INDEX / DIRECTORY / WAYFAIR / DIGITAL

Wayfair DIGITAL

DIGITAL INFRASTRUCTURE AUDIT UPDATED 2026-06-16
Digital Score 3.21 /10 D Wayfair - BDS-1000 253
Digital 3.21

Evidence-only forensic audit. Scoring happens downstream - see the main dossier for the composite assessment.

Digital Audit: Wayfair Inc. (NYSE: W)

Audit Phase: Digital (Digital / Technology Forensics) Subject Entity: Wayfair Inc. (NYSE: W) Registered Address: 4 Copley Place, 7th Floor, Boston, Massachusetts 02116, United States Audit Date: June 2026 Evidence Base: Published corporate disclosures, vendor and partner press releases, trade and technology press, NGO/campaign material, and contemporaneous news reporting. All factual claims are drawn from publicly available sources cited in the End Notes.

Scope and directionality note: Digital assesses the digital/technology nexus to Israel. The serious case is the provision of surveillance, digital, data, or cyber technology to the Israeli state, military, or security services. The reverse direction - Wayfair procuring technology from Israeli-origin vendors - is a customer relationship and is recorded explicitly as such, weighted far lower than provision. No transitive guilt is imputed: an Israeli vendor’s other clients, its founders’ military backgrounds, or a prime contractor’s separate government contracts are not attributed to Wayfair. US-entity relationships (e.g. Google) are not Israeli-origin and are noted only for completeness or for shared-vendor structural analysis.

Enterprise Technology Stack & Vendor Relationships

Primary Cloud Provider - Google Cloud (Direction: Wayfair as customer; US entity)

Wayfair’s principal disclosed enterprise technology relationship is with Google Cloud, a US-headquartered Alphabet subsidiary. Wayfair first announced a Google Cloud partnership in January 2020, and in October 2022 Google Cloud announced that Wayfair had completed a full migration from a hybrid model to a unified public cloud strategy on Google Cloud.1 The disclosed migration moved 330,000 CPU cores, 23,000 operating-system instances, more than 8,500 applications, and over 5,700 Kubernetes namespaces from on-premises data centres over a 16-month period.1 Wayfair CTO Fiona Tan and Google Cloud VP Carrie Tharp were quoted on the migration.1 Wayfair’s disclosed Google Cloud usage includes Vertex AI Feature Store, Vertex AI Pipelines, and Google Cloud data-analytics tools, applied to fraud/scam detection, ML model deployment, customer-identification models, and personalisation.1 In January 2025, Wayfair and Google Cloud announced an expanded partnership applying Google’s Gemini models on Vertex AI to product-catalogue enrichment, with Google Workspace deployed to Wayfair employees; Fiona Tan was again quoted.2 This is a US-entity vendor relationship (Wayfair as customer) and is recorded for completeness; its structural relationship to Project Nimbus is addressed in the Cloud section below.

Israeli-Origin Vendors in the Wayfair Stack (Direction: Wayfair as customer)

Riskified - Wayfair is a documented customer of Riskified (Riskified Ltd., NYSE: RSKD), an online-payments fraud-prevention firm. Wayfair first partnered with Riskified in 2018 to automate and scale its payment-fraud operations, and the two companies publicly extended the partnership in September 2021 to cover the omnichannel purchase journey.34 Riskified provides machine-learning-based fraud screening and pioneered a “chargeback guarantee” model.45 In the September 2021 extension, Wayfair CFO Michael Fleisher was quoted alongside Riskified Chief Revenue Officer Peter Elmgren and Riskified VP of Data Science Elad Cohen.3 Riskified was founded in 2012 by Eido Gal (CEO) and Assaf Feldman (CTO); it maintains dual headquarters in New York City and Tel Aviv, and is consistently described in press as an Israeli/Tel-Aviv-founded company that listed on the NYSE in July 2021.56 Public profiles record that co-founder Eido Gal served as a researcher in the Israel Defense Forces (2003–2006).7 In every respect the direction is Wayfair as the customer procuring a commercial SaaS fraud product - not Wayfair providing technology to any Israeli entity.

No other confirmed Israeli-origin vendor relationship was identified. Israeli e-commerce technology firms (e.g. Yotpo, Namogoo, Forter, Syte) are documented with various retail clients, but no public source independently links any of them to Wayfair’s stack.8 No public evidence identified beyond Riskified.

Israeli-Origin Cybersecurity Vendors

No public evidence was independently identified confirming that Wayfair holds a licensing, subscription, or integration relationship with any Israeli-origin cybersecurity vendor - including Check Point, Wiz, CyberArk, SentinelOne, Claroty, or Palo Alto Networks (US-origin). Inter-vendor partnerships among such firms exist (e.g. a 2024 Check Point–Wiz strategic partnership) but do not establish Wayfair as an end customer of either.9 No public evidence identified of an Israeli-origin cybersecurity product in Wayfair’s environment.

