Xero vs Wave (2026): Architecture, APIs, and Scaling
A CTO-level comparison of Xero vs Wave covering architecture, API rate limits, pricing, security certifications, and migration paths in 2026.
Planning a migration?
Get a free 30-min call with our engineers. We'll review your setup and map out a custom migration plan — no obligation.
Schedule a free call- 1,500+ migrations completed
- Zero downtime guaranteed
- Transparent, fixed pricing
- Project success responsibility
- Post-migration support included
Wave gets you started for free. Xero gets you through scale. That's the one-sentence version — but the architectural differences, API constraints, and data portability gaps between these two platforms are significant enough to warrant a thorough technical breakdown, especially if you're approaching the transaction volumes or integration complexity where Wave's limitations start to bite.
This guide covers the real technical differences between Xero and Wave in 2026: data models, API rate limits, the new Xero developer pricing that took effect in March, multi-currency handling, security posture, export constraints, and a direct migration path from one to the other.
Xero vs Wave at a Glance
Xero is a cloud accounting platform used by over 4.6 million subscribers across 180+ countries. It's API-first, built on strict double-entry structure with multi-currency support, dimensional tracking, and an ecosystem of 1,000+ integrations. US plans run $25, $55, and $90/month (Early, Growing, Established). (xero.com)
Wave is a freemium accounting tool owned by H&R Block, built for freelancers, sole proprietors, and micro-businesses in the US and Canada. Its free Starter plan covers basic invoicing and expense tracking. The Pro plan ($19/month US) unlocks bank reconciliation, advanced reports, and priority support. (waveapps.com)
One-line verdict:
- Choose Xero if you need multi-currency, API-driven automation, 1,000+ app integrations, granular permissions, or any form of operational complexity.
- Choose Wave if you're a solo operator or micro-business with simple finances, no integration requirements, and a primary goal of minimizing monthly software spend.
Core Architecture and Data Models
Xero's Architecture
Xero uses a strict double-entry accounting engine with a well-defined Chart of Accounts, tracking categories (up to four total, two active at a time), and native multi-currency support across 160+ currencies on the Established plan. Every transaction posts as a journal entry under the hood. The data model is relational: invoices reference contacts, line items reference accounts, and payments reference both invoices and bank accounts. (central.xero.com)
Xero is opinionated about structure — you can't create arbitrary account hierarchies, and tracking categories are limited to two active dimensions. This constrains flexibility but enforces clean data. For teams migrating from ERPs with dimensional accounting, the two-category limit is the first architectural wall you'll hit. See our Business Central to Xero Migration guide for a deep dive on that compression problem.
All plans include unlimited users with granular role-based permissions (Invoice Only, Standard, Advisor, and custom roles). Every change is logged in an immutable audit trail (History & Notes). (central.xero.com)
Wave's Architecture
Wave also implements double-entry accounting, but with a significantly simpler data model. The Chart of Accounts is pre-populated with standard categories and supports basic customization. There are no tracking categories or dimensional reporting — if you need to slice revenue by department, location, or project, Wave doesn't support it.
A single Wave account can manage up to 15 business profiles, but the business currency is fixed at creation and cannot be changed afterward. Wave supports foreign-currency invoices and bills, but lacks automated exchange rate updates and consolidated multi-currency reporting. For businesses with international operations, this is a hard constraint. (support.waveapps.com)
User management is basic. Wave offers fixed roles: Admin, Editor, Payroll Manager, and Viewer. Collaborator permissions cannot be customized. There's no API for user or collaborator management — it's UI-only. (support.waveapps.com)
Architecture Comparison
| Capability | Xero | Wave |
|---|---|---|
| Accounting method | Double-entry, enforced | Double-entry, simplified |
| Chart of Accounts | Fully customizable | Pre-populated, basic edits |
| Tracking categories | 2 active dimensions (4 total) | None |
| Multi-currency | 160+ currencies, auto rates | Manual rates, fixed business currency |
| Users | Unlimited, all plans, granular RBAC | Fixed roles (Admin, Editor, Payroll Manager, Viewer) |
| Audit trail | Full immutable history log | Basic |
| Inventory tracking | Native + marketplace apps | None |
| Project tracking | Yes (Established plan) | None |
| Availability | 180+ countries | US and Canada only |
API Capabilities, Webhooks, and Rate Limits
This is where the gap between Xero and Wave becomes structural.
