Privacy Policy
Last updated: 14 February 2026
Summary: We collect only what we need to create your report, we never sell your data, and we delete it within 90 days. You have full rights over your data under UK GDPR.
1. Who We Are
ExpatIQ is a trading name a UK-registered business. For the purposes of data protection law, we are the data controller of the personal information we collect from you.
Contact:
Email: hello@expatiq.co.uk
Address: Available on request
2. What Data We Collect
We collect the following personal information when you place an order:
| Data Category | Specific Data | Purpose |
|---|---|---|
| Identity | Full name | Report personalisation, order processing |
| Contact | Email address | Report delivery, order communications |
| Location | Current city and country | Report personalisation (origin-specific advice) |
| Employment | Job sector, role, employment type | Visa pathway analysis, financial modelling |
| Financial | Household income range, relocation budget range | Cost of living analysis, housing recommendations |
| Family | Partner details, children's ages (if provided) | Family-specific visa, school, and healthcare advice |
| Preferences | Key concerns, preferred areas, specific questions | Report tailoring and prioritisation |
| Transaction | Order reference, tier selected, payment confirmation | Order fulfilment, customer service |
We collect income and budget data as ranges only (e.g., "£75,000–£100,000") — we never ask for exact figures.
Data We Do NOT Collect
- We do not collect or store payment card details — all payments are processed securely by Stripe
- We do not use cookies for advertising or tracking purposes
- We do not collect browsing behaviour or use analytics tracking pixels
3. How We Use Your Data
We use your personal data solely for the following purposes:
- To generate your personalised report — this is the primary purpose. Your questionnaire answers are used to research and compile a report tailored to your situation.
- To deliver your report — we email the completed PDF to the address you provide.
- To process your payment — we use Stripe as our payment processor. We receive confirmation of payment but do not handle card details directly.
- To provide customer support — if you contact us with questions about your report or order.
- To improve our service — we may analyse anonymised, aggregated data (e.g., most common concerns) to improve report quality. This data cannot be linked back to individuals.
4. Legal Basis for Processing
Under UK GDPR, we process your personal data on the following legal bases:
- Contract performance (Article 6(1)(b)): Processing is necessary to fulfil your order — generating and delivering the report you've purchased.
- Legitimate interest (Article 6(1)(f)): For service improvement using anonymised data, and for fraud prevention.
5. Data Sharing
We are committed to keeping your data private. We share personal data only with:
| Third Party | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Email, order amount (card details go directly to Stripe) |
| Third-party data processing services | Report generation | Anonymised questionnaire data (name and email removed before processing) |
| Email service provider | Report delivery | Email address, report PDF |
We never sell, rent, or share your personal data with third parties for marketing or any other purpose.
6. Data Retention
We retain your personal data for as short a period as practically possible:
- Questionnaire data: Retained for 90 days after report delivery. This allows us to re-send your report if needed, handle any customer service queries, and process refund requests. After 90 days, questionnaire data is permanently deleted.
- Order records: Basic order information (reference number, date, amount, tier) is retained for 6 years as required by HMRC for tax and accounting purposes. This does not include your questionnaire answers or personal details beyond what's necessary for financial records.
- Emails: Customer service correspondence is retained for 12 months, then deleted.
7. Data Security
We take the security of your data seriously and implement appropriate technical and organisational measures, including:
- Data encrypted in transit (TLS/HTTPS)
- Questionnaire data stored in encrypted form at rest
- Access restricted to authorised personnel only
- Payment processing handled entirely by PCI DSS-compliant Stripe
- Personal identifiers (name, email) removed from data sent to third-party processing services
- Regular review of data access and security practices
8. International Data Transfers
Your data may be processed by third-party service providers whose servers are located in the United States. Where data is transferred outside the UK, we ensure adequate safeguards are in place in accordance with UK GDPR, including reliance on Standard Contractual Clauses (SCCs) and the UK International Data Transfer Agreement (IDTA).
As noted above, personal identifiers are removed from data sent to third-party providers — only the anonymised questionnaire content is transmitted for report generation.
9. Your Rights
Under UK GDPR, you have the following rights regarding your personal data:
- Right of access: Request a copy of the personal data we hold about you.
- Right to rectification: Request correction of inaccurate or incomplete data.
- Right to erasure: Request deletion of your personal data ("right to be forgotten").
- Right to restrict processing: Request that we limit how we use your data.
- Right to data portability: Request your data in a structured, machine-readable format.
- Right to object: Object to processing based on legitimate interests.
To exercise any of these rights, please email us at hello@expatiq.co.uk. We will respond within 30 days.
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Helpline: 0303 123 1113
10. Cookies
Our website uses only strictly necessary cookies required for the website to function (e.g., maintaining your session during the order process). We do not use any advertising, analytics, or tracking cookies.
11. Children
Our service is intended for adults aged 18 and over. We do not knowingly collect personal data from children. While we collect children's ages as part of the questionnaire (for school and family advice), this information relates to the children of the adult placing the order.
12. Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons. The "Last updated" date at the top of this page indicates when it was last revised. We encourage you to review this page periodically.
13. Contact Us
If you have any questions about this privacy policy or how we handle your data, please contact us:
ExpatIQ
ExpatIQ
Email: hello@expatiq.co.uk