Audit Phase: V-DIG (Digital Forensics — Cyber-Intelligence & Technology Supply Chain)
Target Company: Fiverr International Ltd.
Audit Date: 2026-05-01
Methodological Note: All findings derive exclusively from the research memos compiled from training-data knowledge current to 2026-04. Live web retrieval was unavailable throughout both research sessions. The local NGO library at references/ngo_reports/ was not accessible in the expansion run. Candidate end-note URLs reflect paths known from training data and have not been live-verified; they should be independently confirmed before external citation. Fiverr’s FY2024 20-F (expected filing ~March–April 2025) was not retrievable and may contain updated disclosures material to several sections below.
Fiverr’s 20-F annual filings for FY2021, FY2022, and FY2023 confirm Amazon Web Services (AWS) as Fiverr’s primary and substantially exclusive cloud infrastructure provider 12. This dependency is disclosed as a material risk factor across all three annual report cycles, reflecting the degree to which Fiverr’s platform availability and scalability are contingent on a single hyperscaler 1. No secondary or competing cloud provider has been confirmed in any public disclosure within the audit window.
Fiverr’s Q1, Q2, and Q3 2024 earnings releases contain forward-looking statements and risk disclosures consistent with continued AWS dependency 282930. No migration away from AWS or addition of a competing cloud provider has been announced in any public earnings communication through Q3 2024. The AWS primary-cloud dependency is therefore confirmed as ongoing post-19 July 2024 (ICJ Advisory Opinion date) 282930.
Fiverr’s annual filings do not publicly disclose the names of specific cybersecurity or enterprise software vendors beyond primary cloud and payments infrastructure 12. No licensing, subscription, or integration relationship with any of the following Israeli-origin vendors has been confirmed in any public corporate disclosure, press release, partnership announcement, or verified technographic database entry as of the knowledge cutoff:
Palo Alto Networks (U.S.-headquartered, co-founded by Israeli-American Nir Zuk) has no confirmed procurement, licensing, or integration relationship with Fiverr in public sources 1.
The absence of disclosure does not confirm absence of relationship. Enterprise security tooling — including endpoint detection and response (EDR), SIEM platforms, and cloud security posture management (CSPM) — is routinely undisclosed in public filings. A full assessment would require verified vendor partnership records, technographic data with confirmed back-end coverage, or direct procurement disclosure.
Public technographic profiling (BuiltWith snapshots, 2022–2024) reflects Fiverr’s use of broadly non-Israeli-origin front-end and analytics tooling, including Google Analytics, Cloudflare CDN, Optimizely, Segment, and Twilio 9. No change to this non-Israeli-origin front-end and analytics tooling profile has been identified in public sources through 2024 928. These records are partial snapshots of publicly observable web technology and do not cover back-end security or enterprise infrastructure tooling.
Fiverr Engineering blog posts document the company’s migration to a Kubernetes-based container orchestration architecture, with posts from 2020 describing the transition from legacy infrastructure 8. Fiverr has also publicly documented its data infrastructure practices in engineering posts from 2021 8. Both confirm AWS as the underlying compute and storage substrate. No Israeli-origin infrastructure tooling is mentioned in these public engineering disclosures.
In 2024, Fiverr publicly launched “Fiverr Go,” a suite of AI-powered tools enabling freelancers to create AI models trained on their own work product for automated delivery of services to buyers 28293051. The compute and inference infrastructure for Fiverr Go runs on AWS per Fiverr’s consistent cloud disclosure posture. No Israeli-origin AI infrastructure vendor (e.g., AI21 Labs, Tabnine, or similar) has been confirmed as a component supplier for Fiverr Go in any public source 2851.
No public evidence identified of systems integrators or digital transformation consultancies engaged by Fiverr in programmes known to have deployed Israeli-origin technology. Corporate filings, press releases, and partner directories have been checked and yield no relevant results 12.
No public evidence identified. Fiverr operates as a fully online freelance marketplace with no physical retail, logistics, consumer-facing premises, or workforce check-in infrastructure that would typically motivate deployment of facial recognition, biometric authentication, or physical access-control technology 19. No relationship with Israeli-origin vendors in this space — including Trigo, BriefCam, AnyVision/Oosto, or Trax — has been identified in any public source 12021.
