Wiingman Privacy & Security Policy

Version 2.0 | October 2025
Wiingman Pty Ltd (ABN 94 688 220 760)
Unit 1/94 Taren Point Road, Taren Point NSW 2229 | www.wiingman.io

Introduction

Wiingman Pty Ltd and its related bodies corporate (“Wiingman”, “we”, “our”, or “us”) are committed to protecting your privacy and the security of your personal information.
This Policy explains how we collect, use, hold, disclose and protect personal information across the Wiingman platform, including the AI-driven workflow and document-generation tools used by enterprise and government clients.

We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and align our systems and practices with ISO/IEC 27001 and SOC 2 Type II frameworks for information-security management.
Updates to this Policy will be published at www.wiingman.io/privacy-policy.

Specific privacy or consent notices may supplement this Policy for certain products or collection channels; those notices prevail if inconsistent.

Definition of Personal Information

“Personal information” means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not and whether recorded in material form or not.
Examples include name, contact details, employment data, account credentials, payment information and preference data.

Information Security Governance

Wiingman maintains an Information Security Management System (ISMS) aligned with ISO 27001 and SOC 2 Type II covering:

  • Encryption — TLS 1.2+ in transit; AES-256 at rest.

  • Access Control — BuddyBoss login with optional Okta SSO (SAML 2.0) and multi-factor authentication for administrators.

  • Role-Based Access Control (RBAC) ensuring users access only authorised data.

  • Continuous Monitoring and Audit Logging of user actions.

  • Vulnerability management, patching, WAF and DDoS protection.

  • Incident response plan with 72-hour notification window for eligible data breaches.

All production data is hosted on a private VPS located in Australia within ISO-certified data centres.
Backups are encrypted, geo-redundant and retained in Australia.
No data leaves Australian jurisdiction without the client’s written consent.

Collection Channels

We collect personal information through:

  • Wiingman’s online properties and applications;

  • event or activation registration forms;

  • clients, suppliers or service providers; and

  • communications with our staff or support team.

Automated systems may capture limited metadata (cookies, IP address, browser type, device ID) for analytics and service improvement.
See Passive Information Collection below.

Kinds of Information Collected

Depending on your interactions, we may collect identification details, professional profile, usage and event data, payment information, communications, preferences, and any content you upload to the platform.
Sensitive information is collected only with consent or as permitted by law.

Why We Collect, Use and Disclose Information

Primary purposes include:

  • Providing and improving Wiingman services;

  • Managing accounts, authentication and security;

  • Generating event documentation and compliance outputs at your request;

  • Facilitating payments and communications;

  • Supporting legal, risk and audit requirements; and

  • Complying with law, regulation or court order.

Wiingman’s AI features analyse information you input (e.g., event details) to determine relevant workflows or document templates.
AI processing occurs within Wiingman’s secure environment; outputs remain your property and are not used to train public models.

How We Hold and Protect Information

All information is stored on secure servers within our Australian private VPS infrastructure.
Security measures include layered firewalls, encryption, RBAC, intrusion detection and regular penetration testing by independent specialists.
Backups are performed daily and retained per our disaster-recovery policy.
We notify affected clients of any notifiable breach under the Notifiable Data Breaches scheme.

Sharing of Information

We may share data only with:

  • Authorised users within your organisation;

  • Trusted service providers (hosting, cloud storage, analytics, payment processing, communications); and

  • Legal or regulatory bodies where required.

All third parties are bound by confidentiality and security obligations equivalent to this Policy.
We do not sell, rent or trade personal information.

Retention and Deletion

Personal information is retained only as long as necessary for the purposes described or as required by law.
At contract termination or upon request, client data can be exported and securely deleted from active and backup systems following verification.

Your Rights

Subject to law, you may request to access, correct, or delete your personal information, withdraw consent, or object to certain processing.
Requests can be made to privacy@wiingman.io and will be addressed within 30 days.
You may also contact the Office of the Australian Information Commissioner (OAIC) or your local supervisory authority (EU/UK users).

Passive Information Collection (Cookies & Analytics)

Wiingman uses cookies, pixels and similar technologies for functionality and analytics.
You may disable cookies in your browser; some features may not function properly.
Aggregated analytics do not identify individual users.

Children

We do not knowingly collect personal information from individuals under 16 without verifiable parental or guardian consent.

Anonymity and Pseudonymity

Where practicable, you may interact with us anonymously or under a pseudonym.
Certain services (e.g., user accounts, transactions) require identification.

Sale or Restructure of the Company

If Wiingman undergoes a merger, acquisition or asset transfer, personal information may be disclosed to advisers and transferees under confidentiality and will remain subject to this Policy.

Contact and Complaints

Australia
Privacy Officer – Wiingman Pty Ltd
Unit 1/94 Taren Point Rd, Taren Point NSW 2229
📧 privacy@wiingman.io

We will acknowledge your query or complaint within 5 business days and aim to resolve it within 30 days.
If unresolved, you may contact the OAIC at www.oaic.gov.au.

Last updated: September 2025

© Wiingman Pty Ltd | All rights reserved.

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .