callback. This defends against login-CSRF.
• Amazon-issued Alexa tokens are stored in a dedicated database table with server-side encryption (managed keys), accessed only by the Alexa skill handler and the account-delete cascade.
• On your first visit, a cookie notice lets you Accept or Reject non-essential cookies. We set only the strictly-necessary cookies described above — no analytics, advertising, or tracking — so your choice is recorded and will govern any non-essential cookie we might introduce later. The choice itself is stored locally in your browser, not in a cookie.

Your rights

Access your data. You can view your registered devices, account information, and recent activity log (Full plan) directly on your Wake on Voice dashboard at wakeonvoice.com.

Download your data (data portability). The dashboard has a Download my data button (under "Your data"). Clicking it produces a JSON file containing your account email and Amazon account identifier, every device you've paired (with name and MAC address), your activity log for the last 30 days (Full plan), and your purchase and refund history (date, amount, currency). This is a self-service, synchronous download — no email, no waiting period. If you prefer to request the export by email instead, write to privacy@wakeonvoice.com and we'll send the same JSON within 2 business days.

Delete your data. You can delete your account at any time from your Wake on Voice dashboard (under "Danger zone" → "Delete my account"). Deletion is permanent and immediate. It will:

• Delete your user account and its associated data (email, devices, MAC addresses, activity log, sessions)
• Invalidate all active web portal sessions and all Windows app session tokens
• Remove your devices from Alexa (you may need to run "Alexa, discover devices" to refresh)
• Revoke Alexa account-linking tokens through Amazon's token-revocation step before deleting the stored token locally — this ordering guarantees that a failed revoke leaves the token row intact so we can retry rather than silently losing the only way to terminate the Amazon-side grant

One exception — retained financial records. Your purchase and payment records (purchase and refund history) are retained even after account deletion. We keep them on a lawful basis — tax/accounting records and evidence for chargeback disputes that can still arrive after you leave — which GDPR Art. 17(3) explicitly exempts from the erasure right. Everything else listed above is erased immediately.

Additional rights (EU, UK, California). If you're in the EU, UK, or California, you have additional rights under GDPR (Articles 15, 16, 17, 20, 21) or CCPA. Most rights can be exercised via the dashboard (access, portability, deletion). For the rest (objection to processing, restriction, corrections we can't make automatically), email privacy@wakeonvoice.com — we respond within 2 business days and take no longer than 30 calendar days to resolve a valid request.

Third-party services

Wake on Voice uses the following third-party services:

• Cloud infrastructure provider: A major US-based cloud platform hosts our servers, databases, and storage. All data is stored in the United States.
• Login with Amazon: Sign-in provider for the web portal. We receive your name, email, and Amazon account identifier per Amazon's Login with Amazon privacy guidance. We store only the email and account identifier.
• Amazon Alexa: Voice interface and Alexa Smart Home directives. Amazon processes voice commands per their own privacy policy; voice audio never reaches us.
• Stripe: Subscription billing and billing email delivery for the Full plan. Stripe receives your email (from your Amazon profile) and sends transactional billing emails to it (receipts, failed payments, pre-renewal reminders). We do not send billing emails ourselves — Stripe handles those. We may, however, email you directly for support and to notify you of material product or pricing changes that affect your service; we do not send promotional or marketing email. See Stripe's privacy policy.
• GitHub: Wake on Voice Windows app distribution (GitHub Releases). No user data is sent to GitHub.

We do not use: analytics SDKs, advertising trackers, session-replay tools, A/B-testing vendors, error-monitoring SDKs with PII, or any SaaS service that wasn't named above.

We never sell or share your data with third parties for marketing or advertising.

Children's privacy

Wake on Voice is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has provided us with data, email privacy@wakeonvoice.com and we will delete it.

Changes to this policy

We will update this page when the policy changes. The "last updated" date at the top reflects the most recent revision. If a change materially reduces your privacy rights, we'll surface a notice in the dashboard on your next sign-in so you know what changed before it takes effect.

Contact

For privacy questions or data requests:

We reply within 2 business days.