Procurement Transparency Constraints

Wayfair’s annual 10-K filings, accessible via SEC EDGAR, do not name specific cybersecurity or infrastructure vendors in their technology-risk disclosures.10 Vendor relationships below the level of named, publicly announced partnerships are not in the public domain, and the full security/IT vendor stack is undisclosed. This is the principal evidence gap in this domain.

Surveillance, Biometrics & Retail Technology

Physical Retail Expansion - In-Store Technology

Wayfair opened its first large-format physical store, a 150,000-square-foot location in Wilmette, Illinois, in May 2024, and has since announced further large-format stores (e.g. Atlanta, New York metro).1112 This creates a new operational domain in which point-of-sale, loss-prevention, and in-store analytics vendors become material. No public source reviewed names any specific in-store loss-prevention, video-analytics, or checkout-technology vendor - Israeli-origin or otherwise - deployed at these stores.1112 No public evidence identified.

Israeli-Origin Surveillance / Biometric Vendors

No public evidence was identified that Wayfair has deployed facial-recognition, biometric, gait-analysis, frictionless-checkout, or shelf-analytics technology of Israeli origin (e.g. Oosto/AnyVision, BriefCam, Trigo, Trax) in its retail, warehouse, or fulfilment operations. No public evidence identified.

Predictive Analytics, Workforce Monitoring & Social-Media Surveillance

No public evidence was identified of Wayfair using Israeli-origin predictive-analytics, sentiment-analysis, social-media-monitoring, or workforce-surveillance tools. No public evidence identified.

Third-Party Loss Prevention & Managed Security Delivery

Third-party loss-prevention, CCTV-analytics, or managed-security sub-contractors used across Wayfair’s store, warehouse, and fulfilment estate are not publicly disclosed, and it cannot be confirmed or excluded from public evidence whether any such sub-contractor deploys Israeli-origin technology within its own platform. No public evidence identified linking any to Wayfair.

Cloud Infrastructure, Data Residency & Sovereign Cloud Participation

Cloud Architecture - Google Cloud as Primary Provider

Wayfair’s cloud infrastructure is built on Google Cloud (a US-entity relationship), confirmed since 2020 and consolidated into a unified public-cloud strategy in October 2022.1 Disclosed products include Vertex AI Feature Store and Pipelines and Google Cloud data-analytics tooling.1 Wayfair’s published technical content describes work on multi-region Google Cloud Spanner latency, referencing US and European regions; no Wayfair disclosure references an Israeli region.1

GCP me-west1 Region (Tel Aviv) and Data Residency

Google Cloud’s Israel region, designated me-west1 and located in Tel Aviv, became operational in 2022 as a standard multi-region offering available to any Google Cloud customer.13 No public configuration disclosure, architecture document, or privacy policy from Wayfair specifies whether me-west1 has been enabled in any Wayfair workload. Any claim that Wayfair data resides in or transits me-west1 would be inference, not evidence. No public evidence identified that Wayfair routes or stores data in the GCP me-west1 (Tel Aviv) region.

Project Nimbus - Structural Shared-Vendor Linkage (Not Contractual)

Project Nimbus is a documented ~$1.2 billion cloud contract awarded by the Israeli government in 2021 to Google Cloud and Amazon Web Services as prime contractors, providing cloud services to Israeli government, defence, and security bodies; the contract reportedly forbids the providers from denying service to specified Israeli entities, including the military.1415 Google Cloud workers protested Nimbus in April 2024 under the “No Tech For Apartheid” banner, and a number of participating employees were subsequently dismissed.1617 The link between Wayfair and Nimbus is structural and shared-vendor in nature, not contractual: Wayfair is a commercial Google Cloud customer, and Google Cloud is separately a Nimbus prime contractor. No public evidence was identified that Wayfair holds any Nimbus sub-contract, participates in any Nimbus technical programme, contributes engineering resources to Nimbus, or that Wayfair workloads are shared with or accessible by Israeli government entities. No public evidence identified of Wayfair participation in Project Nimbus.

Data Centre Operations in Israel

No public evidence was identified that Wayfair operates, leases, or co-locates data-centre infrastructure within Israel. No public evidence identified.

Cloud Services Provision to Israeli State Institutions

No public evidence identified. Wayfair is an e-commerce retailer and does not operate as a cloud-service or data-sovereignty provider to any state body, Israeli or otherwise.

Defence, Intelligence & Security Sector Technology Relationships

Military & Intelligence Contracts

No public evidence was identified of any contract, memorandum of understanding, partnership, or service engagement between Wayfair and the Israeli Ministry of Defence, the Israel Defense Forces (IDF), Shin Bet, Mossad, or any Unit 8200-linked commercial entity. Wayfair is a retail and home-goods business and does not publicly operate in the defence-technology sector. No public evidence identified.