Xero's API
Xero exposes a comprehensive REST API across six surfaces: Accounting, Payroll (AU, NZ, UK), Assets, Files, Projects, and Finance. Authentication uses OAuth 2.0 with PKCE.
Rate limits are well-documented and strictly enforced: (developer.xero.com)
- 60 calls per minute per organization per app
- 5,000 calls per day per organization per app (1,000 on the developer Starter tier)
- 5 concurrent requests per organization per app
- 10,000 calls per minute app-wide across all tenants
- Max payload: 3.5 MB per POST (Accounting/Payroll); 10 MB for Files API
Exceeding any limit returns HTTP 429 with a Retry-After header. Xero explicitly recommends pagination, If-Modified-Since for delta syncs, and batching writes to around 50 items per request to stay below the payload ceiling.
Xero supports webhooks for real-time event notifications on contacts and invoices, reducing the need for constant polling. Rapid Sync — lifted rate limits for the first 30 minutes after a new organization connects — is valuable during onboarding and initial data loads.
Xero provides official SDKs for Python, Node, Java, .NET, Ruby, and PHP, plus a sandbox environment for development.
2026 Developer Pricing Changes As of March 2, 2026, Xero introduced a five-tier developer pricing model based on connected organizations and monthly data egress volume. The free Starter tier is capped at 5 connections and 1,000 daily API calls per org. Paid tiers start at Core and include 10 GB of monthly egress. Overages are charged at $2.40 AUD per additional GB. The Journals endpoint, Xero Practice Manager API, and Bulk Connections require the Advanced tier with separate approval. This is a significant cost shift for any SaaS product or custom integration that syncs Xero data at volume. (developer.xero.com)
Wave's API
Wave exposes a GraphQL API at gql.waveapps.com/graphql/public, authenticated via OAuth 2.0 Bearer tokens. The API surface covers core accounting objects: businesses, invoices, customers, accounts, and transactions. (developer.waveapps.com)
Key constraints:
- Rate limits are not formally published in Wave's official developer documentation. No rate-limit headers or retry-after signals are documented. An open-source Wave integration recommends a practical ceiling of two simultaneous API requests, but treat this as community guidance rather than a vendor SLA.
- No official SDKs. You're building against the GraphQL schema directly.
- GraphQL schema changes can occur without versioned URL changes, creating a real risk of silent breaking changes in production integrations.
- No user or collaborator management endpoints — adding or removing team members requires manual action in the Wave UI.
On webhooks: Wave's webhook documentation was updated on May 20, 2026. The current supported events are invoice lifecycle events: approved, overdue, viewed, paid, partially paid, overpaid, and sent. Receiving these events requires a Pro business and the appropriate OAuth scopes. This is a meaningful improvement over Wave's previous state, but the webhook surface is still narrow — limited to invoices only, with no documented events for transactions, contacts, or other accounting objects. (developer.waveapps.com)
Older comparison articles that say Wave has no webhooks are now out of date. The current event surface is invoice-centric, not a broad accounting event model — but it does exist.
API Comparison
| Constraint | Xero | Wave |
|---|---|---|
| API style | REST + webhooks | GraphQL |
| Daily call limit | 5,000/org (1,000 on Starter dev tier) | Not published |
| Minute call limit | 60/org | Not published |
| Concurrent requests | 5/org | ~2 (community guidance, not SLA) |
| Webhooks (accounting) | Contacts + invoices | Invoices only (Pro required, as of May 2026) |
| Webhooks (payments) | Yes | Limited |
| Batch writes | ~50 items per request | Single mutations |
| SDKs | Official (Python, Node, Java, .NET, Ruby, PHP) | None |
| API cost | Free access; egress-based developer pricing since March 2026 | Free |
Bottom line: If your architecture depends on API-driven automation — syncing invoices to a CRM, pushing transactions to a data warehouse, or building customer-facing accounting integrations — Xero's API is a different class of product. Wave's GraphQL API works for lightweight read/write operations, but its undocumented rate limits and narrow webhook surface make it unsuitable for real-time sync workflows at meaningful scale.
