Wyng Data and Security Primer

What role does Wyng play with respect to consumer data? 

Brands use Wyng  to engage with consumers in meaningful, authentic ways. As part of that engagement, consumers may provide data to brands by participating in campaigns, submitting a form or sharing content with brands over social media. For example, consumers may fill out and submit a form to the brand.

21972-312_SOC_NonCPAThe data that brands use Wyng to collect is zero-party data – that is, data collected directly from consumers, with their consent.

We take privacy and data security seriously at Wyng and comply with current data protection laws. Wyng is certified SOC 2 Type 2 compliant. We have also invested our platform, operations and processes in order to help our customers meet their obligations under the General Data Protection Regulation (GDPR). Read more about our support for GDPR here


What data can brands collect with Wyng?

Brands can configure their Wyng campaigns to collect data from consumers in two ways:

  1. Web forms. Wyng enables consumers to share information directly with brands via a web form. Wyng provides powerful tools for brands to create custom forms, communicate to consumers why the brand is requesting the form data and how the data will be used, and process form submissions. Wyng forms support multiple input types, multi-media input, opt-in checkboxes, layout and styling control, form field validation, rate limits and mobile optimization. Brands can use Wyng forms to capture personal information including email, name, mailing address, date of birth, and phone.
  2. Social media engagement. Wyng enables consumers to submit content directly to brands (via #hashtag and @mention) on Instagram and Twitter. This user-generated content, which may include a photo and video or a caption, along with the user handle is collected and securely stored in Wyng so that the brand may follow up with the user directly.

In addition certain campaigns built with Wyng may collect information from consumers in order to create an interactive experience -- for example, votes in a contest.

Wyng cannot be used to capture sensitive information from consumers, including financial information (e.g. SSN or credit card numbers), transaction data (PCI) and health data (PHI).

Data submitted by consumers is stored in secure servers for two purposes:

  1. The information may be used to personalize the consumer's experience or entry in the campaign; for example, in a photo lab engagement campaign, content shared by a consumer may be labeled with the consumer's name; and
  2. The information may be used to generate reports and exports for access by the Wyng customer responsible for the campaign.

Independent of Wyng, brands may choose integrate third-party data technology with their campaigns. For example, a brand may use a DMP to track consumer participation for future personalization or retargeting.


Use Wyng to collect data responsibly

When requesting data from consumers, use the capabilities in the Wyng platform to clearly communicate to consumers how the data will be used, and get affirmative consent from each consumer. This transparent, authentic engagement is vital to establishing and maintaining trust and in order to comply with regulations.


Does Wyng store consumer data for the brand? If so, how is the data secured?

Wyng is a Software-as-a-Service business, and employs industry best practices to store and secure data.

If a brand chooses to use Wyng to collect and store consumer data, Wyng will securely store the data on behalf of the brand. Data is encrypted in transit, encrypted at rest, and stored securely with access limited to users designated by the brand’s account administrator. Wyng data is hosted and secured within Amazon Web Services (AWS). Amazon data centers are certified to be in compliance with standards including ISO 27001 and SOC 2.

Brands may choose to transfer a copy of the data to their email marketing system, CRM system, or customer database. The transfer can be done manually, or automatically using a pre-built or custom integration. Wyng includes pre-built integrations to select email and CRM systems; these can be found in the Integrations panel on your Wyng dashboard. For other systems, custom integrations can be built using our Web Hook capability.

By request from a brand, Wyng will delete from our current and active databases all information collected through Wyng service. By request from a consumer, Wyng will delete any data collected from that consumer and notify the brand that originated the data collection.

Wyng performs regular security audits and penetration tests in conjunction with third-party experts. We run regular automated OWASP Compliance Audits to test for vulnerabilities using third-party automated testing tools. We also use network and application firewalls and anti-malware software to protect against evolving threats.

Wyng is certified SOC 2 Type 2 compliant. SOC 2 standards are established by the American Institute of Certified Public Accountants (AICPA) and address comprehensive information and data security controls. Certification is only awarded to organizations that prove their operations are up to the AICPA standards.

Our consumer data, privacy, and cookie policies are compliant withEU Cookie Policy and the EU GDPR.

Wyng supports Single Sign-On (SSO) using sign-in using the SAML 2.0 protocol across all login pages and within platform. We offer customizable password management to enable organizations to set requirements for strong passwords, customized expiration dates, and enabling CAPTCHA after a user speci ed number of tries.


Does Wyng share or sell the data?

No, Wyng does not share or sell the data. Brands are the sole custodians of the data they collect and have complete responsibility for the data.


Does Wyng use the personal data collected by brands?

No, Wyng does not use the data.


Does Wyng purchase or use any third-party consumer data?

No, Wyng does not purchase or use any third-party consumer data. Third-party data is consumer data that may be purchased in bulk from data brokers and is often collected with questionable consent and shared without consent.


What data does Wyng capture when consumers submit content to a brand on Instagram or Twitter, and how is that data used?

Consumers can submit content directly to brands (via #hashtag and @mention) on Instagram and Twitter. This user-generated content may include a photo and video or a caption. Wyng securely stores this content on behalf of the brand, and provides tools to help the brand communicate with consumers to request permission to use the content. Only the brand has access to the content and data – Wyng does not share or sell it.


Does Wyng mine or scrape data from Facebook or other third parties?

No, Wyng does not mine or scrape data from Facebook or other third parties.