Communications Privacy

WIGGWIGG is a zero-knowledge platform. We wish we could check less of your communications, but telecommunications regulations require certain safety checks. Here's exactly what we must do--and how we minimize data collection.

Not Our Choice

Regulatory Requirements for Phone Services

Canadian (CRTC) and US (FCC) telecommunications regulations require all phone service providers to check for safety issues. This isn't optional--carriers will block services that don't comply.

Prevent Illegal Content

CSAM Detection

Everyone

Federal law requires phone service providers to have systems in place to detect and report child sexual abuse material when found.

Fraud Prevention

Everyone

Detect and block SMS phishing attempts and scams.

Spam & Abuse Prevention

SMS Spam Filtering

Personal (P2P)

Identify bulk messaging and commercial spam patterns.

SHAFT Content Rules

Business (A2P) - Future

SHAFT (Sex, Hate, Alcohol, Firearms, Tobacco) keyword filtering required by carriers for business messaging. Will apply when we launch business features.

What We Must Keep

Metadata Retention

Everyone

Call/SMS timestamps and phone numbers--required for billing disputes and legal requests.

Emergency Services (911)

911 calls only

Free built-in E911 on every <span class="brand-name">WIGGWIGG</span> number. Your encrypted address is registered with Telnyx and shared with 911 dispatchers during emergency calls only. <a href="/en/features/e911/">See how E911 works on <span class="brand-name">WIGGWIGG</span></a>.

Personal (P2P)

Person-to-Person

Light filtering for personal messages only

Business (A2P) - Future

Application-to-Person

Stricter rules for business/automated messages only. NOT your personal texts

Important Legal Context

These are not WIGGWIGG policies. They are regulatory requirements for operating phone services in North America. We do the minimum required by regulators.

Privacy-First

How We Minimize Data Collection

We check only what's legally required and store nothing beyond what we must keep.

Zero-Knowledge Storage at Rest

SMS Messages

Messages transmitted through standard phone networks (visible to carriers like all SMS, unavoidable for any phone service that interoperates with the public network). Once received, the message body is encrypted with AES-256-GCM under a one-time key, and that key is sealed to your X25519 public key on Canadian servers (X25519 key agreement + HKDF-SHA256 + XChaCha20-Poly1305). We generate the sealing keypair on our side and discard it the instant the message is stored, so we keep no key that can read it: not at rest, not later, not under a warrant. Only your device can open it. We can't decrypt SMS content at rest, even if asked.

MMS Images

Images screened for illegal content (CSAM detection, malware scanning) before storage. The image is then sealed to your X25519 public key the same way as SMS (AES-256-GCM content under a one-time key wrapped to your X25519 key), and we discard our sealing keypair immediately, so we keep no key that can open it. Only your device can open them. We can't decrypt your photos at rest, even if asked.

Voicemail Audio

Recorded on Telnyx servers for a few seconds, then pulled to our Canadian servers, sealed to your X25519 public key (audio and transcript both, AES-256-GCM under a one-time key wrapped to your X25519 key), and deleted from Telnyx. We hold no key to decrypt them: only your device can play them back. The one exception is Listen-by-phone: if you turn it on, we keep a server-readable copy so you can hear voicemail by calling in.

Automated Systems Only

No Human Review

Your communications aren't seen by WIGGWIGG staff.

No AI Training

We don't use your data to train machine learning models.

No Marketing Analysis

Zero profiling, targeting, or behavioral tracking.

What We Don't Do With Your Communications

No Live Call Recording

We never record your live phone conversations. Voicemail is only saved when you explicitly choose to enable it, and you control when recordings are deleted.

No Contact List Access

We don't access your device contacts or build relationship graphs. Who you communicate with stays private.

No Location Tracking

Your location is only shared during 911 emergency calls as required by law. We don't track where you are otherwise.

No Behavioral Profiling

No marketing analytics, ad targeting, or behavioral tracking. We don't profile your communication patterns or sell your data.

No Third-Party Sharing

Your communications content is never shared with advertisers, data brokers, or analytics companies. We only share what's legally required (court orders, emergency services).

Our Commitment

What Remains Zero-Knowledge

Everything else about your WIGGWIGG account uses zero-knowledge encryption.

Identity Information

Names, birthdates, addresses, notes--all encrypted client-side.

Saved Passwords

Your password vault is encrypted with keys only you control.

Personal Details

Organizational data, tags, highlights--encrypted before upload.

Account Settings

Preferences and configurations encrypted server-side. We can access these for support purposes.