Provision of Technology / Data to the Israeli State or Military

No public evidence was identified of Wayfair providing surveillance technology, data, software, cloud capacity, or digital services to the Israeli state, military, or security services. This is the directionally serious Digital case, and no qualifying evidence of it was found. No public evidence identified.

Dual-Use Technology Provision

No public evidence was identified of Wayfair’s commercial technology (e-commerce platform, logistics systems, 3D visualisation, recommendation engines) being reported or confirmed as deployed for military, intelligence, or law-enforcement surveillance applications in Israel or the Occupied Palestinian Territories. No public evidence identified.

Offensive Cyber Capability

No public evidence identified. Wayfair does not develop, license, or sell offensive cyber capability; this is not within its business domain. No major cyberattack publicly attributed to a named threat actor against Wayfair was confirmed in the sources reviewed; third-party security reporting references generic infostealer exposure, but no company-confirmed breach was identified.18 Any such incident would in any case be an attack done to Wayfair, not provision of technology to Israel.

AI, Algorithmic & Autonomous Systems

Internal AI/ML Deployment

Wayfair deploys AI/ML extensively for internal commercial purposes - product search and recommendation personalisation, catalogue tagging, demand forecasting, logistics optimisation, and fraud/scam detection - primarily via Google Cloud Vertex AI and, since January 2025, Google’s Gemini models on Vertex AI.12 These are consumer-facing and supply-chain-facing applications.

AI/ML Provision to Israeli State Bodies

No public evidence identified. No public evidence was identified of Wayfair providing AI capability, model access, training datasets, or inference services to any Israeli state, military, or security body.

Training Datasets & Model Development Involving Israeli Population Data

No public evidence was identified of Wayfair’s AI models being trained on Israeli civilian population data, surveillance-derived datasets, or data originating from occupied territories. No public evidence identified.

Autonomous Systems & Lethality

No public evidence identified. The development or deployment of autonomous or lethal systems is not within Wayfair’s business domain.

Internal Algorithmic Deployment - Israeli-Origin AI Tooling

Of the Israeli-origin vendors identified in this audit, Riskified supplies machine-learning-based fraud screening as a customer-procured SaaS product (Wayfair as customer).35 No other Israeli-origin AI vendor was identified as embedded in Wayfair’s stack; the undisclosed full vendor list means secondary embedding within managed services cannot be positively excluded, but no such instance was identified.

Technology Ecosystem & R&D Footprint

Israeli R&D Facilities

No public evidence was identified that Wayfair operates any R&D facility, engineering office, innovation lab, or accelerator within Israel. Wayfair’s disclosed corporate and engineering locations are Boston (global HQ), Berlin, London, Galway, Mountain View, Toronto, Austin, Bangalore, and Shanghai; Wayfair’s own locations page lists no Israeli office.1920 No public evidence identified.

Acquisitions & Investments in Israeli Technology Companies

No public evidence was identified of Wayfair acquiring, or taking a corporate-venture stake in, any Israeli technology company. Wayfair’s documented acquisition history centres on brand and logistics/3D-visualisation assets, none of which are Israeli-origin; the Riskified relationship is a vendor procurement, not an investment.19 No public evidence identified.

Patents & IP Co-Development with Israeli Institutions

No public evidence was identified of patent portfolios, licensing, or co-development arrangements between Wayfair and Israeli-domiciled entities or research institutions (Technion, Hebrew University, Weizmann Institute). Wayfair’s SEC filings do not disclose material IP relationships with Israeli entities.10 No public evidence identified.

Supplier Code of Conduct - Technology Supply-Chain Provisions

No public evidence was identified that Wayfair’s supplier-conduct or responsible-sourcing frameworks contain provisions governing the national origin or geopolitical exposure of technology vendors, software suppliers, or digital-infrastructure providers. No technology-supply-chain due-diligence framework specific to vendor geopolitical exposure is publicly documented by Wayfair. No public evidence identified.

Civil Society Scrutiny & Regulatory History

NGO & Academic Scrutiny - Technology Supply Chain

No public evidence was identified of an NGO investigation, academic study, or UN report addressing Wayfair’s technology relationships with the Israeli state, Israeli defence entities, or Israeli-origin vendors. No public evidence identified.

The 2019 Employee Walkout - Documented Civil Society Action (No Israel Nexus)

The most prominent documented civil-society action against Wayfair is the June 2019 employee walkout, in which hundreds of Wayfair employees protested the company’s sale of bedroom furniture to a US government contractor (BCFS) operating migrant detention facilities at the US–Mexico border.2122 This event concerns US immigration-detention contracts and has no Israel or Israeli-technology nexus; it is recorded for completeness as a documented precedent of employee-led action on human-rights grounds.

BDS / No Tech For Apartheid Campaigns

The No Tech For Apartheid campaign has publicly targeted Google and Amazon over Project Nimbus.1617 Wayfair does not appear as a named target in publicly documented No Tech For Apartheid material. Wayfair appears on some general consumer-boycott listings, but no public source documents an organised BDS or No Tech For Apartheid campaign targeting Wayfair specifically for technology relationships with the Israeli state.23 No public evidence identified of a campaign targeting Wayfair’s technology relationships with Israel.

Regulatory, Export-Control & Sanctions Authorities

No public evidence was identified of any action by US export-control authorities, OFAC, the FTC, the DOJ, or any equivalent body relating to Wayfair technology sales, services, or data transfers to Israeli state entities. Wayfair’s commercial technology output is retail e-commerce and is not known to be subject to military-end-use export controls. No public evidence identified.

Data Protection & Privacy Enforcement

No public evidence was identified of a data-protection enforcement action specifically concerning Wayfair’s data flows to or from Israeli entities or infrastructure. No public evidence identified.

Evidence Gaps

  1. Full IT and security vendor stack (highest priority) - As with most private-sector retailers, Wayfair does not publicly disclose its sub-strategic IT and security vendor relationships; Israeli-origin cybersecurity vendor exposure cannot be positively excluded on public evidence.
  2. In-store retail technology - Loss-prevention, video-analytics, and checkout vendors at Wayfair’s new large-format stores are not publicly named; Israeli-origin technology embedded within their stacks cannot be assessed.
  3. me-west1 data residency - Whether any Wayfair Google Cloud workload has the Tel Aviv (me-west1) region enabled is not publicly disclosed.
  4. Riskified relationship depth - The Riskified procurement (Wayfair as customer) is confirmed from 2018 and extended in 2021, but contract scope, data-flow specifics, and current status are not fully disclosed.

End Notes

Footnotes

  1. https://www.googlecloudpresscorner.com/2022-10-11-Wayfair-Selects-Google-Cloud-in-Shift-from-Hybrid-Cloud-to-Unified-Public-Cloud-Strategy 2 3 4 5 6 7 8

  2. https://www.googlecloudpresscorner.com/2025-01-12-Wayfair-and-Google-Cloud-Announce-Expanded-Partnership-to-Transform-Online-Retail-with-Gemini 2

  3. https://www.pymnts.com/news/security-and-risk/2021/wayfair-riskified-lengthen-fraud-prevention-partnership/ 2 3

  4. https://www.businesswire.com/news/home/20210901005338/en/Riskified-and-Wayfair-Extend-Partnership-to-Further-Optimize-the-Omnichannel-Purchase-Journey-While-Reducing-Fraud 2

  5. https://en.wikipedia.org/wiki/Riskified 2 3

  6. https://www.calcalistech.com/ctech/articles/0,7340,L-3911569,00.html

  7. https://moneyinc.com/riskified-ceo-eido-gal/

  8. https://re-tech.io/blog/events/meet-54-israeli-retail-tech-companies-at-nrf-2024/

  9. https://www.checkpoint.com/press-releases/check-point-software-technologies-and-wiz-enter-strategic-partnership-to-deliver-end-to-end-cloud-security/

  10. https://www.sec.gov/cgi-bin/browse-edgar?action=getcompany&CIK=0001616707&type=10-K&dateb=&owner=include&count=10 2

  11. https://www.cnbc.com/amp/2024/05/16/wayfair-to-open-first-large-store-outside-of-chicago.html 2

  12. https://www.retaildive.com/news/wayfair-opens-second-large-format-store-atlanta/742658/ 2

  13. https://www.timesofisrael.com/googles-first-local-cloud-region-for-israel-goes-live/

  14. https://en.wikipedia.org/wiki/Project_Nimbus

  15. https://www.972mag.com/project-nimbus-contract-google-amazon-israel/

  16. https://www.theguardian.com/technology/2024/apr/19/google-workers-protest-project-nimbus-israel-contract 2

  17. https://www.notechforapartheid.com/ 2

  18. https://www.upguard.com/security-report/wayfair-com

  19. https://www.aboutwayfair.com/careers/locations 2

  20. https://www.builtinboston.com/2021/04/21/wayfair-hiring-1000-new-engineering-offices

  21. https://www.nytimes.com/2019/06/26/business/wayfair-walkout-protest.html

  22. https://www.npr.org/2019/06/26/736344154/wayfair-employees-walk-out-to-protest-sales-to-immigrant-detention-facilities

  23. https://masjidalaqsa.com/boycott-safe/wayfair-israel-bds