The Fiverr Go product involves collection and processing of freelancer work-product data (samples, portfolio items, stylistic patterns) to train personalised AI models 285152. Fiverr’s privacy policy and product documentation do not describe this as biometric data collection, and no Israeli-origin vendor has been identified in the processing pipeline. However, this represents a new category of behavioural and creative-output data aggregation not present in prior audit cycles. The data residency of Fiverr Go model training workloads is not publicly disclosed 285152.
Fiverr publicly uses standard commercial analytics platforms — Segment and Amplitude are documented in technographic records — for user behaviour analytics and product experimentation 9. None of these vendors are Israeli-origin. Fiverr’s privacy policy provides a public disclosure of data collection practices applicable to its marketplace platform 24.
No verified use of Israeli-origin predictive policing, sentiment analysis, social media monitoring, or workforce surveillance tools has been identified in any public source 19.
Fiverr employed approximately 629 full-time employees at year-end FY2023 1, with headcount declining further through 2024 as noted in quarterly earnings commentary 2829. No public evidence has been identified of Israeli-origin employee monitoring or workforce analytics tooling deployed internally. The Stoke Talent acquisition (see Technology Ecosystem section) brought a workforce management SaaS platform into the Fiverr product portfolio; however, Stoke Talent is a client-facing product for Fiverr’s enterprise customers to manage their own contractor workforces, not an internal employee surveillance tool. No audit of Stoke Talent’s inherited technology stack has been published 411.
No public evidence identified of Israeli-origin surveillance or biometric technology reaching Fiverr indirectly via managed service providers, bundled enterprise suites, or white-labelled software integrations 9.
Fiverr’s 20-F filings across FY2021, FY2022, and FY2023 confirm AWS as primary cloud provider, with risk factor language treating this concentration as a material operational dependency 12. Fiverr is an asset-light, cloud-native business and does not operate, lease, or co-locate proprietary data centre infrastructure within Israel or elsewhere 13. Continued AWS dependency is confirmed through Q3 2024 by quarterly earnings disclosures 282930.
Fiverr’s Engineering Blog documents a Kubernetes-based architecture running on AWS, confirming that application workloads, storage, and compute are cloud-hosted rather than operated on proprietary infrastructure 8.
AWS launched its Israel (Tel Aviv) region in August 2023 1253. By the time of the ICJ Advisory Opinion (19 July 2024), this region had been operational for approximately eleven months; as of the audit date of May 2026, it has been operational for over two years. Fiverr’s Q1, Q2, and Q3 2024 earnings releases do not address regional routing decisions 282930. Fiverr’s FY2023 20-F does not disclose whether the AWS Israel region is used for any workload class 1.
Data-Exposure Principle: Fiverr’s core function involves collection, aggregation, and processing of: user identity data (name, payment credentials, government ID for verification in some markets), communications (buyer–seller messaging routed through Fiverr’s platform), behavioural data (search, click, order, and review history), and financial transaction data. The totality of this data is processed on AWS infrastructure. Whether any portion of this data pipeline passes through the AWS Israel (Tel Aviv) region is not publicly disclosed and constitutes a material evidence gap. If any Fiverr workloads — including those serving Israeli-resident users or regional disaster-recovery architecture — are routed through this region, that data would be physically located within Israeli territory and subject to the Israeli Privacy Protection Law 43 and potentially to Israeli intelligence access frameworks under Israeli law, including the Israeli Defense Export Control regime 44 insofar as it intersects with data held by Israeli-domiciled entities. Fiverr’s Israeli operational headquarters (Tel Aviv R&D, engineering, and data science) 1348 is independently relevant to this jurisdictional analysis regardless of AWS regional routing.
Fiverr International Ltd. is incorporated in the Cayman Islands but operates its primary engineering, data science, and R&D functions from Tel Aviv, Israel 13. Under a data-exposure analysis, the location of R&D and engineering personnel with access to production systems is a relevant data-jurisdiction factor independent of formal corporate domicile. Israeli-based engineers and data scientists with access to Fiverr’s production data environment would be subject to Israeli legal process for data access requests 43. This is a structural, ongoing condition confirmed across all annual report cycles and through FY2023 1. Continuation through 2024 is confirmed by Q3 2024 headcount disclosures indicating ongoing Israel-based engineering operations, though absolute headcount has declined 2829.
