Legal · WaveStorm Technologies Inc.

Privacy Policy

Effective: January 15, 2026

Plain-language summaryThis Site is a B2B brochure for defence and government procurement professionals. We do not use cookies, analytics, or trackers. The only personal information we collect is what you choose to send us through the contact form, which we use to respond to your enquiry. We process your IP address briefly (hashed) to throttle abusive form submissions. Cloudflare is the only third-party in front of the Site; we do not sell or share your information.

Contents

Scope
Information we collect
How we use your information
Legal basis: consent
Sub-processors and third-party recipients
International transfers
Retention
Security
Your rights under PIPEDA
Children
Anti-spam (CASL)
Privacy Officer / contact
Changes to this Policy

WaveStorm Technologies Inc. (“WaveStorm”, “we”, “us”, “our”) respects your privacy and is committed to protecting personal information in accordance with the federal Personal Information Protection and Electronic Documents Act (PIPEDA, S.C. 2000, c. 5) and applicable Ontario law. This Privacy Policy explains what information we collect through https://www.wavestorm.ca (the “Site”), how we use it, with whom we share it, and the rights you have.

This is a business-to-business website. We do not sell goods or services to consumers through this Site.

1. Scope

This Policy applies to information collected through the Site. It does not apply to:

information you share with us outside the Site (telephone, in person, trade shows, RFP processes, or under a separate written agreement);
third-party sites linked from the Site (for example, LinkedIn), which are governed by their own privacy notices;
information processed by sub-processors operating on our behalf, except as described in section 5.

2. Information we collect

2.1 Information you provide

When you submit our Capability Brief Request form, we collect the following:

First and last name
Organisation name
Email address
Area of interest (selected from a fixed list)
Programme details (free-form text)

You decide what to include in the free-form fields. Please do not submit information that is classified, controlled, or otherwise restricted under Canadian export-control or security legislation. The Site is not authorised to receive such information.

2.2 Technical information collected automatically

When you visit the Site, our server temporarily processes:

Your IP address — used only to enforce form-submission rate limits, stored as a SHA-256 hash for one hour, and then discarded;
Standard request metadata (HTTP method, requested path, user-agent string) in transient web-server logs.

We do not use cookies, web beacons, analytics scripts, advertising trackers, or browser session storage on this Site.

3. How we use your information

We use the information you provide to:

respond to your enquiry and route it to the appropriate sales contact;
send a one-time, transactional acknowledgement confirming receipt;
maintain a record of correspondence for the duration of any subsequent commercial discussion;
protect the Site against abuse (rate limiting, anti-spam).

We do not use your information for marketing, profiling, advertising, or automated decision-making, and we do not sell or rent personal information to anyone.

By submitting the contact form, you provide express consent for the purposes set out in section 3. You may withdraw consent at any time by emailing privacy@wavestorm.ca, subject to legal or contractual restrictions and reasonable notice.

5. Sub-processors and third-party recipients

We use the following third parties to operate the Site and to process the information you submit:

Cloudflare, Inc. (United States, with global edge presence) — content delivery, TLS termination, DDoS mitigation, and bot protection. All requests to the Site transit Cloudflare's network. Cloudflare may temporarily process your IP address, request metadata, and TLS handshake data for security and routing. See Cloudflare's privacy notice at https://www.cloudflare.com/privacypolicy/.
Our hosting provider (Canada) — server hosting and SMTP mail relay. The contact form delivers your enquiry to our internal sales mailbox via the host's mail relay.

We do not transfer your information to advertising networks, data brokers, or analytics providers. Our sub-processors are bound by contract and applicable law to use the information only for the purposes for which we engage them.

6. International transfers

Cloudflare's network spans multiple jurisdictions. As a result, your IP address and request metadata may transit infrastructure located outside Canada (including in the United States) for security and delivery purposes. Such information remains subject to PIPEDA and to the laws of the jurisdictions through which it transits, which may include lawful access by foreign government authorities.

7. Retention

Form submissions — retained in our internal sales mailbox for the duration of any active discussion and for a reasonable period thereafter, typically not exceeding 24 months from last contact, unless a longer period is required for legal, contractual, or audit reasons.
Rate-limit hashes — automatically deleted one hour after the corresponding submission.
Mail-error logs — retained for up to 90 days for diagnostics, then deleted.

8. Security

We protect personal information using safeguards proportionate to its sensitivity, including:

HTTPS (TLS) for all Site traffic, with HTTP Strict Transport Security (HSTS);
a strict Content Security Policy and other defensive HTTP response headers;
server-side input validation, header-injection protection, and an honeypot field on the contact form;
rate limiting on form submissions to deter automated abuse;
storing IP addresses only as one-way SHA-256 hashes;
restricting internal access to enquiry data to staff who need it.

No method of internet transmission or storage is perfectly secure. While we apply reasonable safeguards, we cannot guarantee absolute security.

9. Your rights under PIPEDA

Subject to PIPEDA, you have the right to:

Access — request a copy of the personal information we hold about you;
Correction — request that we correct inaccurate or incomplete information;
Withdraw consent — withdraw consent to our use of your information for any future purpose;
Complain — make a complaint to our Privacy Officer or to the Office of the Privacy Commissioner of Canada.

To exercise these rights, contact our Privacy Officer using the details in section 12. We will respond within 30 days and may extend that period in limited circumstances permitted by PIPEDA.

10. Children

The Site is intended for procurement, engineering, and government professionals. We do not knowingly collect personal information from individuals under 18 years of age. If you believe a minor has submitted information, please contact us so that we can delete it.

11. Anti-spam (CASL)

We comply with Canada's Anti-Spam Legislation (S.C. 2010, c. 23). The auto-acknowledgement we send in response to your enquiry is a transactional message exempt from consent requirements under subsection 6(6) of CASL. We do not send unsolicited commercial electronic messages from this Site.

12. Privacy Officer / contact

Our Privacy Officer is responsible for compliance with this Policy and with PIPEDA. To exercise your rights or to ask any question about this Policy:

Email: privacy@wavestorm.ca
Postal:
WaveStorm Technologies Inc.
Attention: Privacy Officer
321 Johnston Avenue
North York, Ontario M2N 1H8
Canada

You may also contact the Office of the Privacy Commissioner of Canada at https://www.priv.gc.ca or 1-800-282-1376.

13. Changes to this Policy

We may update this Policy from time to time. The “Effective” date at the top of the Policy will reflect the most recent revision. Material changes will be highlighted on the Site or notified directly where practicable.