Data Portability and Export Limitations
Exporting from Wave
Wave supports data export via Settings > Data Export, which generates a ZIP file containing CSV/XLS files for transactions, invoices, customers, vendors, bills, and receipts. Reports can also be exported individually as CSV or PDF. (support.waveapps.com)
Wave doesn't charge for exports and there's no hard limit on export frequency. But:
- Exports are all-or-nothing — you can't export a filtered subset of transactions via this method. You'd need to export a date-filtered report instead.
- The GraphQL API provides an alternative extraction path, but undocumented rate limits make high-volume historical extraction slow and unpredictable.
- CSV exports lose relational links between invoices, payments, and customers — you get flat files, not a connected data model.
Exporting from Xero
Xero offers more granular export options: CSV/PDF exports per report, plus the full API surface for programmatic extraction. The If-Modified-Since header supports efficient delta syncs. Some exports are batched — invoices and bills export in CSV with a maximum of 500 transactions per export.
The caveat since March 2026: heavy API-based extraction now incurs egress charges under the new developer pricing. Cancelled Xero subscriptions enter a one-month notice period, after which organization data is archived rather than immediately deleted. (central.xero.com)
Portability Verdict
Neither platform locks you in at the data layer — both let you get your data out. But Wave's export is coarser, and its API extraction path is hampered by undocumented throttling. If you're planning a migration, expect to invest engineering time (or use a migration partner) to reshape Wave's flat export into Xero's structured Chart of Accounts and tracking categories.
For a step-by-step approach to mapping financial data between platforms, see our Chart of Accounts Migration Plan.
Pricing and Total Cost of Ownership
Wave Pricing (2026, US)
| Plan | Monthly Cost | Includes |
|---|---|---|
| Starter | $0 | Basic invoicing, expense tracking, receipt scanning. No bank reconciliation. |
| Pro | $19/mo ($190/yr) | Bank reconciliation, unlimited receipt capture, advanced reports, priority support |
| Payroll (add-on) | $40/mo + $6/employee | US & Canada only |
| Payment processing | 2.9% + $0.60/txn | Credit card processing |
Wave's Starter plan is no longer the fully-free product it was before 2023. Bank reconciliation — the feature that makes accounting software actually useful — is now gated behind the Pro plan. (waveapps.com)
Xero Pricing (2026, US)
| Plan | Monthly Cost | Key Limits |
|---|---|---|
| Early | $25/mo | 20 invoices, 5 bills/month. App-partner-initiated transactions may count toward limits. |
| Growing | $55/mo | Unlimited invoices/bills, bulk reconciliation |
| Established | $90/mo | Multi-currency, projects, expense claims, analytics |
Add-ons include payroll via Gusto (~$45–60/mo + $5–6/employee in the US) and Inventory Plus ($39/mo). All plans include unlimited users — a meaningful differentiator versus QuickBooks Online, which charges per seat. (xero.com)
TCO at Different Scales
| Scenario | Wave TCO/year | Xero TCO/year |
|---|---|---|
| Solo freelancer, <20 invoices/mo, no reconciliation | $0 | $300 (Early) |
| Solo freelancer with reconciliation | $228 (Pro) | $300 (Early) |
| Small team (5 users), moderate volume | $228 (Pro) | $660 (Growing) |
| Growing business, multi-currency, projects | $228 + manual workarounds | $1,080 (Established) |
| Any scenario needing integrations | $228 + middleware costs | $660–$1,080 + app subscriptions |
Wave wins on raw subscription cost at every tier. But the comparison breaks down once you factor in what Wave doesn't do: no tracking categories, no inventory, no project costing, no native multi-currency automation, and a minimal integration ecosystem. The workaround cost — manual spreadsheets, middleware, external tools — often exceeds the subscription delta.
Performance and Scalability
Xero is designed for SMB-scale transaction volumes. It handles typical small business workloads well, but Xero's own developer documentation acknowledges it is "not suitable for all types of business, particularly those with very high transaction volumes." (developer.xero.com)
The practical ceiling is around 1,000 invoices/purchases per month before performance degrades on reports and bank reconciliation screens. Xero's developer guidance also recommends keeping chart-of-accounts imports under 1,000 rows (ideally around 699 accounts) to avoid slowness. If you routinely exceed 10,000 monthly transactions, you'll need to batch or summarize before pushing to Xero.
Wave's ceiling arrives sooner. Users report bank feed sync issues, transaction duplication bugs, and auto-categorization glitches as account complexity grows. Automatic bank imports generally land every 24 hours and can take up to 7 days depending on the bank — adequate for a tiny business, but a non-starter for near-real-time RevOps or BI sync. (support.waveapps.com)
There's no published uptime SLA for Wave, and free-tier support is limited to email with no guaranteed response time.
