PIPEDA Compliance

Overview

ImmiWave is committed to complying with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). This page outlines how we adhere to the 10 fair information principles that form the foundation of PIPEDA.

1. Accountability

ImmiWave Inc. is responsible for personal information under its control. We have designated a Privacy Officer who is accountable for our compliance with PIPEDA principles. All employees and contractors are trained on our privacy policies and procedures.

2. Identifying Purposes

We identify the purposes for which personal information is collected at or before the time of collection. ImmiWave collects personal information solely for:

• Providing immigration case management services
• Verifying immigration documents using AI analysis
• Managing user accounts and authentication
• Communicating with users about their cases
• Improving our platform and services

3. Consent

We obtain meaningful consent before collecting, using, or disclosing personal information. Consent is obtained through:

• Clear terms of service and privacy policy acceptance
• Explicit consent for document verification via AI
• Granular consent options for marketing communications
• The ability to withdraw consent at any time

4. Limiting Collection

We collect only the personal information necessary for the identified purposes. Our intake forms and document requirements are designed to minimize data collection while meeting immigration processing needs.

5. Limiting Use, Disclosure, and Retention

Personal information is not used or disclosed for purposes other than those for which it was collected, except with consent or as required by law. We retain personal information only as long as necessary to fulfill the identified purposes or as required by applicable immigration regulations.

6. Accuracy

We take reasonable steps to ensure personal information is as accurate, complete, and up-to-date as necessary for the purposes for which it is used. Users can update their personal information at any time through their account settings.

7. Safeguards

We protect personal information with security safeguards appropriate to the sensitivity of the information:

• AES-256 encryption for data at rest and in transit
• Row-level security (RLS) on all database tables
• Private storage buckets with access controls
• Regular security audits and penetration testing
• Role-based access control for all platform users

8. Openness

We make readily available specific information about our policies and practices relating to the management of personal information. Our privacy policy, terms of service, and compliance documentation are accessible to all users.

9. Individual Access

Upon request, we inform individuals of the existence, use, and disclosure of their personal information and provide access to that information. Users may:

• View and download their personal data
• Request correction of inaccurate information
• Request deletion of their account and data
• Export their case documents

10. Challenging Compliance

Individuals may challenge our compliance with these principles by contacting our Privacy Officer. We have procedures in place to receive and respond to complaints and inquiries. All complaints are investigated and appropriate measures are taken to resolve them.

Contact Us

For questions about our PIPEDA compliance or to exercise your privacy rights, contact our Privacy Officer at: