Security & Privacy
Wingman is built with security at its foundation. Your data is protected by industry-standard encryption, strict access controls, and privacy-first design principles.
Data Handling
Transparency about what we collect and what we don't.
Data Collection
- Device attributes (browser, OS, screen resolution, WebGL signature)
- Behavioral signals (anonymized interaction patterns)
- Network metadata (IP, geolocation, ASN)
- Session context (timing, navigation path)
What We Do NOT Collect
- Raw biometric data (fingerprints, face scans)
- Passwords or authentication credentials
- Personal financial information (card numbers, bank details)
- Content of user communications
Encryption
All data is encrypted at every stage of its lifecycle using industry-standard protocols.
In Transit
TLS 1.3 for all API communication and data transfer
At Rest
AES-256 encryption for all stored data with managed key rotation
Data Retention
You control how long your data is retained.
Configurable Retention
Set custom retention periods per data type with automatic purging
Right to Deletion
Support for GDPR/CCPA deletion requests with verification audit
Access Control & Audit
Role-Based Access
Granular permissions with least-privilege defaults and team management
Audit Logging
Immutable logs for every configuration change, policy update, and data access
Incident Response
Documented response procedures with defined SLAs and stakeholder notification timelines
Compliance Roadmap
SOC 2 Type II
PlannedIndependent audit of security controls and data handling
GDPR Aligned
ActiveData minimization, right to deletion, consent management
CCPA Aligned
ActiveConsumer data rights and transparency requirements
PCI DSS
RoadmapPayment card industry data security standards