Security & Responsible Disclosure
Last updated:Wigiwork is built as a privacy-first, secure-by-design platform designed to help protect user data, candidate anonymity, identity-sensitive workflows, and the integrity of our hiring ecosystem. This page explains our security posture, how to report vulnerabilities, and how we handle good-faith security research.
This notice forms part of the Wigiwork Terms of Service, Acceptable Use Policy, Privacy Policy, and other Supplemental Policies.
1. Security Commitment
Wigiwork maintains administrative, technical, and organizational measures designed to protect account information, candidate and employer data, anonymous profile systems, billing and transaction data, Wigi Highlight and Wigi-DNA™ protected outputs, AI models and embeddings under Wigi IQ Labs™, and platform infrastructure.
Our program may include, as appropriate: encryption in transit and at rest, access controls and multi-layer authentication, monitoring for suspicious activity, abuse prevention and anomaly detection, secure development lifecycle processes, internal reviews and testing, vendor and cloud-provider evaluations, and safeguards for third-party verification integrations (such as encrypted token handling, CSRF protections, server-side session storage, and timeout/error handling).
We do not publicly disclose implementation-specific details — exact configurations, thresholds, or provider checklist logic — where disclosure could increase security risk. Wigiwork applies reasonable, risk-based measures, but no system can guarantee absolute security or prevent all unauthorized access in every circumstance.
1.1 Anonymity & AI System Integrity
Wigiwork applies safeguards designed to reduce unauthorized identity exposure, re-identification risk, and misuse of anonymous-facing features, including Wigi Highlights, Discovery Search, Wigi Chat, and Wigi-DNA™. These may include access controls, misuse detection, output review, rate limits, and restrictions on scraping or cross-referencing.
These safeguards reduce risk — they do not eliminate it. No anonymization, AI filtering, or verification system can guarantee perfect anonymity or accuracy in every case. Additional terms are described in our Anonymous Profile Protections, AI Notice, and Acceptable Use Policy.
2. Reporting Security Vulnerabilities
If you discover a potential vulnerability, privacy issue, or security concern, report it to security@wigiwork.com with a clear description, reproduction steps, supporting evidence, and your contact information. We will acknowledge receipt and investigate promptly, though we may not always be able to share full remediation details.
3. Authorized Scope
Unless Wigiwork gives written permission, authorized research is limited to Wigiwork-owned public web applications, APIs, and accounts you own or have explicit permission to test. Third-party systems, LinkedIn, cloud providers, payment processors, vendor infrastructure, and other users' accounts or data are out of scope.
Researchers must not attempt to access, view, copy, or export personal data, candidate identity data, employer confidential information, Wigi-DNA™ markers, AI embeddings, model data, logs, secrets, tokens, or credentials.
4. Safe Harbor for Good-Faith Research
If you conduct research in good faith, stay within the authorized scope above, avoid harm to users or systems, avoid accessing personal or confidential data, and report findings promptly and privately, Wigiwork will not initiate legal action against you based solely on your compliant research.
This authorization does not apply to data exfiltration, privacy violations, credential attacks, social engineering, extortion, malware, service disruption, or activity outside this notice's scope. Wigiwork may restrict, suspend, or investigate activity where reasonably necessary to protect users, platform stability, or legal compliance.
If you accidentally access personal or confidential data, stop testing immediately, avoid copying or storing it, include only minimum evidence in your report, and notify us promptly.
Safe harbor does not prevent Wigiwork from complying with legal process, responding to lawful requests from regulators or law enforcement, or notifying affected parties or authorities where required by applicable law.
5. What You Must NOT Do
- Accessing or attempting to access personal data, or deanonymizing candidates
- Running scanners that degrade performance, or attempting large-scale scraping
- Sending spam, phishing, or social-engineering staff or users
- Attempting to crack passwords, MFA tokens, or credentials
- Introducing malware, bots, exploits, or harmful code
- Attempting prompt injection, model extraction, or AI-output manipulation to reveal candidate identities or confidential data
- Publicly disclosing vulnerabilities before Wigiwork resolves them
- Violating applicable law
6. Guidelines for Responsible Research
- Avoid accessing, modifying, or deleting data
- Limit testing to non-destructive methods
- Keep findings confidential until remediation is confirmed
- Only test accounts you own
- Contact us before conducting extensive tests
Wigiwork may restrict or halt testing activity at its discretion to protect platform stability or user safety.
7. How Wigiwork Responds
We aim to acknowledge receipt within a reasonable timeframe, investigate and prioritize remediation, and keep you informed subject to confidentiality and security constraints. We may not always be able to share detailed timelines, particularly where doing so could affect security or compliance.
8. No Compensation Policy
Wigiwork does not currently operate a formal bug bounty program. Reporting is voluntary. We may, at our discretion, recognize significant contributions, but no payment, reward, or contractual obligation is created unless separately agreed in writing.
9. Your Responsibility as a User
You agree to maintain strong security practices, protect your credentials and access tokens, use integrations responsibly, and notify us of suspected compromise. Users must not share LinkedIn or Wigiwork credentials, tokens, or API keys with any unauthorized third party; where contractors need access, it must be provisioned through approved organization controls, not credential sharing.
Users are responsible for their own conduct and activity outside Wigiwork's reasonable control. Nothing in this notice limits Wigiwork's obligations under applicable data protection law.
10. Changes to This Notice
We may update this page to reflect regulatory developments, security improvements, or clarified responsibilities. Updates are effective when posted; continued use constitutes acceptance.
11. Contact
- Vulnerability reports: security@wigiwork.com
- Privacy concerns: privacy@wigiwork.com
- Legal matters: legal@wigiwork.com
- Urgent abuse issues: abuse@wigiwork.com
Wigiwork provides a secure platform environment. Users are solely responsible for their own behavior and for actions outside the platform, including misuse of their data, credentials, or system access, without limiting Wigiwork's own obligations as a data controller under applicable law.