Privacy Policy

Introduction

ImmiWave Inc. ("ImmiWave", "we", "us", or "our") operates the ImmiWave platform, an AI-powered immigration case management system. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our services.

We are committed to protecting your privacy in compliance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), the General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA).

Information We Collect

Account Information

• Name and email address
• Phone number (optional)
• Company or organization name
• Professional role (practitioner, client, or provider)
• Password (stored encrypted via Supabase Auth)

Case Information

• Case titles, descriptions, and deadlines
• Visa type and application status
• Priority levels and notes

Document Information

• Uploaded immigration documents (passports, IDs, financial records, etc.)
• Document metadata (file name, type, size)
• AI-generated verification notes and analysis

Technical Information

• Browser type and version
• Device information
• IP address and access timestamps
• Cookies and session data

How We Use Your Information

We use the information we collect to:

• Provide and maintain our immigration case management services
• Authenticate users and manage accounts
• Process and verify immigration documents using AI
• Facilitate collaboration between practitioners and clients
• Communicate with you about your account and cases
• Detect and prevent fraud or unauthorized access
• Improve our platform and develop new features
• Comply with legal obligations and regulatory requirements

AI Document Processing

When you upload documents for verification, we use Google Gemini 1.5 Flash to analyze document content. This process:

• Requires your explicit consent before processing
• Uses a secure, signed URL to access your document
• Analyzes document type, validity, and key information
• Stores analysis results in your case records
• Does not retain document data beyond your account

Google processes this data as a data processor under our Data Processing Agreement. You may opt out of AI verification at any time.

Information Sharing

We do not sell your personal information. We share data only in the following circumstances:

Service Providers

• Supabase: Hosting, database, authentication, and file storage
• Google: AI document verification (Gemini)

All service providers operate under Data Processing Agreements and are restricted to processing data only as instructed by us.

Within the Platform

If you are a client, your practitioner may access case information and documents you upload. If you are a practitioner, your assigned clients can view cases they are associated with.

Legal Requirements

We may disclose your information if required by law, regulation, or legal process, or to protect the rights, property, or safety of ImmiWave, our users, or others.

Data Security

We implement industry-standard security measures:

• AES-256 encryption for data at rest and in transit
• Row-Level Security (RLS) on all database tables
• Private storage buckets with access controls
• Cookie-based authentication sessions
• Role-based access control
• Regular security audits

Data Retention

We retain your information for the following periods:

• Account data: Until you delete your account
• Case data: Until the case is deleted or your account is deleted
• Documents: Until deleted by you or your account is deleted
• Waitlist data: Until we launch or you request removal

After account deletion, we may retain anonymized, aggregated data for analytics. Backup copies are purged within 30 days.

International Data Transfers

ImmiWave is hosted on Supabase infrastructure. Depending on your location, your data may be processed in the United States or other countries. We ensure adequate protection through:

• Standard Contractual Clauses (SCCs)
• Data Processing Agreements with all providers
• Technical and organizational security measures

Cookies

We use cookies for:

• Authentication: Session management via Supabase Auth cookies
• Security: CSRF protection and fraud prevention

We do not use advertising or tracking cookies. You can control cookies through your browser settings, though disabling authentication cookies will prevent you from using the platform.

Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access your personal information
• Correct inaccurate information
• Delete your account and data
• Export your data in a portable format
• Object to or restrict processing
• Withdraw consent at any time

To exercise these rights, contact us at privacy@immiwave.com. We will respond within 30 days.

Children's Privacy

ImmiWave is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on our platform. Your continued use of ImmiWave after changes are posted constitutes acceptance of the updated policy.

Related Policies

Contact Us

For questions about this Privacy Policy or to exercise your privacy rights: