Compliance
PIPEDA
Effective date: June 25, 2026
Wirehead is bound by the federal Personal Information Protection and Electronic Documents Act (PIPEDA) as a private-sector organization handling personal information for commercial activity in Canada. This page summarizes how we comply.
Ten principles
PIPEDA is organized around ten fair-information principles. The summary below describes how Wirehead applies each one. The full implementation detail — code locations, table schemas, retention windows — is in our publicly available diligence archive.
- Accountability. The Founder is the named Chief Privacy Officer at v1.0.0; contact privacy@wirehead.com.
- Identifying purposes. Every form on the Platform states what the information will be used for above the submit button.
- Consent. Express opt-in for marketing emails. Implied consent for transactional emails (application confirmation, magic-link sign-in). Withdrawable at any time.
- Limiting collection. We collect only what we need to match candidates to contracts. Optional fields are clearly marked.
- Limiting use, disclosure, and retention. Personal information is disclosed to the recruiter assigned to your application and to the third-party processors disclosed in our Privacy Policy. Retention follows the purpose: applications are kept for the duration of the recruitment cycle; deleted accounts are soft-deleted with a 24-hour restore window, then hard-deleted.
- Accuracy. You can correct your profile at any time from /account.
- Safeguards. Encryption at rest and in transit. Database access scoped to a small operational set. Authentication via Auth.js with database sessions (not JWTs), enabling immediate server-side revocation.
- Openness. Our processors, data flows, and retention practices are publicly disclosed under /privacy and /trust.
- Individual access. Signed-in users see and edit their own data at /account. A formal data-export endpoint is post-launch — until then, contact privacy@wirehead.com for a copy.
- Challenging compliance. Concerns can be addressed to privacy@wirehead.com. Unresolved concerns can be escalated to the Office of the Privacy Commissioner of Canada.
Breach notification
Wirehead has a documented breach-notification process. If a breach of security safeguards creates a real risk of significant harm to an affected individual, we will notify the individual and the Office of the Privacy Commissioner of Canada as required by PIPEDA §10.1.
