Privacy Policy

1. Introduction

BorderProof ("we," "us," or "our") operates the BorderProof platform, a technology and informational service that helps users explore visa and immigration pathways. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our website and services.

2. Information We Collect

We collect the following categories of information:

Account Information

When you create an account, we collect your full name, email address, phone number, country code, and avatar (if provided).

Eligibility Assessment Data

When you use our eligibility checker, we collect information you provide including: citizenship, country of residence, age, passport expiry date, employment status, occupation, years of experience, whether you have a job offer, remote work status, income and currency, willingness to invest, education level, English proficiency, marital status, number of dependents, and destination preferences.

Sensitive Personal Data

CV/Resume Data

If you upload a CV or resume, the document content is sent to Google Gemini AI for data extraction. Information extracted may include your name, work experience, job titles, employers, education history, skills, and qualifications. Uploaded files are processed transiently and are not permanently stored on our servers.

Saved Content

We store information about visas you save, searches you perform, and articles you bookmark.

Usage & Technical Data

We automatically collect information about how you use our platform, including pages visited, features used, IP address, browser type, device information, and session data.

Contact Form Data

If you contact us through our website, we collect your name, email address, phone number, and message content. This information is sent to HubSpot for customer relationship management.

3. How We Use Your Information

We use the information we collect to:

• Provide visa eligibility results and pathway recommendations
• Personalise your experience and recommendations
• Save your preferences, saved visas, and search history
• Send marketing communications such as visa pathway updates, feature announcements, and eligibility-related content (only with your consent)
• Manage customer relationships via our CRM
• Analyse usage patterns to improve our services
• Manage feature rollouts and platform configuration
• Maintain the security and integrity of our platform

4. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA) or United Kingdom, we process your data on the following legal bases:

• Consent: For marketing communications and CV/resume uploads for AI processing.
• Contract performance: For providing our core service, including storing your profile and eligibility data to generate visa eligibility results.
• Legitimate interests: For analytics, platform security, and service improvement.

5. Third-Party Services

We use the following third-party services to operate our platform:

• Supabase: Provides authentication and database services. All profile and eligibility data is stored in Supabase with row-level security (RLS) enforced.
• Google Gemini AI: Processes CV/resume uploads for data extraction. Your document data may be processed outside your country of residence.
• HubSpot CRM: For users who opt in to marketing communications, we share profile and eligibility data with HubSpot including email, name, occupation, employment status, job offer status, income range, education level, destination preferences, and behavioural events. HubSpot places a tracking cookie on your device.
• Google Analytics (GA4): Collects browsing behaviour, session data, and usage patterns.
• LaunchDarkly: Manages feature flags and platform configuration. For logged-in users, receives user ID and email address.

We do not sell your personal data to any third party.

6. Cookies and Tracking

Our platform uses the following cookies and tracking technologies:

• Essential cookies: Supabase authentication session tokens, required for the platform to function.
• Analytics cookies: Google Analytics cookies used to understand how visitors interact with our platform.
• Marketing cookies: HubSpot tracking cookie (hubspotutk) used for CRM and marketing purposes.
• Feature management: LaunchDarkly cookies used to manage feature flags and platform configuration.
• localStorage: We store eligibility wizard state, saved items, and eligibility results (with a 30-minute expiry) in your browser's local storage.

You can manage cookies through your browser settings. Disabling certain cookies may affect the functionality of the platform.

7. Data Retention

We retain your data for the following periods:

• Account data: Retained until you delete your account.
• Eligibility profiles: Retained until you delete your account or request deletion.
• localStorage data: Retained in your browser until you clear it or it expires (eligibility results expire after 30 minutes).
• CV/resume uploads: Processed transiently only; not permanently stored.
• HubSpot data: Retained in accordance with HubSpot's data retention policies.
• Analytics data: Retained in accordance with our Google Analytics configuration settings.

8. International Data Transfers

Your personal data may be transferred to and processed in countries outside your country of residence, including the United States and other jurisdictions, through our use of Supabase, Google (Gemini AI and Analytics), HubSpot, and LaunchDarkly. These transfers are necessary to provide our services to you.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data. These include row-level security (RLS) policies on our database, HTTPS/TLS encryption for all data in transit, server-side API key management, and secure authentication through Supabase Auth. However, no system is 100% secure, and we cannot guarantee the absolute security of your data.

10. Your Rights

Under GDPR (EEA/UK residents): You have the right to access, rectify, erase, and port your personal data. You may also restrict or object to processing and withdraw consent at any time.

Under CCPA (California residents): You have the right to know what personal information we collect and how it is used, request deletion of your personal information, and opt out of the sale of personal information (we do not sell your data). We will not discriminate against you for exercising your rights.

To exercise any of these rights, please contact us at privacy@borderproof.com.

11. Marketing Communications

We only send marketing communications to users who have opted in during account creation. Marketing communications may include visa pathway updates, feature announcements, and eligibility-related content. You can opt out at any time by using the unsubscribe link in any marketing email or by contacting us. Your marketing consent preference and the timestamp of your consent are recorded.

12. Children's Privacy

BorderProof is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete that information promptly.

13. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users within 72 hours via email and/or platform notification. We will also notify relevant supervisory authorities as required by applicable law.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered users, and the "Last updated" date at the top of this page will be revised. Continued use of the platform after changes constitutes acceptance of the updated policy.

15. Contact

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us at privacy@borderproof.com.