Reliability comparison:
- Xero: Published status page, SOC 2-audited availability controls, incident response process, 99.9% uptime commitment. (xero.com)
- Wave: No public SLA or availability commitment.
Security, Compliance, and Data Sovereignty
This is one of the widest gaps between the two platforms.
Xero
- ISO/IEC 27001:2022 certified (audited annually)
- SOC 2 Type II reports available (Security, Availability, Confidentiality trust principles)
- PCI DSS v4.0 compliant (Level 2 merchant, outsources card processing to Level 1 providers)
- 256-bit TLS encryption in transit, AES-256 encryption at rest
- Multi-factor authentication (MFA) on all plans
- Granular role-based access control with custom permission sets
- Full audit trail of every transaction and change
- Vulnerability Disclosure Program (VDP) with external security researchers
- Data may be processed in Australia, New Zealand, and the United States based on team and hosting locations
(xero.com)
Wave
- 256-bit TLS encryption for data in transit
- PCI Level-1 certified for payment processing
- Data stored on secure servers with physical and electronic protection
- MFA available (support.waveapps.com)
- No published SOC 2 or ISO 27001 certifications
- No public audit trail documentation
- Fixed roles only (Admin/Editor/Payroll Manager/Viewer on Pro)
- Data may be exported outside Ontario and Canada and processed by US-based providers
If your organization operates in a regulated industry (financial services, legal, healthcare) or needs to demonstrate compliance to clients, auditors, or partners, Xero's ISO 27001 and SOC 2 certifications are likely a hard requirement that Wave cannot meet.
Integrations and Ecosystem
Xero's App Marketplace hosts over 1,000 apps across 30+ categories, including payroll, payments, e-commerce, CRM, inventory, time tracking, and reporting. Native integrations exist for Shopify, Stripe, HubSpot, Gusto, Dext, A2X, and hundreds more. The open API means custom integrations are well-supported, though the March 2026 egress pricing change has added cost considerations for integration builders. (xero.com)
Wave's integration ecosystem is comparatively sparse — approximately 22 listed integrations according to API trackers. The most commonly cited are PayPal, Shoeboxed, and Slack. Wave works with Make for automation workflows, and Wave Connect (a Google Sheets add-on) provides a workaround for bulk data import/export, but neither substitutes for a native API integration ecosystem. (support.waveapps.com)
For automation, Xero connects natively with Zapier, Make, and other iPaaS platforms with deep trigger/action coverage. Wave has limited iPaaS support and fewer available triggers.
If you expect accounting to sit inside a larger system landscape — synced with your CRM, e-commerce platform, payroll provider, and data warehouse — Xero is the only realistic choice between the two.
Migration Path: Moving from Wave to Xero
If you've outgrown Wave, here's the practical migration path.
1. Export Your Wave Data
Go to Settings > Data Export in Wave. Download the full ZIP containing your transactions, chart of accounts, customers, vendors, invoices, and receipts as CSV files. (support.waveapps.com)
The GraphQL API is an alternative extraction path for programmatic access — but budget extra time for pagination handling and undocumented rate limit management.
2. Map Wave Categories to Xero's Chart of Accounts
Wave's pre-populated account categories don't map 1:1 to Xero's Chart of Accounts. You'll need to:
- Review Wave's exported
accounts.csvagainst Xero's default CoA - Decide which Wave categories consolidate, split, or rename
- Set up tracking categories in Xero for any dimensional data you previously managed outside Wave (e.g., in spreadsheets)
This is the step that determines the accuracy of everything downstream. For a detailed mapping methodology, see our Chart of Accounts Migration Plan.
3. Import Master Data into Xero
Import contacts (customers, vendors) first, then products/services. Xero supports CSV import for contacts and can batch-create invoices via API (up to ~50 per request). Xero's imports are object-specific rather than full-ledger-at-once, which is why history-heavy migrations turn into engineering work.
4. Handle Historical Transactions
This is the hard part. Options:
- Opening balances only: Import historical balances as opening journal entries in Xero. Fast, but you lose transaction-level detail.
- CSV import: Import individual transactions, but you'll need to reformat Wave's export to match Xero's expected structure. Invoices and bills export with a maximum of 500 per CSV batch.
