Privacy Policy
Effective Date:Wigiwork Inc. ("Wigiwork," "we," "our," or "us") provides a privacy-first, anonymous platform for job seekers and verified employers. This Privacy Policy explains how we collect, use, store, transfer, and protect personal and company information.
Wigiwork is designed to minimize identity exposure. Personal information is shared with employers only when a candidate explicitly approves access.
By using Wigiwork, you acknowledge that we process personal information as described in this Privacy Policy. Your use of Wigiwork is also governed by our Terms of Service and related policies.
For more information about how anonymous-facing profiles, Wigi Highlights, WigiPics, Discovery Search, residual re-identification risk, and visibility levels work, see our Anonymous Profile Protections.
1. Information We Collect
1.1 Information You Provide
We collect information you provide directly, including but not limited to:
- contact information (mobile number, used as your primary account identifier for all account types, and email address, used as a secondary contact and recovery method)
- profile details (skills, work experience, education, salary preferences, location preferences)
- content you upload, including documents, certificates, achievements, portfolios, work samples, or other materials
- files, images, and documents (protected with Wigi-DNA™)
- messages exchanged within Wigiwork
- employer or company details, recruiter authorization, and verification documents
- identity or authorization documents when required for compliance, verification, or safety
Registration — whether as a candidate, employer, recruiter, or agency representative — requires a valid, verified mobile number, which must remain accurate and current. You choose what optional content to provide beyond this. Verification data is used strictly for safety, fraud-prevention, and compliance purposes. Wigiwork minimizes collection of personal data and prioritizes non-identifiable and structured professional information wherever possible.
1.1.1 WigiPic™ Photo-to-Avatar Generation
You can choose a WigiPic™ avatar from Wigiwork's pre-created archive, or generate a custom WigiPic based on your own photo. If you upload a photo, it is processed for the purpose of generating your WigiPic and deleted from active production systems after generation, subject to limited temporary retention in backups, security logs, vendor systems, or legal/compliance records where applicable. Wigiwork does not use uploaded photos for advertising, public display, biometric identification, or unrelated purposes. Wigiwork does not store, retain, analyze, or reuse uploaded photos for any other purpose.
A photo-based WigiPic reflects the general format of your uploaded image but remains a stylized, symbolic illustration — it is not intended to resemble your real appearance, and may be less anonymous than an archive-selected avatar. This choice is entirely optional and up to you.
In either case, WigiPics do not infer or represent: gender, ethnicity or race, age, attractiveness, disability status, identity, or any other personal or protected characteristic.
Wigiwork does not create biometric identifiers and does not use avatar imagery to infer personal traits or demographic categories.
1.2 Information Collected Automatically
We automatically collect limited technical information, including:
- IP address
- device and browser information
- login timestamps
- approximate location (city/country)
- cookies and similar technologies
- platform activity signals (for safety and performance)
This information supports platform functionality, security, and fraud prevention.
1.3 Information from Third Parties
We may receive information from trusted and regulated third-party partners, including:
- identity verification services
- company verification and authorization partners
- payment processors
- security and fraud-prevention providers
- communication infrastructure services
- regulatory and compliance screening tools
Trusted Third-Party Verification Providers
Only the minimum information required is shared for verification, and all verification providers operate under strict contractual confidentiality obligations.
Verification signals may be obtained from LinkedIn via the "Verified on LinkedIn" API, only with the member's explicit consent, and are used solely as a trust and authenticity signal — never to make hiring, screening, or eligibility decisions. LinkedIn does not sponsor or endorse Wigiwork and does not confirm the veracity of any profile; a verification indicates only that the member completed LinkedIn's own verification
LinkedIn-sourced verification data is never sold, aggregated, or redistributed beyond the member's approved access, is refreshed only while the member is actively using Wigiwork, and is deleted or anonymized on request or account closure.
1.4 Third-Party Login (Google, Microsoft, Apple)
When you choose "Continue with Google," "Continue with Microsoft," or "Continue with Apple," we receive limited information from that provider solely to create and secure your account, which may include your name, email address (or a private relay address, where Apple's Hide My Email is used), and a provider-issued account identifier. We use this information only for authentication, account security, and fraud prevention, and we do not receive your password.
