Data Retention & Storage

1. General Retention Principles

Wigiwork retains personal and company data only for as long as necessary to:

  • operate user accounts and platform services;
  • prevent misuse, fraud, or unauthorized activity;
  • comply with legal, financial, or regulatory obligations;
  • support audit, tax, and reporting requirements;
  • resolve disputes or enforce these Terms.

Retention periods are minimal and follow global best practices and applicable data protection laws, including GDPR, UK GDPR, and other relevant regulations.

2. Account Deletion (Right to Erasure)

Candidates and employers may delete their accounts at any time.

When an account is deleted:

  • all personal data is permanently deleted or irreversibly anonymized within 30 days, subject to legal, regulatory, fraud-prevention, and compliance obligations;
  • employer and recruiter access to the candidate is revoked immediately;
  • identity, messaging history, and access permissions are removed;
  • associated content protected by Wigi-DNA™ loses visibility and access from other users.

Raw data received from LinkedIn via the Verified API is permanently deleted immediately after the member reviews and selects what to retain on their Wigiwork profile. Data the member chooses to save becomes user-submitted Wigiwork profile content and is no longer subject to LinkedIn data retention rules. LinkedIn-sourced data is deleted immediately upon member or LinkedIn request.

Deleted accounts cannot be restored and all associated access and identity links are permanently removed.

Deletion timelines are subject to technical processing constraints, backup cycles, and system integrity requirements.

3. Data Retained After Deletion (Legal Minimum Only)

Wigiwork may retain limited information after account deletion when required for:

  • fraud prevention (e.g., preventing repeated identity abuse);
  • legal obligations (e.g., financial or payment records via Stripe);
  • regulatory compliance;
  • audit logs or security incident tracking;
  • dispute resolution.

This information is restricted, minimized, and used only for safety and compliance.

No identifiable candidate content is retained beyond what is legally necessary, and any retained data is minimized and restricted to compliance, security, or fraud-prevention purposes.

4. Backup & Log Data

Data stored in encrypted backups or system logs may persist for a legal retention window required for:

  • system integrity
  • disaster recovery
  • fraud prevention
  • security auditing
  • regulatory documentation

Backups and log data are:

  • not used for active processing
  • not accessible to employers or candidates, and deleted or anonymized upon reaching the end of their lawful retention period, in accordance with applicable data protection laws.

5. Employer Data Removal

When a candidate deletes their account or revokes access:

  • all employer access ends immediately;
  • employers must delete any locally stored information obtained in violation of these Terms;
  • employers remain responsible for destruction of any improperly retained candidate data.

Employers may not retain, reuse, or store candidate information after access expires, except where required by law.

Wigiwork is not responsible for any data retained by employers outside the platform in violation of these Terms.

6. Company Data Retention

Company Data (as defined in Section 11 of the Privacy Policy) is retained only as long as necessary to:

  • maintain active employer accounts;
  • comply with financial reporting requirements;
  • satisfy audit, tax, or contractual responsibilities;
  • prevent fraud and unauthorized recruiter behavior.

Employers may request deletion of Company Data, subject to legal, financial, regulatory, and fraud-prevention retention requirements.

7. Identity Reset vs. Deletion

Identity Reset is not account deletion.

  • Identity Reset replaces the anonymous identity and clears all associated access, visibility, and message history.
  • Account deletion permanently removes the entire account and its data.
  • Deleted accounts cannot be recovered.

Both actions are subject to NDA-Safe™ and confidentiality requirements and do not override legal, regulatory, or compliance-related data retention obligations.

8. Data Storage Locations

Data is stored and processed in the European Union, specifically Amazon Web Services (AWS) data centers in France (Paris) and Germany (Frankfurt).

We may use sub-processors in other jurisdictions strictly for limited support functions (for example, payment processing). Where that involves a transfer outside the EU/EEA, it is protected by the safeguards described below.

All user data is stored in the EU and processed in accordance with the GDPR. Data of UK-based users is handled in accordance with the UK GDPR, and data of US-based users in accordance with applicable federal and state laws, including California privacy laws where applicable; in each case the data itself is stored in our EU (France and Germany) data centers.

9. Ongoing Legal & Compliance Requirements

Wigiwork may retain certain information where required by law or for compliance purposes, including:

  • tax and financial transactions;
  • fraud-prevention signals (non-identifiable);
  • legal disputes or investigations;
  • mandatory reporting and audit records.

Retention is limited to the minimal period mandated by applicable regulations, including GDPR, UK GDPR, and applicable U.S. state privacy laws.

10. User Rights

Users may request deletion, access, correction, restriction, objection, or portability of data at any time by contacting:

legal@wigiwork.com

Requests will be handled in accordance with global privacy law requirements, including GDPR, UK GDPR, and applicable U.S. state privacy laws (such as California), and Wigiwork will respond within the timeframes required by applicable law (for example, within 30 days under the GDPR, extendable by a further two months for complex requests).

11. LinkedIn Verified API Data

Where Wigiwork receives data via LinkedIn's Verified API:

  • Raw LinkedIn-sourced profile data is processed once at import and permanently deleted immediately after member selection;
  • No LinkedIn data is retained beyond the member's active import session;
  • Automated deletion is triggered on account closure or withdrawal of consent;
  • LinkedIn data is never sold, leased, rented, or combined with external data sources.

Where any raw LinkedIn data is not deleted at the point of member selection, it is retained no longer than 24 hours (profile data) or 48 hours (activity data), with automated deletion thereafter.

Wigiwork does not sell personal data and uses collected information solely to operate, secure, and improve the platform in accordance with applicable laws.