Built for regulated finance

Your money,
our protection.

Wiremi is a registered Canadian money services business with the same security controls Canadian banks use. Here is exactly how we protect your funds, your identity, and your access.

Get Protected

What protects your account

Six layers of defence around every Wiremi account. None of these are optional add-ons. Every account gets all of them on day one.

Encrypted in transit and at rest

All traffic between your phone and Wiremi runs over TLS. Account data, identity documents, and transaction history are stored in encrypted Cloud SQL Postgres using AES-256 disk encryption. We never store your raw PIN. Only a salted, hashed version.

Biometric authentication

Face ID, Touch ID, and Android fingerprint unlock the Wiremi app so your PIN never has to be typed in public. Biometric data stays on your device. We never see it or store it on our servers.

Two-factor authentication

Every high-value action (sending money, withdrawing savings, changing your PIN) requires a second factor. You can use SMS, email, or an authenticator app. Wiremi prompts you for biometric reconfirmation on a new device automatically.

Real time transaction monitoring

Our fraud engine watches every transaction the moment it happens and flags patterns associated with stolen credentials, account takeover, money mule activity, and unusual velocity. Suspicious transactions get held, not silently approved.

Device management

See every device that has logged into your account, with last-active timestamps. Revoke a session from any other device in one tap. New device logins trigger an alert to your registered email and your existing trusted devices.

Smart alerts

Instant push, email, and in-app notifications for every login, transfer, savings withdrawal, and profile change. Alerts arrive within seconds of the event so you spot something wrong before it costs you.

What protects the platform

Account features matter, but they only work if the platform underneath them is sound. In March 2026 we completed a full security hardening of the backend. Here is what runs under the hood.

Hosted on Google Cloud

Wiremi runs on Google Cloud Run with managed Cloud SQL Postgres. The same infrastructure tier used by global banks and regulated fintechs. We do not run our own servers in a closet.

Private VPC networking

Our backend services talk to each other over a private virtual network, not the public internet. Even if an attacker found a service URL, they would still hit a closed door because internal traffic requires per-service API keys.

Web Application Firewall

Cloud Armor sits in front of our public endpoints. It filters known attack patterns (SQL injection, common scrapers, abusive bots, credential stuffing) before requests ever reach a Wiremi server.

Per service authentication

Every internal service has its own rotating API key. A token issued for one service cannot be used to call another. Keys live in Google Secret Manager, never in source code, never in environment files.

Regulated, registered, accountable

Wiremi is not a side project. We are a Canadian financial institution under active federal oversight, with the same baseline obligations as a chartered bank when it comes to identity verification, sanctions screening, and record keeping.

FINTRAC registered Money Services Business

MSB registration #M23401666. We are bound by the Proceeds of Crime (Money Laundering) and Terrorist Financing Act, which requires us to verify your identity, screen against sanctions lists, and report suspicious activity.

RPAA registered Payment Service Provider

Bank of Canada registration #RPS0002269 under the Retail Payment Activities Act. This means safeguarding of end user funds, operational risk requirements, and direct supervision by the Bank of Canada.

Canadian incorporation and data residency

Wiremi is incorporated in Canada. User data is hosted on Google Cloud and subject to Canadian privacy law (PIPEDA) and provincial equivalents.

Read the full compliance page

Your responsibilities

Security is a shared project. The most sophisticated infrastructure in the world cannot help if someone gives away their PIN over the phone. A short list of things only you can do.

Never share your PIN, password, or verification codes with anyone, including someone claiming to be from Wiremi. We will never ask.
Enable biometric authentication so you do not have to type your PIN in public.
Review your transaction history at least weekly. Most fraud is caught faster by the account holder than by any system.
Report suspicious activity immediately through the app. Held transactions can usually be reversed if you flag them within 24 hours.
Keep your contact information up to date so security alerts actually reach you.
Use a unique, strong PIN. Avoid birthdays, repeating digits, or your Wiremi ID number.

Found a vulnerability?

We work with the security research community. If you believe you have found a vulnerability in any Wiremi product, infrastructure, or website, please report it before disclosing publicly. We commit to acknowledging your report within 48 hours and to keeping you informed as we investigate.

Out of scope: social engineering of Wiremi staff, denial of service, and any testing that affects other users (e.g., brute forcing real accounts). Please use a Wiremi test account for proof of concepts.

Report a vulnerability