Trust & Governance

How We Earn Your Trust

Wirehead places senior I&IT contractors into the most regulated workplaces in Canada — federal departments, Crown corporations, and Schedule I banks. The expectations those clients have for a vendor are the expectations we hold ourselves to. This page makes our posture inspectable.

Our four pillars

Privacy by default

Personal information is collected only when it's needed for matching, application processing, or compliance — and only kept for as long as the lawful basis lasts. Candidates can review, correct, and request deletion of their data at any time.

Security as a discipline

Encrypted transport and storage, role-based access on every internal surface, MFA mandatory on every administrative account, automated dependency monitoring, and a documented incident-response runbook.

Canadian sovereignty

Wirehead Corporation is incorporated in Ontario, headquartered in Toronto, and operates under PIPEDA and Quebec Law 25. The platform ships in EN-CA and FR-CA at parity per Bill 96. Data residency in Canada Central is on the post-launch roadmap.

Transparency, not theatre

We don't claim certifications we haven't earned. SOC 2 is targeted, not yet attested. AI Match is disclosed in plain language. Every processor that touches your data is named in the Privacy Policy.

Compliance frameworks

Wirehead is designed against the Canadian regulatory baseline that our clients are obligated to enforce. Each framework links to a dedicated page where one exists.

PIPEDA

Personal Information Protection and Electronic Documents Act — the federal Canadian privacy law that governs how organisations collect, use, and disclose personal information in the course of commercial activity.

Learn more

Quebec Law 25

Formerly Bill 64. Quebec's strengthened privacy regime — adds consent specificity, breach reporting, cross-border transfer impact assessments, and a right to data portability.

Learn more

Quebec Bill 96 (French language)

All public surfaces ship in EN-CA and FR-CA at parity. Communications with Quebec users default to French unless they opt into English.

CASL

Canada's Anti-Spam Legislation. Every commercial email Wirehead sends includes a one-click unsubscribe link and a clear sender identifier. Consent is captured explicitly, never implied.

SOC 2 — Type I and Type II

Wirehead is architected to the SOC 2 trust services criteria. Type I and Type II attestations are targeted post-launch on an annual audit cycle. The platform is NOT yet attested — we will publish reports here as they land.

Learn more

Security practices

Day-to-day controls that protect personal information and platform integrity.

  • Encryption in transit and at rest TLS 1.2+ everywhere on the public surface. Disk-level and database-level encryption on Neon, Cloudflare R2, and Vercel storage.
  • Multi-factor authentication MFA is mandatory on every Wirehead administrative account and required for sign-in to the recruiter admin surface.
  • Point-in-time backups Daily automated database backups with point-in-time recovery via Neon. Tested restore drills on a defined cadence.
  • Role-based access control Least-privilege access on internal tools. Recruiter, admin, and engineering roles are partitioned; access reviews on a quarterly cadence.
  • Vendor diligence Every third-party processor is reviewed for security posture, sub-processor disclosure, and data residency before integration. The full list is named in the Privacy Policy.
  • Incident response runbook Documented runbook for detection, containment, notification, and post-mortem. Privacy and security incidents notify affected users in line with PIPEDA and Law 25 breach-notification requirements.

Insurance & coverage

Wirehead Corporation carries the commercial insurance that enterprise clients expect from a vendor of record. Coverage applies to all active contractor engagements placed through the platform.

Errors & Omissions

Professional liability cover for advice, recommendations, and services delivered by Wirehead Corporation.

General Liability

Commercial general liability covering third-party bodily injury and property damage arising from Wirehead's business operations.

WSIB

Workplace Safety and Insurance Board cover for workplace injury claims, applied per the Ontario regulatory framework.

Independent review

The Wirehead Platform is currently under capitalizable IP diligence by KPMG. The diligence package — architecture, quality gates, security posture, regulatory compliance, and operational readiness — is available to qualified reviewers under NDA. Reach out to trust@wirehead.com to begin the access process.

Questions about how we handle your data?

Reach our Trust team for security disclosures and compliance questions, or our Chief Privacy Officer for privacy-specific requests including access, correction, and deletion.