Compliance
Last updated: September 20, 2025
We operate with an emphasis on transparent processes, auditability, and reliable delivery. This page summarizes our posture and customer considerations. It is not legal advice.
Data governance
- Role-based access, data minimization, and purpose limitation.
- Retention schedules aligned with legal and operational needs.
- Vendor due diligence and contractual safeguards.
Regulatory considerations
- Privacy: see our Privacy Policy for rights and processing bases.
- Payments: handled by PCI-compliant providers; we do not store raw card data.
- Consumer protection: policies designed for clarity on refunds, delivery, and communications.
Customer obligations
- Comply with applicable laws in regions where you operate and sell.
- Honor platform terms and event policies.
- Protect credentials, keys, and any data exported from the Services.
Subprocessors
We work with infrastructure, analytics, communications, and payment vendors. A current list is available upon request to admin@whif.ca.
Agreements and documentation
- Data Processing Addendum (DPA) available for eligible customers.
- Security overview and questionnaire on request.
- Service Level Agreement (SLA) included in applicable order forms.
Reporting concerns
Report suspected policy or compliance issues to admin@whif.ca. For security matters, see Security.