ExpatNav

Privacy Policy

Datenschutzerklärung — Last updated: March 2026

1. Data Controller

The data controller responsible for this website is ExpatNav, [Your Full Name], [Your Address], Germany. Email: contact@expatnav.com.

See our Impressum for full contact details.

2. Data We Collect

We collect the following data:

  • Server logs: IP address (anonymized), browser type, pages visited, time of visit. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in website security and performance).
  • User reviews: Nationality, visa type, rating, review title, review text, pros and cons — submitted voluntarily via our review form. IP addresses are cryptographically hashed (SHA-256) before storage and are never stored in raw form. Legal basis: Art. 6(1)(a) GDPR (consent).
  • AI Chat messages:When you use our AI advisor chat widget, your messages are processed by OpenAI's API (see Section 8). Messages are not stored permanently on our servers and are not linked to your identity. Legal basis: Art. 6(1)(a) GDPR (consent — you initiate the chat).
  • Analytics: We use privacy-friendly analytics that do not use cookies and do not track individual users. No personal data is collected through analytics.

3. Local Storage (Browser)

We use your browser's localStorage to save your preferences and progress locally on your device. This data never leaves your browser and is not sent to our servers. You can clear it at any time via your browser settings.

Data stored in localStorage includes:

  • Checklist progress: Your Germany relocation checklist completion status, selected nationality, visa type, and arrival date.
  • Gamification data: Points, badges, and interaction history (comparisons viewed, reviews written).
  • UI preferences: Dark/light mode, dismissed alerts, toast notification preferences.
  • Quiz results: Your personality quiz result (if taken).

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in providing a personalized user experience). This data is equivalent to a preference cookie but stored via localStorage instead.

4. Cookies

This website uses only essential cookies required for the website to function (e.g., session handling). We do not use tracking cookies or advertising cookies.

Third-party services accessed through affiliate links may set their own cookies on the destination website. This happens only after you leave ExpatNavand is governed by the respective provider's privacy policy.

5. Affiliate Links

Some links on this website are affiliate links. When you click on an affiliate link and are redirected to a provider's website, that provider may set cookies on your device to track the referral. This is disclosed on every page containing affiliate links. Some links on this page are affiliate links. We may earn a commission if you sign up — at no extra cost to you. This does not influence our rankings.

We do not share any personal data with affiliate partners. The affiliate partner only knows that a visitor arrived from our website — not who you are. See our full affiliate disclosure.

6. Your Rights (GDPR)

Under the EU General Data Protection Regulation (GDPR), you have the right to:

  • Access your personal data (Art. 15 GDPR)
  • Rectification of inaccurate data (Art. 16 GDPR)
  • Erasureof your data / "right to be forgotten" (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing (Art. 21 GDPR)
  • Lodge a complaintwith a supervisory authority (in Germany: your state's Datenschutzbeauftragter)

To exercise any of these rights, email us at contact@expatnav.com. We will respond within 30 days as required by GDPR.

7. Data Retention

  • Server logs: Retained for 30 days, then automatically deleted.
  • User reviews: Retained for as long as the review is published. You may request deletion at any time.
  • AI chat messages: Not stored on our servers. OpenAI may retain data per their retention policy (see Section 8).
  • localStorage data: Stored indefinitely in your browser until you clear it. Not stored on our servers.

8. Third-Party Services

a) Hosting — Vercel

This website is hosted on Vercel Inc. (440 N Barranca Ave #4133, Covina, CA 91723, USA). Vercel processes data in accordance with GDPR and has Standard Contractual Clauses in place for EU data transfers. Edge functions run in the Frankfurt (eu-central-1) region to minimize latency.

b) Database — Neon (PostgreSQL)

Our database is hosted on Neon (Neon Inc., San Francisco, USA) in the Frankfurt (eu-central-1) region. User review data (nationality, visa type, hashed IP, review content) is stored here. Neon complies with GDPR and offers EU data residency.

c) AI Chat — OpenAI

Our AI advisor chat uses OpenAI's API (OpenAI, L.L.C., San Francisco, USA). When you send a message in the chat widget, your message is transmitted to OpenAI for processing. OpenAI acts as a data processor under our instructions. Messages are used solely to generate responses and are subject to OpenAI's API data usage policy (API data is not used to train models). Legal basis: Art. 6(1)(a) GDPR (consent — you choose to use the chat).

9. International Data Transfers

Some of our service providers are based in the United States. Transfers to the US are protected by the EU-US Data Privacy Framework (where the provider is certified) or Standard Contractual Clauses (Art. 46(2)(c) GDPR). We have verified that all processors provide adequate safeguards for EU personal data.

10. Children's Privacy

This website is not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately.

11. Changes to This Policy

We may update this privacy policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be communicated via a notice on the website. Continued use of the website after changes constitutes acceptance of the revised policy.