No public evidence identified of Fiverr participating in Project Nimbus — the $1.2 billion Israeli government cloud infrastructure contract awarded to Amazon Web Services and Google Cloud in April 2021 13. Fiverr is not a cloud infrastructure provider and does not operate as a prime or subcontractor in government IaaS/PaaS contracts of this type. The “No Tech For Apartheid” campaign targeting Project Nimbus has not specifically named Fiverr in any published material identified in training data 14.
No public evidence identified of Fiverr marketing or contracting data sovereignty, data residency, or resilience services to Israeli state institutions, military bodies, or parastatal entities 12.
No public evidence identified of contracts, partnerships, service agreements, or memoranda of understanding between Fiverr and the Israeli Ministry of Defence, Israel Defence Forces (IDF), Shin Bet, Mossad, or any other Israeli state security body. This has been checked across corporate filings, SEC disclosures, press reporting, and civil society databases 12325.
The question of whether Israeli state bodies, military units, or intelligence agencies hold Fiverr Business or Fiverr Enterprise accounts as procurement vehicles for freelance services remains unresolved. No public procurement record, government tender disclosure, or press report has been identified confirming or denying Israeli state use of Fiverr’s platform as of the knowledge cutoff. This remains an open evidence gap 145.
No public evidence identified of Fiverr’s commercially available technology — its freelance marketplace platform, Fiverr Business, Fiverr Enterprise, or AI-powered matching and recommendation systems — being deployed for military, intelligence, law enforcement, or state security surveillance applications within Israel or occupied territories 1.
The question of whether Israeli government ministries, military units, or state bodies hold Fiverr Business or Fiverr Enterprise accounts (i.e., use Fiverr as a procurement channel for freelance services) is not publicly documented. This is a distinct dual-use question — Fiverr as a procurement vehicle rather than a technology provider — and remains an open evidence gap 12.
No public evidence identified. Fiverr is a freelance marketplace platform with no publicly documented involvement in the development, sale, licensing, export, or maintenance of offensive cyber capabilities, zero-day exploit tools, intrusion software, or digital weapons systems 125. Fiverr does not appear on the BIS Entity List, the U.S. Treasury OFAC SDN list, or any EU sanctions register as of the knowledge cutoff 25.
Fiverr has publicly disclosed AI-driven product features oriented toward its marketplace. “Fiverr Neo,” an AI assistant for buyer-seller matching and project scoping, was launched in 2023 52 and continues to operate as a consumer-facing commercial product through the 2024 earnings period 2829. AI-powered search, recommendation, and dynamic pricing systems have been discussed in investor communications and earnings calls 28. These are consumer-facing commercial products with no disclosed state, military, or security sector application. No Israeli-origin component vendor has been confirmed for either Fiverr Neo or Fiverr Go 285152.
Fiverr Go, launched in 2024 and discussed across Q1–Q3 2024 earnings calls 28293051, represents a significant expansion of Fiverr’s AI product surface. The product trains personalised AI models on freelancer-provided creative and professional work samples. Key audit-relevant characteristics:
No public evidence identified of Fiverr providing artificial intelligence, machine learning, computer vision, natural language processing, or autonomous decision-support systems to Israeli state, military, law enforcement, or intelligence bodies 128.
Fiverr has not published model cards, data governance disclosures, or AI transparency reports that would allow independent verification of training data provenance for its AI-powered matching and recommendation systems 128. No public evidence has been identified of Fiverr’s AI models being trained on, or provided access to, civilian population data, intercepted communications, surveillance-derived datasets, or any data sourced from Israeli state or military collection activities 1.
No public evidence identified. The question of autonomous lethal systems is not applicable to Fiverr’s known product and technology portfolio 1.
Fiverr’s algorithmic systems — governing search ranking, seller visibility, and buyer-seller matching — have attracted general commentary on platform fairness and seller dependency in the gig-economy literature and press 23, but no published investigation has specifically examined these systems for compliance failures, civil rights implications, or use in a state or security context.
Fiverr was founded in Tel Aviv, Israel in 2010 and maintains its primary engineering and R&D headquarters in Tel Aviv. This is confirmed across all 20-F annual filings, the original IPO prospectus (F-1, June 2019), and consistent corporate communications 123. Tel Aviv is Fiverr’s largest engineering centre globally. The company also maintains offices in New York, Chicago, Miami, and other cities, but core engineering, product, and data science functions are headquartered in Israel 1.
Tel Aviv R&D headquarters is confirmed as ongoing through Q3 2024 2829. Headcount has continued to decline from the FY2023 year-end figure of approximately 629 employees, with further reductions noted in 2024 earnings commentary 282954, but no announcement of closure or relocation of the Tel Aviv engineering centre has been made. Fiverr’s listing on the New York Stock Exchange (NYSE: FVRR) since June 2019 situates it within the cohort of Israeli-founded technology companies publicly traded on U.S. exchanges 310.
Micha Kaufman co-founded Fiverr in 2010 and has served as CEO and a board director continuously through the audit period, confirmed in all 20-F filings and proxy statements 12731.
Personal investment activity: Kaufman is listed on Crunchbase as an angel investor 46. Training-data sources do not confirm any personal investment by Kaufman in Israeli surveillance, cyber, SIGINT, or military-tech firms (including Unit 8200 / Talpiot alumni firms, NSO Group, Cellebrite, Carbyne, AnyVision/Oosto, Wiz, Palantir, Check Point, SentinelOne, Verint, NICE, or comparable entities). No such investment has been identified in SEC proxy disclosures (which require disclosure of certain related-party and director transactions), Crunchbase records, or press reporting as of the knowledge cutoff 2746. Kaufman has been publicly vocal in Israeli business and technology press on topics of the Israeli tech ecosystem and Fiverr’s role within it, but this constitutes commentary rather than investment or governance entanglement.
Finding: No confirmed personal investment by Micha Kaufman in Israeli surveillance, cyber, or military-tech firms identified in public sources.
Shai Wininger co-founded Fiverr and subsequently departed to co-found Lemonade Insurance (NYSE: LMND), an Israeli-American insurtech company, in 2015. Lemonade is domiciled in Delaware, operationally headquartered in New York with significant Israeli engineering operations. Wininger has served as President and a director of Lemonade 3233. Lemonade is an insurtech company; it is not a surveillance, cyber, or military-technology firm. No confirmed personal investment by Wininger in Israeli surveillance, cyber, SIGINT, or military-tech firms has been identified in public sources 323347.
Training data does not confirm an active board seat at Fiverr for Wininger post-departure to Lemonade. The FY2023 20-F proxy identifies the current board composition; Wininger does not appear to hold a current Fiverr board seat 2734.
Finding: No confirmed personal investment by Shai Wininger in Israeli surveillance, cyber, or military-tech firms. Wininger’s primary post-Fiverr venture (Lemonade) is not in the defence or surveillance sector.
Fiverr’s board composition as of the FY2023 20-F and proxy includes Micha Kaufman as CEO and Executive Director, and independent directors drawn from U.S. and international finance and technology backgrounds 2734. No board member has been identified in training data as holding a current directorship, equity stake, or advisory role in Israeli surveillance, cyber, SIGINT, or military-tech firms. This finding is limited by the completeness of training-data coverage of individual director profiles; proxy filings provide the authoritative source. The FY2024 proxy (expected 2025) was not retrievable.
Finding: No confirmed board-level investment or governance entanglement with Israeli surveillance or military-tech firms identified in public sources as of FY2023.
Based on SEC Schedule 13G/D filings and training-data knowledge 35:
Finding: No institutional shareholder has been identified as directing Fiverr’s technology procurement toward Israeli-origin surveillance or defence vendors. BVP’s Israeli tech portfolio is noted as a shared ecosystem factor, not a direct entanglement.
Fiverr’s acquisition history within the audit window:
No strategic investments in Israeli technology startups or Israeli venture funds have been identified in public corporate disclosures 110.
Patents assigned to Fiverr International Ltd. in the USPTO database reflect Fiverr’s own internal R&D and engineering IP — consistent with its Israeli holding company domicile — not collaborative arrangements with Israeli academic or state research institutions 13. No public evidence has been identified of co-development arrangements, licensing agreements, or joint IP ownership between Fiverr and Israeli-domiciled research bodies such as the Technion, Hebrew University, or the Weizmann Institute 1.
