Communications Privacy

WIGGWIGG is a zero-knowledge platform. We wish we could check less of your communications, but telecommunications laws require certain safety checks. Here's exactly what we must do--and how we minimize data collection.

Not Our Choice

Legal Requirements for Phone Services

Canadian (CRTC) and US (FCC) telecommunications laws require all phone service providers to check for safety issues. This isn't optional--carriers will block services that don't comply.

Prevent Illegal Content

CSAM Detection

Everyone

Federal law requires phone service providers to have systems in place to detect and report child sexual abuse material when found.

Fraud Prevention

Everyone

Detect and block SMS phishing attempts and scams.

Spam & Abuse Prevention

SMS Spam Filtering

Personal (P2P)

Identify bulk messaging and commercial spam patterns.

SHAFT Content Rules

Business (A2P) - Future

SHAFT (Sex, Hate, Alcohol, Firearms, Tobacco) keyword filtering required by carriers for business messaging. Will apply when we launch business features.

What We Must Keep

Metadata Retention

Everyone

Call/SMS timestamps and phone numbers--required for billing disputes and legal requests.

Emergency Services

911 calls only

Location data for 911 calls only.

Personal (P2P)

Person-to-Person

Light filtering for personal messages only

Business (A2P) - Future

Application-to-Person

Stricter rules for business/automated messages only. NOT your personal texts

Important Legal Context

These are not WIGGWIGG policies. They are legal requirements for operating phone services in North America. We do the minimum required by law.

Privacy-First

How We Minimize Data Collection

We check only what's legally required and store nothing beyond what we must keep.

Server-Side Encrypted Storage

SMS Messages

Messages transmitted through standard phone networks (visible to carriers like all SMS), then stored with AES-256-GCM server-side encryption on Canadian servers. We can decrypt for legal compliance and customer support. This is not zero-knowledge encryption.

MMS Images

Images screened for illegal content (CSAM detection, malware scanning) before storage. Files encrypted with AES-256-GCM server-side encryption. We can decrypt when legally required or for customer support.

Voicemail Audio

Recorded on Telnyx servers (US), then retrieved, encrypted with AES-256-GCM, and stored on Canadian servers. Original recordings deleted from Telnyx after retrieval. We can decrypt for legal compliance and support.

Automated Systems Only

No Human Review

Your communications aren't seen by WIGGWIGG staff.

No AI Training

We don't use your data to train machine learning models.

No Marketing Analysis

Zero profiling, targeting, or behavioral tracking.

What We Don't Do With Your Communications

No Live Call Recording

We never record your live phone conversations. Voicemail is only saved when you explicitly choose to enable it, and you control when recordings are deleted.

No Contact List Access

We don't access your device contacts or build relationship graphs. Who you communicate with stays private.

No Location Tracking

Your location is only shared during 911 emergency calls as required by law. We don't track where you are otherwise.

No Behavioral Profiling

No marketing analytics, ad targeting, or behavioral tracking. We don't profile your communication patterns or sell your data.

No Third-Party Sharing

Your communications content is never shared with advertisers, data brokers, or analytics companies. We only share what's legally required (court orders, emergency services).

Our Commitment

What Remains Zero-Knowledge

Everything else about your WIGGWIGG account uses zero-knowledge encryption.

Identity Information

Names, birthdates, addresses, notes--all encrypted client-side.

Saved Passwords

Your password vault is encrypted with keys only you control.

Personal Details

Organizational data, tags, highlights--encrypted before upload.

Account Settings

Preferences and configurations encrypted server-side. We can access these for support purposes.

Privacy Commitment

Your identity data uses zero-knowledge encryption. We cannot access it. Communications content is scanned only as required by law using automated systems, then encrypted and stored on Canadian servers (not zero-knowledge. We can decrypt for legal compliance). We minimize data collection to the legal minimum.

Learn more about how we protect your data at rest: Application Security

Common Questions About Communications Privacy

Why do carriers need my call metadata?

Carriers (like Bell, Rogers, AT&T) must have call detail records to bill you accurately and route calls correctly. This is required by telecommunications regulations in both Canada (CRTC) and USA (FCC). Think of it like your internet provider needing to know which websites you visited to route traffic--they can't deliver calls without knowing from/to numbers. This is true for every phone service, not unique to WIGGWIGG.

Can I avoid carrier data collection?

No. Call detail records are inherent to how telephony works (SS7/SIP protocols). Even end-to-end encrypted messaging apps like Signal must use carrier infrastructure to send data, meaning carriers see connection metadata. The best you can do is choose services (like WIGGWIGG) that minimize what the application layer stores, but carrier routing is unavoidable for phone calls and SMS.

Why can't you make phone services fully zero-knowledge?

Telecommunications laws in Canada (CRTC) and USA (FCC) require real-time content checks for safety and fraud prevention. Unlike our identity vault (which is fully zero-knowledge encrypted), phone/SMS services must comply with carrier regulations that mandate spam filtering and CSAM detection. We'd love to offer fully encrypted calling/SMS, but current regulations don't allow it for commercial phone services. For truly private messaging, use Signal or WhatsApp with your WIGGWIGG phone number.

Do CASL and SHAFT rules apply to my personal texts?

No. CASL and SHAFT are A2P (Application-to-Person) rules for businesses sending automated/marketing messages. If you're using WIGGWIGG for personal calls and texts (P2P), these don't apply to you. We only check for basic spam patterns and illegal content on personal messages. When we launch business features, those identities will be subject to A2P rules including CASL opt-in requirements and SHAFT content restrictions.

Do you read my messages?

No. Scanning is automated and real-time. No human ever sees your communications unless you report abuse or request support. Our systems check for spam patterns and illegal content using algorithms, not people. Imagine it like airport security scanners: automated systems check bags, but TSA agents don't manually inspect every item unless the scanner flags something.

Does Telnyx see my message content?

Telnyx is our telecommunications infrastructure provider. As a carrier, they process calls and messages for routing and delivery. Content moderation (spam and safety checks) happens on our servers before delivery.

What happens if I delete my identity?

When you delete an identity from WIGGWIGG, we immediately remove all associated data (contacts, settings, metadata). However, data already sent to carriers (call detail records) remains with them per their retention policies (6-24 months). This is similar to deleting your email account--past emails already delivered can't be 'un-sent' from recipients' servers.

Why 90 days retention? Why not less?

90 days balances privacy with practical needs: billing disputes typically surface within 60 days, and carriers require us to retain delivery confirmations for troubleshooting. We chose 90 days (vs industry standard 6-12 months) as the minimum viable window. If you need immediate deletion, you can delete your identity which purges data early.

Can law enforcement access my communications?

With a valid warrant, law enforcement can request metadata from us (90 days), carriers (6-24 months), and Telnyx. We do NOT store call audio. SMS/MMS message content is stored encrypted with your personal key. We cannot read it, but encrypted data could be provided under legal compulsion (you'd need to provide the decryption key). However, if carriers or providers stored content, it may be accessible through them. We comply with lawful requests but fight overly broad warrants.

What about emergency services (911)?

Emergency calls (911 in USA, 911/988 in Canada) bypass all content moderation and privacy features to ensure immediate connection. Location data is shared with emergency services as required by law. This is a safety feature--lives come first. Emergency call metadata (location, timestamp, duration) may be retained longer than standard 90-day retention as required by telecommunications regulations for public safety purposes.

Ready for Secure Communications?

Get started with WIGGWIGG and keep your personal life separate with enterprise-grade security.