Privacy Policy

Effective Date: January 1, 2025

1. Who We Are

Wonegig Technologies Inc. (“Wonegig,” “we,” “our,” “us”) is the data controller for information collected through the Wonegig platform, mobile apps, APIs, and related services (“Services”).
Registered office: [Insert business address, Winnipeg, Manitoba, Canada]
Data Protection Officer (DPO): dpo@wonegig.com

2. Scope of This Policy

This Policy covers personal data we process:

Visitors browsing public pages
Freelancers & clients registering, posting, or completing gigs/projects
Partners & vendors integrating with our APIs or payment rails

It does not apply to third-party sites or services that link to or from Wonegig.

3. Information We Collect

Category	Examples	Source	Purpose (see §4)
Account Identifiers	Name, username, email, phone	You	A, B, C
Profile & Verification	Government ID, selfie, address, tax ID, KYC/AML status	You / verification vendors	A, B, D
Payment & Tax	Bank details, payout history, transaction IDs, VAT/GST numbers	You / payment processors	B, C
Usage Data	IP address, device ID, browser type, pages viewed, clicks, session length	Automated	E, F
Content	Messages, files, gig descriptions, reviews, support tickets	You	A, E
Cookies & Similar Tech	Session cookies, analytics tags, advertising pixels	Automated	F, G

Purposes, abbreviated:
A = Service delivery B = Payment & fraud prevention C = Legal / tax compliance
D = Identity, trust & safety E = Customer support & dispute resolution F = Analytics
G = Marketing with consent / opt-out

We do not intentionally collect special-category data (e.g., health, biometric, racial origin) unless required for KYC laws, in which case it is protected under strict access controls.

4. How & Why We Use Your Data

Contractual necessity – create accounts, match freelancers with clients, process escrow, release payouts.
Legitimate interests – detect fraud, secure the platform, improve features, personalize experience.
Legal obligations – comply with anti-money-laundering (AML), tax reporting, and sanctions screening.
Consent – send marketing emails, place non-essential cookies, enable two-way testimonials.
You may withdraw consent anytime without affecting lawful processing pre-withdrawal.

5. Legal Bases (EEA/UK Visitors)

Purpose	Legal Basis
Account creation, payments	Art. 6 (1)(b) — Contract
AML/KYC, tax reports	Art. 6 (1)(c) — Legal obligation
Platform security, analytics	Art. 6 (1)(f) — Legitimate interest
Marketing, optional cookies	Art. 6 (1)(a) — Consent

6. Cookies & Tracking

We use first-party cookies for authentication and security; third-party cookies (e.g., Google Analytics, Meta Pixel) only with opt-in consent where required. Manage preferences anytime under Account » Privacy Settings or via the cookie banner.

7. When We Share Data

We never sell your personal data. We share only with:

Payment processors & banks (Stripe, PayPal, local payout partners)
Identity-verification & fraud-prevention vendors (e.g., SumSub, Sift)
Cloud & infrastructure providers (AWS, Azure, Cloudflare)
Analytics & marketing platforms (with opt-in)
Dispute-resolution panels or legal authorities when required by law

All vendors sign Data Processing Agreements (DPAs) with confidentiality, security, and cross-border-transfer safeguards (see §8).

8. International Transfers

Data may be transferred to countries outside your own. We rely on:

EU Standard Contractual Clauses (SCCs)
UK International Data Transfer Addendum
Adequacy decisions (e.g., Canada, Switzerland)
Binding Corporate Rules where applicable

9. Security Measures

End-to-end TLS 1.3 encryption
AES-256 server-side encryption at rest
Zero-trust network segmentation
24 × 7 intrusion detection & DDoS protection
Annual SOC 2 Type II & ISO 27001 audits
Bug-bounty program and continuous penetration tests

10. Your Rights & Choices

Region	Core Rights
GDPR / UK-GDPR	Access, rectify, erase, restrict, object, data portability
CCPA/CPRA (California)	Know, delete, correct, opt-out of "sale"/"sharing", limit sensitive data, non-discrimination
PIPEDA (Canada)	Access, correct, withdraw consent, lodge complaint with OPC
LGPD (Brazil)	Confirm, access, correct, anonymize, portability, delete, information on sharing

Exercising rights:
• Use Account » Privacy Dashboard or email privacy@wonegig.com.
• Identity verification is required before we fulfill any request.
• We respond within 30 days (GDPR) or 45 days (CCPA) unless an extension is lawfully permitted.
Do Not Track / Global Privacy Control: respected automatically.

11. Data Retention

Active account: until you close it, plus 90 days for dispute handling
Payment & tax records: 7–10 years (statutory)
Logs & analytics: 24 months, then aggregated or deleted
Backup archives: encrypted, rolling 30-day cycle

12. Children's Privacy

Wonegig is not directed at individuals under 18 years. We do not knowingly collect minors' data. If you believe we have inadvertently done so, contact us immediately for deletion.

13. Policy Updates

We may revise this Policy to reflect changes in law or our practices. Material changes will be announced via email or in-platform banner at least 15 days before they take effect. Continued use of the Services after the effective date constitutes acceptance.

14. Contact & Complaints

Email: privacy@wonegig.com
Postal: Privacy Office, Wonegig Technologies Inc., [Insert physical address]
EU/UK Representative: [Insert rep & address if required under Art. 27 GDPR]

If you feel your concerns were not satisfactorily addressed, you have the right to lodge a complaint with your local supervisory authority (e.g., ICO in the UK, CNIL in France, OPC in Canada).

15. California "Shine the Light" Notice

California residents may request a list of all third parties to whom we disclosed personal information for direct marketing in the prior calendar year. Submit requests to privacy@wonegig.com with subject line "Shine the Light."

16. Do Not Sell or Share My Personal Information

Wonegig does not sell personal data as defined by CCPA/CPRA. To opt out of cross-context behavioral advertising, visit Account » Privacy Settings.