Your use of these sign-in services is also governed by each provider's own privacy policy:
- Google: Privacy Policy - Privacy & Terms - Google
- Microsoft: Microsoft Privacy Statement - Microsoft privacy
- Apple: Apple Legal - Legal - Privacy Policy - Apple
You may disconnect a third-party login at any time through your account settings or the provider's account controls, subject to maintaining an alternative sign-in method.
2. How We Use Information
2.1 Platform Operation
We use information to:
- create and manage accounts
- support anonymous profiles
- facilitate communication
- enable discovery and shortlisting
- verify identity and hiring authority
- maintain platform safety and reliability
2.2 Safety, Security & Fraud Prevention
Information is used to:
- detect suspicious or abusive behavior
- prevent identity misuse
- enforce geographic and access restrictions
- protect candidate anonymity
- maintain NDA-Safe™ confidentiality
Wigiwork does not disclose internal detection methods or safety logic.
2.3 Communications
We may send communications related to your use of the platform, including:
- verification codes
- account and access alerts
- critical security notices
- system and service updates
- optional job alerts and notifications
- private, platform-mediated messages sent through Wigiwork's messaging system
Messages between users are delivered only within the Wigiwork platform. When a user initiates contact, messages are sent via Wigiwork's systems and do not disclose personal contact details unless explicitly approved by the recipient.
Certain communications are essential for platform operation, security, and compliance and cannot be disabled.
2.3.1 SMS & Text Messaging
If you verify your mobile number or opt in to SMS, Wigiwork may send transactional text messages related to your account, including verification codes, security alerts, recruiter access requests, candidate messages, and account notifications.
Verification codes and security alerts are essential and cannot be disabled, as they are required to protect your account. Recruiter access requests, candidate messages, and account notifications can be managed or disabled at any time in your dashboard settings, or by replying STOP. Reply HELP for assistance.
Message frequency varies; message and data rates may apply.
Wigiwork does not sell or share your mobile number with third parties for their marketing purposes, and shares it only with communication providers acting on our behalf under confidentiality obligations.
2.3.2 Email Notifications
Email notifications for essential account activity cannot be disabled individually and will continue to be sent to your verified email address, consistent with its role as your account's secondary contact and recovery method.
Notification preferences for other email categories can be updated anytime in your dashboard notification settings. To stop all account communications, you may close your Wigiwork account, or submit a data deletion request in accordance with applicable privacy law.
2.4 Legal Compliance
We process information to comply with applicable data protection and privacy laws, including:
- GDPR and UK GDPR
- CCPA / CPRA
- PIPEDA (Canada)
- Singapore Personal Data Protection Act (PDPA)
- Australian Privacy Act 1988 and Australian Privacy Principles (APPs)
- India Digital Personal Data Protection Act (DPDPA) 2023
- UAE Federal Personal Data Protection Law (PDPL)
- DIFC and ADGM Data Protection Laws
We also process data to meet regulatory obligations, respond to lawful requests, and prevent fraud or unauthorized activity.
3. Anonymous Profile Processing
Wigiwork operates an anonymous-by-default profile model:
- identity is hidden unless a candidate explicitly approves access
- employers view anonymous profiles during discovery
- Wigiwork-controlled direct identity fields, such as name, contact details, real photo, and identity verification documents, are not used for ranking, matching, or recommendations
- Wigi IQ Labs™ processes professional information only
- identity data is strictly separated from professional signals
Employers may see a Wigi Highlight — an AI-generated, identity-protected profile summary designed to exclude Wigiwork-controlled direct identity and contact fields. Wigi Highlights are generated automatically from profile information and may be incomplete, inaccurate, or may unintentionally include or combine details that affect identifiability, especially where users enter identifying information into visible fields.
Users should review their profile and Wigi Highlight preview before making profile information visible. For more detail, see Anonymous Profile Protections.
This design protects confidentiality and reduces bias. Wigiwork is designed to separate identity data from professional data wherever possible. Data processing is structured to reduce exposure and limit the use of identifiable information.
Wigiwork AI outputs, including Wigi Highlights, Discovery results, recommendations, summaries, and Wigi Chat responses, may be incomplete, inaccurate, outdated, or misleading. Unless expressly marked as verified by Wigiwork, AI outputs are not verified factual statements about a person's identity, employment, affiliation, qualifications, availability, hiring status, company relationship, or suitability for any role.
