Privacy Policy

1. Introduction

Move Abroad (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

We collect information you voluntarily provide when using our Service:

• Account Information: Name, email address, password, and profile details when you register
• Profile Information: Country of origin, current location, citizenship status, and relocation interests
• Communications: Messages you send through our community features, including group chats and direct messages
• Contributions: Content you submit, including pathway updates, corrections, and source citations
• Payment Information: Billing details and transaction history for premium subscriptions (processed securely through Stripe)

2.2 Automatically Collected Information

When you access our Service, we automatically collect:

• Device Information: Browser type, operating system, device identifiers, and screen resolution
• Usage Data: Pages visited, features used, search queries, and interaction patterns
• Log Data: IP address, access times, referring URLs, and error logs
• Cookies and Similar Technologies: Session cookies, authentication tokens, and analytics identifiers

2.3 Information from Third Parties

If you sign in using Google OAuth, we receive your name, email address, and profile picture from Google. We do not receive your Google password or access to other Google services.

3. How We Use Your Information

We use collected information to:

• Provide, maintain, and improve our Service
• Create and manage your account
• Process transactions and send related information
• Send notifications about your account, contributions, and saved searches
• Personalize your experience with relevant content and recommendations
• Enable community features and facilitate user communications
• Respond to your comments, questions, and support requests
• Monitor and analyze usage trends to improve user experience
• Detect, prevent, and address technical issues and security threats
• Enforce our Terms of Service and Community Guidelines
• Comply with legal obligations

4. How We Share Your Information

We do not sell your personal information. We may share your information in these circumstances:

4.1 Service Providers

We share information with third-party vendors who perform services on our behalf:

• Stripe: Payment processing (see Stripe's Privacy Policy)
• Neon: Database hosting
• Vercel: Website hosting and analytics
• Email Providers: Transactional email delivery
• Google Analytics: Usage analytics (anonymized)

4.2 Community Interactions

Information you share in community groups, including your display name and messages, is visible to other group members. Your public profile information may be visible to other authenticated users.

4.3 Legal Requirements

We may disclose your information if required by law, legal process, or government request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3
• Encryption at Rest: Sensitive data is encrypted in our database
• End-to-End Encryption: Private messages use client-side encryption with TweetNaCl (XSalsa20-Poly1305), ensuring only intended recipients can read them
• Secure Authentication: Passwords are hashed using bcrypt; we support OAuth for passwordless login
• Access Controls: Role-based access control limits who can access sensitive information
• Regular Audits: We perform security assessments and vulnerability scanning

While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to provide our services and fulfill the purposes described in this policy:

• Account Data: Retained while your account is active and for 30 days after deletion request
• Transaction Records: Retained for 7 years for tax and legal compliance
• Usage Logs: Retained for 90 days for security and debugging purposes
• Encrypted Messages: Retained until deleted by users; encryption keys are stored locally on your device
• Backup Data: Retained in backups for up to 30 days after deletion

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

7.1 General Rights

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data
• Data Portability: Request your data in a machine-readable format
• Opt-Out: Unsubscribe from marketing communications at any time

7.2 GDPR Rights (EU/EEA Residents)

If you are in the European Union or European Economic Area, you have additional rights under GDPR:

• Right to restrict processing of your data
• Right to object to processing based on legitimate interests
• Right to withdraw consent at any time
• Right to lodge a complaint with a supervisory authority

7.3 CCPA Rights (California Residents)

California residents have additional rights under the California Consumer Privacy Act:

• Right to know what personal information is collected, used, and shared
• Right to delete personal information
• Right to opt-out of the sale of personal information (we do not sell data)
• Right to non-discrimination for exercising your rights

8. Exercising Your Rights

To exercise your privacy rights:

• Profile Settings: Update or delete your account information in your profile settings
• Email Preferences: Manage notification preferences in your account settings
• Data Export: Request a data export through your account settings or by contacting us
• Account Deletion: Request account deletion through settings or by emailing us
• Contact Us: Email privacy@moveabroad.com for any privacy-related requests

We will respond to verified requests within 30 days. We may need to verify your identity before processing requests.

9. Cookies and Tracking Technologies

We use the following types of cookies:

9.1 Essential Cookies

Required for the Service to function. These include authentication tokens and session identifiers. You cannot opt out of essential cookies.

9.2 Analytics Cookies

Help us understand how visitors interact with our Service. We use Google Analytics with IP anonymization enabled.

9.3 Preference Cookies

Remember your settings, such as language and display preferences.

9.4 Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may affect Service functionality. Most browsers allow you to:

• View what cookies are stored
• Delete individual or all cookies
• Block third-party cookies
• Block cookies from specific sites
• Block all cookies

10. Third-Party Links and Services

Our Service may contain links to third-party websites and services, including:

• Government immigration and visa websites
• External job boards and real estate platforms
• Partner service providers
• Social media platforms

We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any personal information.

11. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@moveabroad.com. We will promptly delete such information.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from your jurisdiction.

When we transfer data internationally, we implement appropriate safeguards:

• Standard Contractual Clauses approved by the European Commission
• Data processing agreements with service providers
• Technical measures including encryption

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the “Last updated” date at the top of this policy
• Sending an email notification for significant changes (if you have an account)
• Displaying a prominent notice on our Service

Your continued use of the Service after changes become effective constitutes your acceptance of the revised policy.

14. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

For GDPR-related inquiries, you may also contact your local data protection authority.

15. Privacy Practices Summary