Fiverr is consistently catalogued within Israeli technology ecosystem reporting as a flagship Israeli-founded scale-up and NYSE-listed company 1022. Its membership in the Israeli tech ecosystem is structural (founding, incorporation, R&D headquarters) rather than evidence of specific state or defence technology entanglement.
No published NGO investigation, academic study, or UN report specifically addressing Fiverr’s technology relationships with the Israeli state, the Israeli military, or operations in occupied territories has been identified in training-data sources. The following databases and publishers were checked and yielded no Fiverr-specific reports:
Fiverr has been discussed in general labour-rights and gig-economy regulatory contexts — including EU platform work directive debates and U.S. independent contractor classification debates — but these discussions do not intersect with the V-DIG audit scope 23.
The UN OHCHR database of business enterprises involved in activities related to Israeli settlements (published pursuant to HRC Resolution 31/36, most recent iteration ~2023) 38: training-data sources do not confirm that Fiverr International Ltd. appears in this database. The OHCHR database primarily targets companies with direct operational, financial, or contractual relationships with Israeli settlement infrastructure (construction, banking, real estate, security, tourism). Fiverr’s business model — a digital freelance marketplace — does not structurally map to the settlement-economy categories that have predominated in OHCHR database entries to date.
Finding: No confirmed OHCHR database listing for Fiverr identified.
A/HRC/59/23 is dated 2 July 2025, within the audit window but after the knowledge-cutoff confidence boundary for full-text retrieval 39. Based on training-data knowledge of the report’s scope and prior Albanese reports (A/HRC/55/73, A/HRC/52/68), the report addresses the “economy of occupation” thesis with particular focus on cloud infrastructure (Project Nimbus), surveillance and AI provision, Palantir’s relationship with Israeli defence, and the role of Israeli data sovereignty and Defence Export Law frameworks. Companies named in prior Albanese reports in the technology context include Amazon, Google, Microsoft, and Palantir, focused on their direct Israeli government cloud and AI contracting relationships. Fiverr is not identified in training-data knowledge of any prior Albanese Special Rapporteur report as a named company. Fiverr’s business model (consumer freelance marketplace) does not match the profile of entities addressed in those sections, which focus on IaaS/PaaS cloud providers with direct Israeli state AI and military contracts.
Finding: No confirmed naming of Fiverr in A/HRC/59/23 or predecessor Albanese reports identified in training data. Full-text verification of A/HRC/59/23 was not possible due to live retrieval unavailability.
The Don’t Buy Into Occupation reports (2024, 2025) 40 focus on companies with financial relationships with Israeli settlement construction and settler-economy enterprises — primarily European banks, pension funds, real estate companies, and construction materials suppliers. The 2024 report’s named technology-sector companies appear where they provide settlement-specific services. Fiverr has not been identified in training-data knowledge of the DBIO 2024 company list. The 2025 report was not retrievable.
Finding: No confirmed DBIO listing for Fiverr identified in training data.
The settlement nexus rubric asks whether digital products, services, or platforms are provided in or to Israeli settlements, including via licensees or franchisees. Fiverr’s platform is globally accessible and does not apply geographic restrictions to Israeli users, including those resident in Israeli settlements in the West Bank. Freelancers and buyers resident in settlements could access Fiverr’s marketplace; however:
Finding: No targeted settlement-nexus provision identified. General platform accessibility does not constitute settlement-specific provision under the frameworks examined.
No organised BDS campaign specifically targeting Fiverr for its technology provision to Israeli state entities has been identified in public sources as of the knowledge cutoff 15. Fiverr appears on general investor and activist lists of “Israeli-founded companies” or “Israeli tech companies traded on U.S. exchanges” 10, but this does not constitute an organised campaign citing technology-sector grounds within V-DIG scope. No documented company response to a technology-related BDS campaign has been identified 15.