- API-driven migration: Use Xero's API to create historical invoices, bills, and payments programmatically. The 5,000 daily call limit means a multi-year history migration could take days of batched API calls.
5. Reconnect Bank Feeds and Reconcile
Disconnect bank feeds in Wave after confirming the migration is complete. Connect the same accounts in Xero. Watch for duplicate transactions in the overlap window.
Don't underestimate the reconciliation verification step. After migration, run a trial balance in both systems for the same period and compare. Mismatches in opening balances are the most common post-migration error in accounting platform moves. For a broader checklist of what can go wrong, see 7 Costly Mistakes to Avoid When Migrating Financial Data.
Strengths and Weaknesses
Xero's Strengths
- Deep integration ecosystem — 1,000+ apps, mature API, webhook support, official SDKs
- Unlimited users on every plan — no per-seat pricing
- Multi-currency and global readiness — 160+ currencies, operations in 180+ countries
- Enterprise-grade security — ISO 27001, SOC 2 Type II, PCI DSS, 99.9% uptime
- Active developer platform — sandbox environment, documented rate limits, Rapid Sync for onboarding
Xero's Weaknesses
- New API egress pricing — the March 2026 change significantly increases costs for integration-heavy architectures
- Tracking categories limited to two active — insufficient for businesses needing rich multi-dimensional reporting
- Not designed for high transaction volumes — performance degrades above ~1,000 invoices/month
- Multi-currency, projects, and expenses gated to Established ($90/mo) in the US
- US payroll is an add-on — requires Gusto or similar, adding $45–60+/month
Wave's Strengths
- Free core accounting — genuine $0 entry point for basic bookkeeping
- Simple, approachable UI — non-accountants get productive quickly
- Built-in payment processing — accept credit cards directly on invoices
- H&R Block backing — tax integration pathway for US sole proprietors
- Honest export tooling — full data export to CSV/XLS at any time
Wave's Weaknesses
- Bank reconciliation paywalled — the most fundamental accounting feature requires Pro ($19/mo)
- Minimal API surface — undocumented rate limits, narrow webhook coverage, schema instability risk
- No tracking categories or dimensional reporting — no way to slice data by department, location, or project
- No inventory or project management — missing table-stakes features for product or service businesses
- No SOC 2 or ISO 27001 certifications — likely disqualifying for regulated industries
- US and Canada only — not available for businesses outside these markets
Use-Case Recommendations
Solo freelancer, sub-$100K revenue, simple invoicing: Wave Starter (free) or Wave Pro ($19/mo). Xero is overkill here.
Growing small business, 5–15 employees, moderate invoicing: Xero Growing ($55/mo). The unlimited users, bank reconciliation, and integration ecosystem justify the cost.
Multi-currency business or international operations: Xero Established ($90/mo). Wave's manual currency handling and fixed business currency are a non-starter.
E-commerce business needing Shopify/Amazon sync: Xero. The marketplace has native e-commerce integrations (A2X, Shopify sync). Wave has no equivalent.
Budget-conscious startup with zero integration needs: Wave Pro ($19/mo). But plan your exit: if you'll need integrations within 12–18 months, start on Xero to avoid a migration later.
Regulated industry (financial services, legal, healthcare): Xero. The ISO 27001 and SOC 2 certifications are likely contractual requirements.
Technical team building API-driven automations: Xero. The REST API, documented rate limits, official SDKs, and webhook support put it in a different class. Wave's undocumented throttling and narrow webhook surface will cost your engineers weeks in workarounds.
Enterprise / very high transaction volumes: Neither. Look toward NetSuite, Sage Intacct, or Dynamics 365 Business Central. Xero is the closer fit of the two, but it is not an ERP.
The Verdict
Choose Wave if you're a solo operator or micro-business in the US or Canada with simple finances, no integration requirements, and a primary goal of minimizing monthly software spend. Wave does what it does — basic bookkeeping and invoicing — well enough for that use case.
Choose Xero if you have any of the following: more than one currency, more than a handful of integrations, a team that needs granular permissions, compliance requirements, or plans to grow beyond micro-business scale within the next 12–24 months.
The honest framing: Wave is a bookkeeping tool. Xero is an accounting platform. They solve different problems at different scales. The mistake isn't choosing Wave when you're small — it's staying on Wave after you've outgrown it, because the migration gets harder and more expensive the longer you wait.