Privacy Commitment

Your identity data, vault, and communications content (SMS, MMS, voicemail) all use zero-knowledge encryption at rest. Once stored, only your device can decrypt them. Inbound communications are encrypted with AES-256-GCM under a one-time key that is sealed to your X25519 public key; we discard our sealing keypair the instant the message is stored, so we hold no key that can read them, not even later or under a warrant. (Your own device key can decrypt your history, since it is the key your device uses to read your messages.) We scan SMS/MMS for safety in real time as required by law, then seal the content with your key. Carrier-network transit (SS7/SIP) is unavoidable for phone services and is visible to carriers like all SMS. We minimize what we collect to the legal minimum.

Learn more about how we protect your data at rest: Application Security

See how the inbound spam filter works (and how you control it): Spam Filter

Common Questions About Communications Privacy

Why do carriers need my call metadata?
Carriers (like Bell, Rogers, AT&T) must have call detail records to bill you accurately and route calls correctly. This is required by telecommunications regulations in both Canada (CRTC) and USA (FCC). Think of it like your internet provider needing to know which websites you visited to route traffic--they can't deliver calls without knowing from/to numbers. This is true for every phone service, not unique to WIGGWIGG.

Can I avoid carrier data collection?
No. Call detail records are inherent to how telephony works (SS7/SIP protocols). Even end-to-end encrypted messaging apps like Signal must use carrier infrastructure to send data, meaning carriers see connection metadata. The best you can do is choose services (like WIGGWIGG) that minimize what the application layer stores, but carrier routing is unavoidable for phone calls and SMS.

Why can't you make phone services fully zero-knowledge?
Telecommunications laws in Canada (CRTC) and USA (FCC) require real-time content checks for safety and fraud prevention. Phone/SMS services must comply with carrier regulations that mandate spam filtering and CSAM detection. We can't end-to-end encrypt SMS in transit (telco protocols predate that), but our stored copy is already zero-knowledge: sealed with your key, decryptable only on your device. For end-to-end privacy in transit too, use Signal or WhatsApp with your WIGGWIGG phone number.

Do CASL and SHAFT rules apply to my personal texts?
No. CASL and SHAFT are A2P (Application-to-Person) rules for businesses sending automated/marketing messages. If you're using WIGGWIGG for personal calls and texts (P2P), these don't apply to you. We only check for basic spam patterns and illegal content on personal messages. Those checks run in memory at receive time; we never persist a plaintext copy. When we launch business features, those identities will be subject to A2P rules including CASL opt-in requirements and SHAFT content restrictions.

Do you read my messages?
No. Scanning is automated and real-time. No human ever sees your communications unless you report abuse or request support. Our systems check for spam patterns and illegal content using algorithms, not people. Imagine it like airport security scanners: automated systems check bags, but TSA agents don't manually inspect every item unless the scanner flags something.

Does Telnyx see my message content?
Telnyx is our telecommunications infrastructure provider. As a carrier, they process calls and messages for routing and delivery. Content moderation (spam and safety checks) happens on our servers before delivery.

What happens if I delete my identity?
When you delete an identity from WIGGWIGG, we immediately remove all associated data (contacts, settings, metadata). However, data already sent to carriers (call detail records) remains with them per their retention policies (6-24 months). This is similar to deleting your email account--past emails already delivered can't be 'un-sent' from recipients' servers.

Why 90 days retention? Why not less?
90 days balances privacy with practical needs: billing disputes typically surface within 60 days, and carriers require us to retain delivery confirmations for troubleshooting. We chose 90 days (vs industry standard 6-12 months) as the minimum viable window. If you need immediate deletion, you can delete your identity which purges data early.

Can law enforcement access my communications?
With a valid warrant, law enforcement can request metadata from us (90 days), carriers (6-24 months), and Telnyx. We do NOT store call audio. SMS, MMS, and voicemail content are stored zero-knowledge (sealed to your X25519 public key). We can produce the encrypted bytes under legal compulsion, but the decryption key is on your device, so we cannot read the content ourselves, and a warrant served on us cannot compel a key we do not hold. Your own device key can decrypt your stored history (it is the same key your device uses to read your messages), so a court that compels you directly is a different matter. If carriers or providers stored content during transit, it may be accessible through them separately. We comply with lawful requests but fight overly broad warrants.

What about emergency services (911)?
Emergency calls (911 in USA, 911/988 in Canada) bypass all content moderation and privacy features to ensure immediate connection. Location data is shared with emergency services as required by law. This is a safety feature--lives come first. Emergency call metadata (location, timestamp, duration) may be retained longer than standard 90-day retention as required by telecommunications regulations for public safety purposes.

Ready for Secure Communications?

Get started with WIGGWIGG and keep your personal life separate with enterprise-grade security.