Privacy Policy

Reloca — Privacy Policy 2026-2027. Last updated: May 2026

1. Introduction

Reloca ("Reloca", "we", "us", or "our") is committed to protecting your privacy and your personal data.

This Privacy Policy explains what data we collect, how we use it, the legal basis for doing so, how long we retain it, and what your rights are.

It applies to all Reloca services, including:

  • Website and web application
  • AI Platform
  • Eligibility screeners and roadmaps
  • Advisory services
  • Booking system
  • Email communications and support

Reloca acts as the data controller for your personal data.

2. Data We Collect

2.1 Account Data

  • Name
  • Email
  • Password (encrypted)
  • Language preferences
  • Registration and access date

2.2 Migration Profile Data

  • Nationality
  • Passport type (no scan storage unless explicitly uploaded)
  • Current country of residence
  • Destination country
  • Employment status
  • Income level (if provided)
  • Family structure
  • Relocation plans

2.3 Eligibility and Case Data

  • Questionnaire answers
  • Eligibility results
  • Generated roadmaps
  • Progress within the platform
  • Case change history

2.4 Documents

If you upload documents (CV, contracts, payslips, or others):

  • We store the file
  • Document metadata
  • Tags or association with your case

We do not perform advanced automated data extraction except for functional service purposes.

Documents:

  • Are not used to train AI models
  • Are only accessible by you and advisors you have authorised

2.5 AI Chat Data

  • Messages sent
  • Generated responses
  • Conversation history

2.6 Advisor Data

  • Session bookings
  • Information shared before the session
  • Feedback or ratings

2.7 Payment Data

  • Billing name
  • Purchase history
  • Subscription status

We do not store full card details (managed by Stripe).

2.8 Usage Data

  • Platform interactions
  • Pages visited
  • Events (clicks, sessions, navigation)
  • Device type
  • IP address and approximate location

2.9 Communications

  • Support emails
  • In-platform messages
  • Transactional communications
  • Marketing emails (if accepted)

3. How We Collect Data

We collect data:

  • Directly from the user (forms, chats, documents)
  • Automatically (cookies and analytics)
  • Through third parties (Stripe, infrastructure or AI providers)

4. Legal Basis for Processing (GDPR)

We process your data under the following legal bases:

  • Contract performance: account, cases, payments, AI, advisory
  • Legal obligation: tax and data retention
  • Legitimate interests: product improvement, security, analytics
  • Consent: marketing, non-essential cookies

You may withdraw your consent at any time.

5. Purpose of Data Use

We use your data to:

  • Create and manage your account
  • Generate eligibility assessments
  • Build relocation roadmaps
  • Operate the AI assistant
  • Process payments and subscriptions
  • Connect you with advisors
  • Improve the platform
  • Prevent fraud and abuse
  • Send relevant communications

6. Artificial Intelligence

6.1 AI Provider

We use external AI providers (e.g. OpenAI or Anthropic) to generate responses.

When you use the chat:

  • Your messages may be sent to these providers
  • They are only used to generate responses
  • They are not used to train models, except with explicit consent or provider configuration

6.2 AI Limitations

The AI:

  • May contain errors
  • Does not constitute legal or immigration advice
  • Does not replace qualified professionals

6.3 Automated Decisions

Reloca does not carry out automated decision-making with significant legal effects within the meaning of Article 22 of the GDPR.

7. Data Sharing

We do not sell personal data.

We share data only with:

Service providers:

  • Stripe (payments)
  • AI providers
  • Email providers (Sendgrid, Postmark or similar)
  • Cloud providers (AWS, GCP, Supabase or similar)
  • Analytics tools (if consent is given)

Advisors

We share relevant case information for the booked session.

Legal obligations

We may share data if required by law or a competent authority.

Corporate transactions

In the event of a merger or acquisition, data may be transferred with legal safeguards.

8. International Transfers

Some providers may be located outside the EEA.

In those cases we apply:

  • Standard Contractual Clauses (SCCs)
  • Additional security measures
  • GDPR compliance verification

9. Data Retention

We retain data only for as long as necessary:

  • Active account: for the duration of the service
  • Account data: up to 2 years after deletion
  • Case data: up to 2 years after deletion
  • Payments: 7 years (legal obligation)
  • AI chat: for the duration of the active account
  • Documents: until user deletion
  • Analytics: up to 24 months
  • Marketing: until consent is withdrawn

10. Your Rights

You have the right to:

  • Access your data
  • Rectify incorrect data
  • Request deletion
  • Restrict processing
  • Data portability
  • Object to processing
  • Withdraw consent
  • Lodge a complaint with the AEPD

Contact: privacy@reloca.app

We respond within approximately 30 days.

11. Cookies

We use cookies for:

  • Platform functionality
  • Security
  • Analytics
  • Personalisation

Non-essential cookies require prior consent.

You can manage your preferences from the settings or the cookie banner.

12. Security

We apply technical and organisational security measures:

  • Encryption in transit and at rest
  • Access controls
  • Security monitoring
  • Infrastructure protection

No system is 100% secure, but we work to minimise risks.

13. Minors

The platform is not directed at persons under 18 years of age.

We do not intentionally collect data from minors.

14. Changes to This Policy

We may update this Privacy Policy.

If the changes are significant, we will notify you by email or on the platform.

Continued use implies acceptance.

15. Contact

Reloca – Privacy