Security & Responsible Disclosure

Wigiwork maintains administrative, technical, and organizational measures designed to protect:

• Account information
• Candidate and employer data
• Anonymous profile systems
• Credit, billing, and transaction data
• Wigi Snapshot and Wigi-DNA™ protected outputs
• AI models and embeddings under Wigi IQ Labs
• Platform and infrastructure integrity

Our security framework is aligned with modern industry practices and includes:

• Strong encryption (data in transit & at rest)
• Access controls and multi-layer authentication
• Monitoring for unusual, high-risk, or suspicious activity
• Abuse prevention, fraud scoring, and anomaly detection
• Secure development lifecycle (SDLC) processes
• Regular internal reviews and testing
• Vendor and cloud-provider security evaluations

We do not publish sensitive implementation details, as doing so may increase security risk.

While Wigiwork applies strong security measures, no system can guarantee absolute security or prevent all unauthorized access in all circumstances.

We welcome responsible security research and good-faith reports.

If you discover a potential vulnerability, privacy issue, or security concern, please report it to: [email protected]

Include:

• A clear description of the issue
• Steps to reproduce (if possible)
• Any supporting evidence (screenshots, logs, PoCs)
• Your contact information for follow-up

We will acknowledge receipt and investigate promptly.

Wigiwork is not obligated to respond to, resolve, or disclose the outcome of all reports.

We want researchers to feel safe when reporting issues.

If you adhere to the guidelines in this notice:

• We will not pursue legal action
• We will not terminate your access
• We will not refer the matter to law enforcement
• We consider your actions authorized for the purpose of research

This safe harbor applies only if:

• You act in good faith
• You do not exploit or misuse the vulnerability
• You avoid accessing personal data
• You don't harm performance, availability, or reliability
• You report the issue promptly and privately

If in doubt, contact us first at [email protected].

Safe harbor protections apply only to actions that comply strictly with these guidelines and may be revoked where misuse, risk, or legal violations are identified.

The following actions are strictly prohibited, even for researchers:

• Accessing or attempting to access personal data
• Attempting to reveal or deanonymize candidate identities
• Running automated scanners that degrade performance
• Sending spam, phishing messages, or social-engineering staff/users
• Attempting to crack passwords, MFA tokens, or access credentials
• Attempting large-scale scraping or data harvesting
• Introducing malware, bots, exploits, or harmful code
• Interrupting service availability or quality
• Publicly disclosing vulnerabilities before Wigiwork resolves them
• Violating any applicable law or regulation

These align with our Acceptable Use Policy and Prohibited Conduct sections of the TOS.

Any attempt to bypass platform safeguards, anonymity protections, or system controls may result in immediate suspension, termination, or legal action.

If you are testing or investigating a potential issue, you must:

• Avoid accessing, modifying, or deleting data
• Avoid viewing candidate identity or employer confidential information
• Limit testing to non-destructive methods
• Keep findings confidential until we confirm remediation
• Not attempt to access accounts that are not your own
• Not use automated tools in ways that may cause load issues

For legal protection, always contact us before conducting extensive tests.

Wigiwork may restrict or halt testing activity at its discretion to protect platform stability, security, or user safety.

When you submit a report responsibly, we aim to:

• Acknowledge receipt within a reasonable timeframe
• Investigate, validate, and prioritize remediation
• Keep you informed (subject to confidentiality and security constraints)
• Request additional details when needed
• Fix confirmed issues as quickly as feasible

In cases of critical vulnerabilities, we may apply emergency mitigations, block certain actions, or temporarily restrict access.

Wigiwork retains full discretion over response timelines, remediation actions, and communication and may limit disclosure where necessary to protect security or compliance obligations.

Wigiwork currently does not operate a formal bug bounty or compensation program.

We may, at our discretion, recognize significant contributions, but:

• No monetary reward is guaranteed
• No contractual obligation exists
• Safe harbor protections still apply
• Reporting remains voluntary and appreciated

If a paid bounty program is introduced in the future, this page will be updated.

Wigiwork reserves the right to modify or withdraw any discretionary recognition at any time.

You agree to:

• Maintain strong security practices for your organization
• Protect login credentials, devices, and access tokens
• Use permitted integrations responsibly
• Notify Wigiwork of suspected compromise
• Comply with all security-related restrictions in the AUP and TOS
• Ensure your Authorized Users understand these obligations

Security is shared. We protect the platform; you protect your access.

Wigiwork is not responsible for security failures resulting from user behavior, third-party systems, or external environments outside the platform.

We may update this page to reflect:

• Regulatory developments
• Security improvements
• New testing guidelines
• Updated communication channels
• Clarifications of responsibilities

Updates are effective when posted and continued use of the platform constitutes acceptance of the updated notice.

For vulnerability reports: [email protected]

For privacy or data protection concerns: [email protected]

For general legal matters: [email protected]

For urgent platform or abuse issues: [email protected]

Wigiwork provides a secure platform environment but does not control or guarantee user behavior or actions outside the platform, including misuse of data, credentials, or system access.