Data Protection Notice

Effective Date:

Applies Globally

This Data Protection Notice ("Notice") describes how Wigiwork Inc. ("Wigiwork," "we," "our," or "us") processes personal data, employer/agency data, verification information, and safety-related data in accordance with global privacy and regulatory requirements.

This Notice supplements the Privacy Policy, Terms of Service, Anonymous Profile Protections, Acceptable Use Policy, NDA & Confidentiality Notice, and AI & Automated Decision Notice.

Wigiwork is an anonymous-by-default, NDA-Safe™, privacy-first professional platform. We protect identity, confidentiality, and platform integrity using security, fraud-prevention, and compliance measures described below.

While Wigiwork applies strong safeguards to protect identity and confidentiality, no system can guarantee absolute anonymity or prevent all misuse in all circumstances.

1. Purpose of Data Protection

Wigiwork processes personal and company information in order to:

  • operate an anonymous professional network
  • verify identity, hiring authority, and business legitimacy
  • protect candidate anonymity and confidentiality
  • prevent fraud, identity abuse, and unauthorized access
  • comply with international laws and sanctions
  • maintain a secure environment for candidates and employers

We apply reasonable, risk-based technical, administrative, and organizational safeguards across all data processing activities.

2. Identity Verification & User Authentication

2.1 Candidate Verification

To protect anonymous identities and prevent misuse, Wigiwork may require:

  • email verification
  • mobile number verification
  • identity documents, where legally required or necessary for safety, compliance, or fraud-prevention purposes

Verification documents are used only for verification, safety, compliance, and fraud-prevention purposes. Verification documents are deleted or irreversibly anonymized shortly after verification is completed, unless retention is required for legal, regulatory, fraud-prevention, audit, payment, or compliance obligations. Wigiwork does not use identity documents for ranking, recommendations, matching, or visibility decisions.

2.2 Employer & Recruiter Verification

Employers and recruiters may be required to provide:

  • business registration documents
  • proof of hiring authority
  • recruiter authorization documents
  • agency/employer agreements
  • compliance documentation

Verification ensures legitimate recruitment activity and prevents unauthorized access to candidate information. Wigiwork applies verification processes to employers, recruiters, and organizations to confirm legitimacy and hiring authority.

However, Wigiwork does not guarantee that all users or organizations are fully verified at all times, and identity, affiliation, or representation may be misrepresented despite reasonable safeguards. Users acknowledge that interactions with employers, recruiters, or third parties are undertaken at their own discretion and risk. Wigiwork is not responsible for any loss, damage, or misrepresentation arising from interactions with employers or recruiters who provide inaccurate, misleading, or fraudulent information.

2.3 Trusted Third-Party Verification Providers

Wigiwork may use trusted third-party verification services to confirm identity, business legitimacy, or recruiter authorization. Only the minimum information required is shared, and providers operate under strict confidentiality agreements.

Verification data is submitted to and processed by these providers under their own terms. Where verification is handled by a third-party verification provider, Wigiwork may receive only the verification outcome or limited verification signals, rather than raw identity documents or biometric data. Where Wigiwork directly receives verification documents, they are used only for verification, safety, compliance, and fraud-prevention purposes and are deleted or irreversibly anonymized shortly after verification, unless retention is required for legal, regulatory, fraud-prevention, audit, payment, or compliance obligations.

For security reasons, Wigiwork does not disclose verification methods, criteria, provider details, or internal fraud-detection logic. Wigiwork may rely on automated systems, third-party services, and internal review processes to assess identity, affiliation, and risk, and such processes may not detect all cases of misrepresentation or fraud.

Where LinkedIn's Verified API is used for identity verification, data received is limited to what the member explicitly authorizes on LinkedIn's consent screen. LinkedIn does not sign a partner data processing agreement; Wigiwork acts as the sole data controller for all LinkedIn-sourced data and accepts full controller responsibility.

3. Recruiter-Client Disclosure (Mandatory)

To maintain trust, prevent conflicts of interest, and protect candidate anonymity, recruiters and staffing agencies must:

  • accurately disclose all employer clients they represent
  • identify the specific hiring client for each job posting, search, or hiring action performed on Wigiwork
  • provide documentation or verification upon request

Failure to disclose this information may result in restricted access, suspension, termination, or legal action.

4. Fraud Prevention & Platform Safety

4.1 Purpose-Driven Safety Measures

Wigiwork uses automated and manual processes to:

  • prevent identity misuse and multi-account manipulation
  • detect suspicious or harmful behavior
  • apply geographic, risk-based, and compliance restrictions
  • protect anonymous candidate profiles
  • enforce NDA-Safe™ confidentiality rules

These measures are essential for platform integrity and user protection.

