Last updated: 20 March 2026
W Social AB, Malmgårdsvägen 63, 116 38 Stockholm, Sweden (“W Social”, “we,” “us,” or “our”) is the controller responsible for the processing of your personal data as described in this Privacy Notice.
W Social is a social network designed with a foundational commitment to user privacy. The platform requires that each account be associated with a verified human identity in order to maintain the integrity and authenticity of its user base. Notwithstanding this verification requirement, we do not collect, retain, or otherwise access information sufficient to ascertain the actual identity of our users. This approach ensures that identity verification and user privacy remain complementary objectives, enabling us to confirm the legitimacy of the accounts on our platform while preserving the anonymity of our users in accordance with applicable privacy principles. To achieve this objective, identity verification is performed by W Identity, a separate legal entity and separate controller under the EU General Data Protection Regulation (“GDPR”).
You can reach us at info@wsocial.eu and our Data Protection Officer at dpo@wsocial.eu with all privacy-related questions.
This Privacy Notice explains how we process personal data in connection with the W Social platform.
3.1 Data Collected Directly from You
Waitlist sign-up. If you sign up for our waitlist, we may collect your country, preferred handle, email address, and social profile links from other platforms, depending on what you choose to provide in the waitlist form.
Newsletter sign-up. If you sign up for our newsletter, we collect your email address.
Account usage data.
As the operator of a federated service built on the AT Protocol, we collect and process the following categories of personal data in connection with your use of our platform:
3.2 Data Received from W Identity
When you sign up for W Social, W Social collects the following data from W Identity via the W Identity app with your explicit approval: Your W Identity UUID (Universally Unique Identifier, which in itself does not reveal anything about you), your passport country, and your year of birth. W Social cannot access any other data from W Identity unless you explicitly approve it in the W Identity app.
3.3 Data Collected from Other Third Parties
W Social is based on the Authenticated Transfer Protocol (“AT Protocol”), a decentralized, open-source protocol for social networks that supports various types of services. The goal of the AT Protocol is to create a common technical standard to make various social networks and applications interoperable.
This enables us to integrate our platform with the social network Bluesky which is operated by Bluesky Social PBC, as well as other service providers using the AT Protocol. Content on Bluesky can be accessed via W Social.
We process your personal data for the purposes set out below, together with the corresponding legal basis:
| Purpose | Categories of Data | Legal Basis |
|---|---|---|
| Verifying that you hold a valid W Identity account and creating your W Social account | W Identity UUID (Universally Unique Identifier), passport country, year of birth | Entering into a contract (Art. 6(1)(b) GDPR) |
| Enabling you to share content and send messages to other users of the platform and other service providers using the AT Protocol | Posts, replies, quote posts, embedded media, direct messages, mentions, hashtags, profile information (handle, display name, bio, profile picture), and associated metadata such as timestamps and language tags | Performance of a contract (Art. 6(1)(b) GDPR) |
| Receiving content from other service providers using the AT Protocol | Any public information you share with other service providers using the AT Protocol | Our legitimate interest in integrating our services with the services of other service providers using the AT Protocol (Art. 6(1)(f) GDPR) |
| Managing your waitlist registration | Country, preferred handle, email address, social profile links (as provided) | Entering into a contract (Art. 6(1)(b) GDPR) |
| Sending our newsletter | Email address | Your consent (Art. 6(1)(a) GDPR) |
| Platform security and fraud prevention | IP addresses, session data, device identifiers, user agent strings, error and rate-limiting events | Our legitimate interest in keeping our platform secure (Art. 6(1)(f) GDPR) |
| Moderation of illegal or harmful content | Post content, account identifiers, reported content | Compliance with legal obligations (Art. 6(1)(c) GDPR) |
| Compliance with legal obligations | Any data relevant to the specific legal obligation | Compliance with legal obligations (Art. 6(1)(c) GDPR) |
5.1 Processors
We use third-party service providers who act as our processors under the GDPR, such as an email marketing platform and a hosting provider.
5.2 Other Recipients
We share content you create on our platform with service providers who use the AT protocol, and in particular with Bluesky Social PBC, to enable you to interact with their users.
Your personal data will be stored by us and our service providers in accordance with applicable data protection laws to the extent necessary for the processing purposes set out in this Privacy Notice. Subsequently, we will delete your personal data in accordance with our data retention and deletion policy or take steps to properly render the data anonymous, unless we are legally obliged or permitted to keep your personal data longer (e.g. for legal compliance, tax, accounting or auditing purposes, or to detect and prevent illegal activity).
As far as legally permissible or required, we restrict the processing of your data instead of deleting it (e.g. by restricting access to it). This applies in particular to cases where we may still need the data for the performance of the contract or for the assertion of or defense against legal claims, or where such retention is otherwise required or permitted by law. In these cases, the duration of the restriction of processing depends on the respective statutory limitation or retention periods. The data will be deleted after the relevant limitation or retention periods have expired.
We only use third-party service providers who process your data within the European Economic Area or countries for which the European Commission has confirmed an adequate level of data protection via a so-called “adequacy decision”.
We share content you post on our platform with service providers who use the AT protocol, and in particular with Bluesky Social PBC. This may include a transfer of personal data outside of the European Economic Area. In these cases, we rely on Art. 49(1)(b) GDPR. The transfers are necessary to fulfil our contractual obligations under the user agreement.
We do not use technologies that are considered automated decision-making in the sense of Art. 22 GDPR.
Under the GDPR, you have the following rights in relation to your personal data, subject to the conditions and exceptions set out in the GDPR:
Right of access (Article 15): You have the right to obtain confirmation as to whether your personal data is being processed and, where that is the case, to access the data and receive certain information about the processing.
Right to rectification (Article 16): You have the right to obtain the rectification of inaccurate personal data and, taking into account the purposes of the processing, to have incomplete personal data completed.
Right to erasure (Article 17): You have the right to obtain the erasure of your personal data in certain circumstances, such as where the data is no longer necessary for the purposes for which it was collected.
Right to restriction of processing (Article 18): You have the right to obtain restriction of processing in certain circumstances, such as where you contest the accuracy of the data.
Right to data portability (Article 20): Where processing is based on consent or on a contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
Right to object (Article 21): Where processing is based on legitimate interests, you have the right to object to the processing on grounds relating to your particular situation.
Right to withdraw consent (Article 7(3)): Where processing is based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Right to lodge a complaint: You have the right to lodge a complaint with a data protection supervisory authority of your choice.
To exercise any of these rights, please contact us at info@wsocial.eu.
© 2026 W Social AB (559544-6690), Stockholm, Sweden - all rights reserved.