Data Protection Impact Assessment (DPIA)

wavebird processes wrapper-originated contextual advertising requests for GenAI applications. A wrapper backend submits a contextual request to wavebird CSL when it wants to monetize a prompt, response, or agent step. The request includes only the operational and policy inputs needed for delivery, such as contextual topic, language, device type, country, and consent flags. If the wrapper has explicitly enabled prompt-assisted classification, prompt text can enter the wavebird firewall path briefly for server-side reduction.

The firewall boundary is the critical privacy delimiter. Raw prompt text, conversation history, account identifiers, and comparable end-user content are not allowed to cross that boundary into SSP egress. Prompt-assisted classification, where enabled, happens inside an ephemeral vault and is immediately reduced into coarse contextual categories before the outbound auction request is assembled.

After a constrained auction request is sent to an SSP, the SDK renders a creative and reports rendered, visible, and billable proof states back to wavebird. Those proof events support settlement, fraud review, and auditability. The system therefore separates high-risk transient content handling from low-risk operational proof and billing records.

The relevant GDPR Art. 6 basis is the legitimate interest of the wrapper controller in financing or subsidizing GenAI usage through contextual advertising. In this structure, the wrapper remains the controller for the end-user relationship and wavebird acts as processor for controller-authorized delivery, measurement, and settlement processing.

The processing is proportionate because the commercial goal can be achieved with derived context, regulatory flags, and technical metadata rather than raw prompt disclosure, profile-based targeting, or persistent user identifiers. The architecture is explicitly built around reduction before disclosure.

• Contextual topic (derived, not personal)
• Language preference (not personal)
• Device type (not personal)
• Country (broad geo, not personal)
• Consent flags (managed via TCF)
• Prompt text (ephemeral vault, never egressed)

End users of wrapper applications.

• Wavebird infrastructure (EU-hosted)
• SSP partners (see subprocessor list)
• No advertiser-side DSPs directly

SSP recipients receive only the reduced outbound auction payload. They do not receive raw prompts from wavebird.

• Prompt text: ephemeral (erased <1 second after classification)
• Request logs: 90 days
• Settlement records: 10 years (legal requirement)
• Consent records: 13 months per TCF spec

• TLS 1.3 for all transport
• HTTPS enforcement for SSP endpoints
• Ephemeral prompt vault with immediate erasure
• HMAC-signed beacon proofs
• Merkle-tree log integrity
• Firewall pre-egress sanitization

Residual risk is low. The main privacy risk in GenAI advertising is prompt disclosure into downstream ad systems. wavebird’s design prevents that disclosure by default and keeps prompt-adjacent handling server-side, transient, and firewall-bound.

This DPIA is reviewed annually or when material system changes occur, including changes to prompt handling, outbound SSP fields, or new subprocessors that affect the privacy posture.