ExpatNav
ExpatNav

Privacy Policy

Datenschutzerklärung — Last updated: March 2026

1. Data Controller

The data controller responsible for this website is ExpatNav, Reaz Ahmed, Nunnenbeckstr. 21, 90489 Nuremberg, Germany. Email: contact@expatnav.com. See our Impressum for full contact details.

2. Data We Collect

We collect the following data:

  • Server logs: IP address (anonymized), browser type, pages visited, time of visit. Legal basis: Art. 6(1)(f) GDPR.
  • User reviews: Nationality, visa type, rating, review text — submitted voluntarily. IP addresses are cryptographically hashed (SHA-256). Legal basis: Art. 6(1)(a) GDPR (consent).
  • Analytics: Privacy-friendly analytics without cookies or individual user tracking.

3. Local Storage (Browser)

We use your browser's localStorage to save preferences locally. This data never leaves your browser. Includes: checklist progress, UI preferences, interaction history. Legal basis: Art. 6(1)(f) GDPR.

4. Cookies

This website uses only essential cookies. We do not use tracking or advertising cookies. Third-party services accessed through affiliate links may set their own cookies after you leave ExpatNav.

5. Affiliate Links

Some links are affiliate links. We do not share personal data with affiliate partners. The partner only knows a visitor arrived from our website. See our affiliate disclosure.

6. Your Rights (GDPR)

  • Access your personal data (Art. 15)
  • Rectification of inaccurate data (Art. 16)
  • Erasure / right to be forgotten (Art. 17)
  • Restriction of processing (Art. 18)
  • Data portability (Art. 20)
  • Object to processing (Art. 21)
  • Lodge a complaint with a supervisory authority

To exercise any of these rights, email contact@expatnav.com. We respond within 30 days.

7. Data Retention

  • Server logs: 30 days
  • User reviews: As long as published
  • localStorage: Until you clear it

8. Third-Party Services

Hosting — Vercel: Frankfurt (eu-central-1) region. GDPR compliant with SCCs.

Database — Neon PostgreSQL: Frankfurt region. EU data residency.

9. International Data Transfers

Transfers to the US are protected by the EU-US Data Privacy Framework or Standard Contractual Clauses (Art. 46(2)(c) GDPR).

10. Children's Privacy

This website is not directed at children under 16. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this policy from time to time. The "Last updated" date reflects the most recent revision.