ExpatNav
HomeLegal

Privacy Policy & GDPR

How we collect, use, and protect your data. We are committed to GDPR compliance under EU Regulation 2016/679 and the German Federal Data Protection Act (BDSG).

Last updated: 2026-05-21

1. Who we are

ExpatNav is operated by [Your legal name or company]. Our contact details are in the Impressum. We are the data controller under Article 4 (7) GDPR for the personal data processed on this website.

2. Data we collect automatically

When you visit our website, your browser automatically sends technical data that we log for security and operational reasons:

  • Anonymized IP address (last octet stripped within 24h)
  • Browser type, version, and language
  • Operating system
  • Referring URL (which page sent you here)
  • Visited URL and timestamp

Legal basis: Art. 6 (1) (f) GDPR — legitimate interest in stable site operation and abuse prevention. Logs are deleted after 14 days.

3. Cookies and similar technologies

We use a minimal set of cookies. Details and your choices are in our Cookie Policy. You can change consent at any time through the cookie banner.

4. Account and membership data

If you sign up for an account or community membership, we process:

  • Email address and password (hashed, never stored in plain text)
  • Display name and country
  • Subscription status, trial dates, and Stripe customer ID
  • Forum or community posts you publish

Legal basis: Art. 6 (1) (b) GDPR — performance of a contract. Data is retained for the duration of your account plus 30 days after deletion, except where retention is required by law.

5. Newsletter

If you subscribe to the newsletter, we store your email and the subscription timestamp. We send our newsletter via Resend (resend.com). You can unsubscribe at any time via the link in every email.

Legal basis: Art. 6 (1) (a) GDPR — consent.

6. Payments

Membership payments are processed by Stripe Payments Europe Ltd., Dublin, Ireland. We never see your full card number — only the last 4 digits and a Stripe customer ID. Stripe's privacy policy: stripe.com/privacy.

7. Affiliate tracking

When you click a provider link, we may pass an anonymous click ID to the provider so they can credit our affiliate account if you sign up. No personal data is shared. See our Disclaimer.

8. Analytics

We use privacy-friendly analytics with anonymized IPs and no cross-site tracking. No data is shared with third-party advertising networks.

9. Third-party services on this site

  • Vercel — hosting (data centers in the EU)
  • Supabase — database (EU region)
  • Sanity — CMS for articles (EU region)
  • Frankfurter.app — currency conversion (no personal data sent, only currency codes)
  • Google AdSense — advertising (US-based). Consent required and obtained via cookie banner.

10. Your rights under GDPR

You have the right to:

  • Access your data (Art. 15)
  • Correction (Art. 16)
  • Erasure / right to be forgotten (Art. 17)
  • Restriction of processing (Art. 18)
  • Data portability (Art. 20)
  • Object to processing (Art. 21)
  • Withdraw consent at any time (Art. 7)
  • Lodge a complaint with a supervisory authority (Art. 77) — for example the Berliner Beauftragte für Datenschutz und Informationsfreiheit

To exercise any right, email privacy@expatnav.com. We respond within 30 days.

11. International transfers

Some sub-processors are located in the United States (Google, Stripe, Resend). Transfers rely on the EU-U.S. Data Privacy Framework and the EU Standard Contractual Clauses where applicable.

12. Changes to this policy

We update this policy when the law changes or our processing changes. The "last updated" date at the top reflects the current version. Material changes are announced via email if you have an account.