4.2 Non-Disclosure of Detection Methods

To prevent evasion and protect system integrity, Wigiwork does not disclose: fraud detection methods; risk signals or behavioral indicators; model logic or assessment criteria; geographic or identity-evaluation techniques.

Attempting to reverse-engineer, probe, bypass, or interfere with these systems is strictly prohibited.

4.3 Legal Basis (GDPR)

Fraud-prevention and safety processing is performed under:

  • GDPR Art. 6(1)(f) — legitimate interest
  • UK GDPR equivalent
  • and other applicable global laws

5. Geographic & Regulatory Compliance

5.1 Geographic Restrictions

Wigiwork may block or restrict access from regions subject to: international sanctions (OFAC, EU, UK, UN); export-control laws; political instability; elevated fraud or safety risk; regional compliance requirements.

These restrictions apply to: users located in prohibited regions; users masking location via VPN/proxy; activity indicating access from a restricted location.

5.2 Region-Based Verification

Certain countries or regions may require additional verification before allowing access to candidate or employer tools. The exact criteria are not disclosed for safety and compliance reasons.

5.3 Platform-Determined Location

Wigiwork may determine, adjust, or verify a user's apparent location based on information necessary for compliance, safety, or fraud prevention. This determination may differ from the location the user provides. Wigiwork may restrict or deny access based on its internal assessment. Wigiwork is not required to disclose detection methods, criteria, signals, or findings used to determine location or compliance status.

6. Data Minimisation & Privacy-By-Design

Wigiwork follows strict data minimisation principles:

  • Anonymous profiles by default
  • Identity shown only with candidate approval
  • Wigiwork-controlled direct identity fields, such as name, contact details, real photo, identity documents, and hidden employer-name fields, are not used for ranking, matching, recommendations, or visibility decisions
  • Only data required for platform operation and safety is collected
  • Optional profile fields remain optional
  • Sensitive data is minimized or avoided wherever possible

Wigiwork is designed to separate identity data from professional and behavioral data wherever possible to reduce exposure and maintain anonymity.

6A. WigiPic Processing

Users may select a WigiPic™ avatar from Wigiwork's pre-created archive, or upload a photo to generate a custom WigiPic. Any uploaded photo is processed for the purpose of generating the WigiPic and deleted from active production systems after generation, subject to limited temporary retention in backups, security logs, vendor systems, or legal/compliance records where applicable. Wigiwork does not use uploaded photos for advertising, public display, biometric identification, facial recognition, or unrelated purposes.

A photo-based WigiPic reflects the general format of the uploaded image but remains a stylized, symbolic illustration and is not intended to resemble the user's actual appearance; it may be less anonymous than an archive-selected avatar, and the choice between the two is entirely optional.

Wigiwork does not: create or store biometric identifiers; perform facial recognition or mapping; infer gender, ethnicity, age, attractiveness, or any protected trait from uploaded photos or generated avatars.

WigiPic data is used only as part of the anonymous identity layer and remains subject to all confidentiality and NDA-Safe™ protections.

7. Data Retention & Deletion

7.1 Retention for Platform Operation

Data is retained only as necessary for platform operation, security, compliance, and fraud prevention, including to: operate accounts; prevent fraud; comply with law; support audit and reporting requirements; maintain platform integrity.

7.2 Account Deletion

Users have the right to request deletion of their personal data (the "right to erasure" or "right to be forgotten"). Users can delete their account at any time directly through their account settings in the dashboard, without needing to contact support.

When deletion is requested: the account enters a 30-day deletion period; Wigiwork-controlled employer access ends immediately; identity access and associated permissions are removed; logging back in during the 30-day period may reactivate the account.

After 30 days, the account is permanently deleted or irreversibly anonymized and cannot be restored, subject to legal, regulatory, fraud-prevention, tax, payment, audit, and compliance obligations. Identity-reset data is not restored after deletion.

7.3 Backup & Logs

Encrypted backups and system logs: follow lawful retention schedules; are not used for active processing; are deleted or anonymized when legally permitted.

7.4 Company Data Retention

Company Data (job posts, business documents, hiring actions) is retained only for: active employer accounts; compliance requirements; fraud prevention; audit and financial reporting.

Employers may request deletion where legally allowed.