4. Legal Bases for Processing (GDPR)
Where applicable, personal data is processed under:
- Contract - to provide Wigiwork services
- Legitimate Interest - platform operation, safety, and fraud prevention
- Consent - cookies, optional features, and public discoverability
- Legal Obligation - compliance and audit requirements
Consent may be withdrawn at any time where applicable.
5. How We Share Information
5.1 Service Providers (Categories Only)
We use service providers for:
- hosting and infrastructure
- data storage and backups
- identity and company verification
- communication services (email, SMS, OTP)
- security and compliance screening
- analytics and performance
- payment processing (Stripe)
- customer support and contract services
Vendor names are not publicly listed to protect platform security. Service providers are contractually restricted from using data for their own purposes and may only process data on behalf of Wigiwork in accordance with strict confidentiality, security, and data protection obligations.
5.2 Verification Providers
Limited data is shared solely to confirm identity or company legitimacy.
5.3 Employers (Only With Candidate Approval)
Employers receive identity information only after a candidate explicitly approves an Access Request. Before approval, employers see anonymous profiles only.
5.4 Legal & Regulatory Obligations
Information may be disclosed when required by law, regulation, legal process, or governmental request, including for fraud prevention, compliance, enforcement, or protection of rights.
5.5 Internal Use of Data
Wigiwork may use data internally to:
- improve platform functionality and user experience
- develop and refine AI systems and matching technology
- analyze trends, performance, and usage patterns
- detect fraud, abuse, or system manipulation
- maintain platform integrity and security
Wigiwork does not permit service providers or AI model providers to use Wigiwork personal data, candidate data, employer data, messages, or confidential platform content to train their own models or for their independent purposes unless expressly disclosed and legally permitted.
All such use is conducted on a limited, controlled, and, wherever technically feasible, non-identifiable or pseudonymized basis. Where identifiable data is used to develop or refine AI systems, it is processed under a valid legal basis and subject to the safeguards described in this Policy.
5.6 LinkedIn
Wigiwork does not sell, lease, rent, or share LinkedIn-sourced data with third parties. LinkedIn data is never combined with external data sources. LinkedIn does not sign a partner data processing agreement; Wigiwork acts as the sole data controller for LinkedIn-sourced data.
6. International Data Transfers
Wigiwork stores user data in the European Union, including AWS data centers in France and Germany. Limited access or processing from other regions may occur for support, engineering, security, fraud prevention, payment processing, or compliance purposes, subject to appropriate safeguards such as Standard Contractual Clauses, the UK IDTA or UK Addendum, Swiss transfer safeguards, transfer impact assessments, and supplementary measures where required.
7. Data Retention
7.1 Account Deletion (Right to Erasure)
Users may request account deletion at any time. When deletion is requested:
- the account enters a 30-day deletion period
- Wigiwork-controlled employer and recruiter access ends immediately
- identity access and associated permissions are removed
- logging back in during the 30-day period may reactivate the account
After 30 days, the account is permanently deleted or irreversibly anonymized and cannot be restored, subject to legal, regulatory, fraud-prevention, tax, payment, audit, dispute-resolution, backup, and compliance obligations.
7.2 Limited Retention
Minimal information may be retained only where required for fraud prevention, legal compliance, tax or payment records, and audit obligations.
7.3 Backup & Log Data
Encrypted backups and logs follow lawful retention schedules and are not used for active processing.
7.4 LinkedIn Verified API Data
Raw data received via LinkedIn's Verified API is processed for the import or verification session and deleted from active production systems after member selection or completion of the import session, subject to limited temporary retention in backups, security logs, vendor systems, or legal/compliance records where applicable. Where raw LinkedIn data is not deleted at the point of member selection, it is retained no longer than 24 hours for profile data or 48 hours for activity data, with automated deletion thereafter. Data the member chooses to save becomes user-submitted Wigiwork profile content. LinkedIn-sourced data is deleted or anonymized promptly upon verified member request, LinkedIn request, account closure, or withdrawal of consent, subject to applicable law and technical retention limitations. Automated deletion is triggered on account closure or withdrawal of consent.
8. Cookies & Tracking
Cookies are used for security, authentication, performance, analytics, and user preferences. See the Cookie Policy for details.
