Security

Hiring teams trust WIGOH with sensitive information: who is applying, what candidates share, and the records that follow a new hire into their first day. We treat that responsibility as central to the product, not an afterthought. This page describes how we protect data across the WIGOH platform and the conversations our AI assistant, Joy, holds on our customers’ behalf.

Our security program

Security is built into how we design, build, and operate WIGOH. We maintain written policies covering access, change management, vendor review, and incident response, and we review them regularly. New features go through security review before release, and our engineering practices include code review, dependency monitoring, and ongoing testing of the platform.

Encryption

We encrypt data in transit and at rest. Connections to WIGOH use modern TLS, and stored data is protected with strong, industry-standard encryption. Secrets and keys are managed through dedicated key-management infrastructure and are never stored in application code.

Access controls

Access to systems and data follows the principle of least privilege.

• Employee access is limited to what each role requires and is reviewed on a recurring basis.
• Administrative access is protected by multi-factor authentication.
• Within the product, role-based permissions let customers control who on their team can see candidates and conversations.
• Activity across our systems is logged and monitored so we can detect and investigate unusual behavior.

Infrastructure and resilience

WIGOH runs on established cloud infrastructure providers that maintain robust physical and network security. We isolate environments, patch systems on an ongoing basis, and maintain backups so we can recover from disruption. We monitor availability and capacity to keep the Service running for the hiring teams that depend on it around the clock.

Compliance posture

We design WIGOH to support our customers’ compliance obligations, including privacy regulations and employment workflows such as I-9 and WOTC. We align our controls with recognized industry frameworks, contract carefully with the vendors who support the Service, and work with customers on the data-protection terms their programs require. Customers evaluating WIGOH can request current details about our compliance posture through the contact form below.

Protecting candidate data

Candidate conversations are handled on behalf of the employer running each hiring process. We do not sell candidate data, and we do not repurpose the content of candidate conversations for advertising. Data is retained only as long as it is needed to provide the Service and meet legal obligations, then deleted or de-identified. The same encryption and access controls described above apply to every candidate interaction Joy handles.

Responsible disclosure

We welcome reports from security researchers who help us keep WIGOH safe. If you believe you have found a vulnerability, please report it to us through our contact form with enough detail for us to reproduce it. Please give us a reasonable opportunity to investigate and remediate before any public disclosure, and avoid accessing or modifying data that is not yours while testing. We will acknowledge valid reports and keep you informed as we resolve them, and we appreciate disclosures made in good faith.