7.5 LinkedIn Verified API Data

Raw data received via LinkedIn's Verified API is deleted from active production systems after the member completes the import session, subject to limited temporary retention in backups, security logs, vendor systems, or legal/compliance records where applicable. Data the member selects to retain on their Wigiwork profile becomes user-submitted content. LinkedIn-sourced data is deleted or anonymized promptly upon verified member request, LinkedIn request, account closure, or withdrawal of consent, subject to applicable law and technical retention limitations. LinkedIn-sourced data is never sold, leased, rented, or combined with external data sources.

8. Profile Access & Employer Authorization

When a candidate approves access to their profile, such access is granted to the employer organization associated with the requesting account, and not solely to the individual user initiating the request.

Access may be exercised, assigned, or transferred internally between authorized employees, recruiters, or agents of that organization for legitimate hiring and evaluation purposes. Wigiwork is not required to notify candidates of internal reassignment or changes in the individual representative handling a profile within the same organization.

Wigiwork does not control or monitor how employer organizations manage internal access beyond enforcing platform-level permissions. Candidates acknowledge and agree that granting access permits the employer organization, and its authorized personnel, to view approved information within the platform.

9. Wigi-DNA™

Wigi-DNA™ is an invisible, tamper-resistant digital marker applied to images and documents to: detect unauthorized copying or redistribution; enforce NDA-Safe™ confidentiality; support investigations of misuse.

Wigi-DNA™ does not visibly display personal identity information. It may include or be associated with pseudonymous forensic markers that allow Wigiwork to investigate copying, redistribution, access misuse, or confidentiality violations by linking protected content to relevant account, organization, access, or audit records. Users may not attempt to alter, remove, bypass, or interfere with Wigi-DNA™ protections.

10. Internal Access Controls

Wigiwork restricts access to personal and company data to authorized personnel involved in: verification; fraud prevention; compliance; customer support; operational maintenance.

Internal access is logged, monitored, audited, and controlled under strict confidentiality and security obligations.

11. International Data Transfers

Data is stored and processed in the European Union, specifically Amazon Web Services (AWS) data centers in France (Paris) and Germany (Frankfurt). All user data is stored in the EU and processed in accordance with the GDPR. Data of UK-based users is handled in accordance with the UK GDPR, and data of US-based users in accordance with applicable federal and state laws, including California privacy laws where applicable; in each case the data itself is stored in our EU (France and Germany) data centers.

We may use sub-processors in other jurisdictions strictly for limited support functions (for example, payment processing, engineering, or fraud prevention). Where any such access or processing occurs outside the EU/EEA, it is protected by appropriate safeguards: for transfers from the EEA, Wigiwork relies on the European Commission's Standard Contractual Clauses (SCCs); for transfers from the UK, the UK International Data Transfer Addendum (IDTA) or Addendum to the SCCs; for Switzerland, the Swiss-amended SCCs. Where required, Wigiwork carries out a transfer impact assessment and applies supplementary technical and organisational measures. A copy of the relevant transfer mechanism is available on request.

12. User Rights

Users may access their rights described in: Privacy Policy - Section 9; Your Privacy Rights Notice.

These rights include: access; correction; deletion; portability; restriction; objection; consent withdrawal; opt-out (where applicable).

Requests: privacy@wigiwork.com

Verification may be required and requests may be limited where permitted by law or where necessary for security, fraud prevention, or compliance.

13. Enforcement & Compliance Actions

Wigiwork may restrict, suspend, or terminate access to protect confidentiality, platform integrity, user anonymity, security, and compliance with applicable laws. These actions protect: candidate anonymity; confidentiality; platform integrity; safety; compliance and legal obligations.

Actions may include: organization-wide bans; revocation of employer verification; suspension of accounts; removal of access; preservation of evidence; reporting to authorities where required.

14. Updates to This Notice

This Notice may be updated to reflect: changes in law; platform changes; safety or compliance improvements; operational updates.

Revisions will include a new effective date.

15. Contact Information

For data protection inquiries:

Wigiwork Inc. PBC
Postal: 2261 Market St, San Francisco, CA 94114-1612, USA, Attn: Data Protection
Email: legal@wigiwork.com (general) · privacy@wigiwork.com (data rights)
EU Representative: Prighter EU Rep GmbH, Schellinggasse 3/10, 1010 Vienna, Austria
HQ: San Francisco Bay Area
Operations: Dubai
Engineering: Europe (Ukraine - Czechia)

Wigiwork processes personal data to operate, secure, improve, and protect the platform, and applies controls designed to reduce unnecessary identity exposure and support its anonymity-first design, subject to user-approved access, legal obligations, platform limitations, and residual risks described in this Notice, the Privacy Policy, and the Anonymous Profile Protections.

Related Policies