9. Your Privacy Rights
Depending on jurisdiction, you may request:
- access
- correction
- deletion
- restriction or objection
- data portability
- opt-out of sale or sharing (CCPA/CPRA)
- withdrawal of consent
Requests may be submitted to privacy@wigiwork.com. Wigiwork will respond within the timeframes required by applicable law (for example, generally within one month under the GDPR/UK GDPR, extendable by a further two months where permitted for complex or numerous requests).
10. "Do Not Sell or Share My Personal Information" (CCPA/CPRA)
Wigiwork does not sell or share personal data with third parties for cross-context behavioral advertising, and does not use personal data for advertising, marketing, or unrelated commercial purposes.
Wigiwork may use aggregated, anonymized, or non-identifiable data to operate, improve, analyze, and develop the platform, provided such data cannot be used to identify any individual.
Eligible users may opt out via privacy controls, cookie settings, or privacy@wigiwork.com.
Wigiwork may process data for internal business purposes, including product development, analytics, system optimization, fraud prevention, and platform performance. Such use does not involve the disclosure of identifiable personal data to external parties for independent commercial use.
11. Business & Company Data
11.1 Company Data We Process
We process employer-provided data ("Company Data"), including:
- job postings and hiring requirements
- company profiles and recruiter contact details
- internal notes and workflow metadata
- business verification documents
- hiring activity logs
- subscription and billing information (via Stripe)
Recruiters and agencies must disclose the employer client they represent for each posting or search.
11.2 Ownership of Company Data
Employers retain ownership of Company Data. Wigiwork retains ownership of all platform technology, anonymization systems, Wigi IQ Labs™, Wigi-DNA™, WigiPic™, aggregated non-identifiable data, and all Wigiwork intellectual property.
11.3 Confidentiality & Access Controls
Company Data is accessed only for verification, compliance, fraud prevention, and operational support. Internal access is logged and restricted.
11.4 Business Transactions
In the event of a merger, acquisition, restructuring, or asset transfer, Company Data may be transferred. Any successor must uphold equal or stronger privacy protections.
11.5 Retention of Company Data
Company Data is retained only as necessary for active accounts, legal obligations, fraud prevention, and audit requirements.
11.6 Prohibited Use
Wigiwork does not use Company Data for advertising, resale, dataset mixing, employer exposure, or external commercial exploitation. Employers may not redistribute, reuse, or externally store candidate data beyond approved access.
12. Security
Wigiwork applies appropriate technical and organizational security measures to protect personal and company data. Specific security mechanisms are not disclosed to protect system integrity.
Wigiwork applies strict internal access controls, monitoring, and audit processes to ensure that data is accessed only where necessary for legitimate operational, security, and compliance purposes. In the event of a data breach affecting personal data, Wigiwork will notify affected users and relevant regulators as required by applicable law, including within 72 hours under the GDPR where feasible.
12.1 Anonymity & Platform Limitations
Wigiwork is designed as an anonymity-first platform and implements safeguards to protect user identity. However, no digital system can guarantee absolute anonymity or security. Residual risks may arise from factors beyond our reasonable control, including user behavior, third-party services, network conditions, regulatory requirements, or evolving technical threats.
Wigiwork does not intentionally identify, reveal, or deanonymize users outside of explicit user-approved access or lawful obligations. Users remain responsible for the information they choose to share and the actions they take while using the platform.
13. Children's Privacy
Wigiwork is not intended for individuals under 18. We do not knowingly collect data from minors.
14. Changes to This Privacy Policy
This Policy may be updated to reflect legal, security, operational, or feature changes. Updates will include a revised Effective Date.
15. Contact Information
For privacy questions or rights requests:
Wigiwork Inc. PBC
2261 Market St, San Francisco, CA 94114-1612, USA,
EU Representative (GDPR Art. 27): Prighter EU Rep GmbH, Schellinggasse 3/10, 1010 Vienna, Austria.
AI Act Authorized Representative: Where required under the EU AI Act, Wigiwork will designate or maintain an authorized representative in accordance with applicable AI Act requirements.
Wigiwork's use of data is designed to support platform functionality, security, fraud prevention, and continuous improvement, while maintaining user privacy, anonymity, and compliance with applicable laws.
Wigiwork applies controls designed to reduce unnecessary identity exposure and support the anonymity-first design of the platform, subject to user-approved access, legal obligations, platform limitations, and residual risks described in this Privacy Policy and the Anonymous Profile Protections.