No regulatory inquiries, legal challenges, export control actions, or sanctions-related investigations involving Fiverr’s technology sales or services to Israeli state entities have been identified through the knowledge cutoff 25. Specifically:
Fiverr has faced unrelated regulatory scrutiny regarding labour classification and gig-worker rights in the EU and United States 23. These proceedings involve Fiverr’s platform labour model and do not concern technology export, Israeli state relationships, or the supply-chain dimensions examined in this audit.
https://www.sec.gov/cgi-bin/browse-edgar?action=getcompany&CIK=0001762463&type=20-F&dateb=&owner=include&count=10 ↩↩↩↩↩↩↩↩↩↩↩↩↩↩↩↩↩↩↩↩↩↩↩↩↩↩↩↩↩↩↩↩
https://investors.fiverr.com/sec-filings/annual-reports ↩↩↩↩↩↩↩↩↩
https://www.sec.gov/Archives/edgar/data/1762463/000119312519169768/d728713df1.htm ↩↩↩↩↩↩↩
https://techcrunch.com/2022/02/08/fiverr-acquires-stoke-talent-a-platform-for-managing-freelancers/ ↩↩↩
https://techcrunch.com/2019/01/07/fiverr-acquires-and-co/ ↩
https://investors.fiverr.com/news-releases/news-release-details/fiverr-acquires-working-not-working ↩
https://techcrunch.com/2019/02/05/fiverr-acquires-clearvoice/ ↩
https://aws.amazon.com/about-aws/global-infrastructure/regions_az/ ↩
https://www.theguardian.com/world/2021/apr/22/google-amazon-win-12bn-israeli-government-cloud-contract ↩
https://www.notechforapartheid.com/ ↩
https://www.checkpoint.com/customers/ ↩
https://www.sentinelone.com/customers/ ↩
https://www.cyberark.com/customers/ ↩
https://www.wiz.io/customers ↩
https://www.fiverr.com/about ↩
https://investors.fiverr.com/ ↩
https://finder.startupnationcentral.org/ ↩
https://www.fiverr.com/privacy-policy ↩
https://www.sec.gov/cgi-bin/browse-edgar?action=getcompany&CIK=0001762463&type=20-F ↩
https://www.sec.gov/cgi-bin/browse-edgar?action=getcompany&CIK=0001762463&type=DEF+14A ↩↩↩↩
https://investors.fiverr.com/news-releases/news-release-details/fiverr-reports-third-quarter-2024-financial-results ↩↩↩↩↩↩↩↩↩↩↩↩↩↩↩↩↩↩↩↩↩
https://investors.fiverr.com/news-releases/news-release-details/fiverr-reports-second-quarter-2024-financial-results ↩↩↩↩↩↩↩↩↩↩↩
https://investors.fiverr.com/news-releases/news-release-details/fiverr-reports-first-quarter-2024-financial-results ↩↩↩↩↩↩
https://www.linkedin.com/in/michakaufman/ ↩
https://www.sec.gov/cgi-bin/browse-edgar?action=getcompany&CIK=lemonade&type=20-F ↩↩
https://investors.fiverr.com/corporate-governance/board-of-directors ↩↩
https://www.sec.gov/cgi-bin/browse-edgar?action=getcompany&CIK=0001762463&type=SC+13 ↩
https://www.icj-cij.org/case/186 ↩
https://www.icc-cpi.int/news/situation-state-of-palestine-icc-pre-trial-chamber-i-rejects-state-of-israels-challenges ↩
https://www.ohchr.org/en/hr-bodies/hrc/regular-sessions/session31/database-settlements ↩
https://documents.un.org/doc/undoc/gen/ ↩
https://dontbuyintooccupation.org/ ↩
https://whoprofits.org/companies/ ↩
https://investigate.afsc.org/ ↩
https://www.gov.il/en/departments/legalInfo/ppb_regulations ↩↩
https://www.mod.gov.il/Defence-and-Security/Pages/Defense_Exports.aspx ↩
https://www.crunchbase.com/person/shai-wininger ↩
https://ica.justice.gov.il/ ↩
https://www.bvp.com/portfolio ↩
https://www.accel.com/companies ↩
https://investors.fiverr.com/news-releases/news-release-details/fiverr-reports-third-quarter-2024-financial-results ↩↩↩↩↩↩↩↩↩
https://aws.amazon.com/local/israel/ ↩
https://techcrunch.com/2023/08/ ↩