For a CTO skimming this page: Wave's undocumented rate limits and narrow webhook surface make it a weak foundation for automated workflows. Xero provides the API surface area, double-entry rigor, and developer tooling required to scale — provided you architect your integrations to respect its 5,000 daily call limit and factor the new egress pricing into your TCO.
If you're at the point where Wave's limitations are creating manual workarounds, spreadsheet dependencies, or integration gaps, the cost of switching to Xero is almost always less than the ongoing operational drag of staying. And if the migration itself is what's holding you back — mapping Wave's flat categories to Xero's CoA, handling historical transaction imports within API rate limits, ensuring your trial balance ties out post-migration — that's exactly the kind of problem we solve.
FAQ
Is Wave really free in 2026?
Partially. Wave's Starter plan is $0/month but excludes bank reconciliation, advanced reporting, and priority support. Those features require Wave Pro at $19/month (US). Payment processing (2.9% + $0.60 per transaction) and payroll ($40/month + $6/employee) are always paid add-ons regardless of plan. (waveapps.com)
Does Wave have webhooks now?
Yes, as of a May 20, 2026 documentation update. Wave supports webhook events for invoice lifecycle: approved, overdue, viewed, paid, partially paid, overpaid, and sent. Receiving events requires a Pro business and appropriate OAuth scopes. There are no documented webhook events for transactions, contacts, or other accounting objects. (developer.waveapps.com)
What are Xero's API rate limits in 2026?
60 calls per minute per organization, 5,000 calls per day per organization (1,000 on the developer Starter tier), 5 concurrent requests per organization, and 10,000 calls per minute app-wide across all tenants. Exceeding any limit returns HTTP 429 with a Retry-After header. Since March 2, 2026, Xero also charges for data egress above included tier allowances at $2.40 AUD per GB. (developer.xero.com)
Can I migrate from Wave to Xero without losing data?
Yes, but it requires careful mapping. Wave's data export (CSV/XLS) gives you transactions, contacts, invoices, and chart of accounts. The challenge is restructuring Wave's flat categories into Xero's Chart of Accounts and tracking categories, then handling historical transaction imports within Xero's 5,000 daily API call limit. Run a trial balance comparison in both systems after migration to verify accuracy.
Which is more secure — Xero or Wave?
Xero holds ISO 27001:2022 certification, produces SOC 2 Type II reports, and maintains PCI DSS compliance with a published 99.9% uptime commitment. Wave uses 256-bit TLS encryption and is PCI Level-1 certified for payment processing, but has no published SOC 2 or ISO 27001 certifications. For regulated industries or formal vendor reviews, Xero's security posture is materially stronger. (xero.com)
Frequently Asked Questions
- Is Wave accounting still free in 2026?
- Partially. Wave's Starter plan costs $0/month but excludes bank reconciliation and advanced reporting. Those features require Wave Pro at $19/month (US). Payment processing and payroll are always paid add-ons.
- Does Wave have webhooks now?
- Yes. Wave's webhook docs were updated on May 20, 2026. The current supported events are invoice lifecycle events (approved, overdue, viewed, paid, partially paid, overpaid, sent). Receiving events requires a Pro business and appropriate OAuth scopes. There are no documented webhook events for transactions, contacts, or other accounting objects.
- What are Xero's API rate limits in 2026?
- 60 calls per minute per organization, 5,000 calls per day per organization (1,000 on the developer Starter tier), 5 concurrent requests per organization, and 10,000 calls per minute app-wide. Exceeding any limit returns HTTP 429 with a Retry-After header. Since March 2, 2026, Xero also charges for data egress at $2.40 AUD per GB above included tier allowances.
- Can I migrate from Wave to Xero without losing data?
- Yes, but it requires careful Chart of Accounts mapping. Wave exports data as CSV/XLS files. The challenge is restructuring Wave's flat categories into Xero's dimensional model and handling historical transaction imports within Xero's 5,000 daily API call limit.
- Which is more secure — Xero or Wave?
- Xero holds ISO 27001:2022 certification and produces SOC 2 Type II reports, plus PCI DSS compliance and a 99.9% uptime commitment. Wave has 256-bit TLS encryption and PCI Level-1 certification for payments but no published SOC 2 or ISO 27001 certifications.
