Privacy Policy

Last updated: December 2, 2024

Table of Contents

  1. 1. Information We Collect
  2. 2. How We Use Your Information
  3. 3. Data Storage & Security
  4. 4. Third-Party Services
  5. 5. Your Rights (GDPR Compliance)
  6. 6. Cookies & Tracking
  7. 7. Children's Privacy
  8. 8. Changes to This Policy
  9. 9. Contact Us

1. Information We Collect

SpainBound collects the following types of information to provide and improve our service:

Account Information

  • Email address: Used for magic link authentication and account management

Profile Data

Information you provide through our 7-question intake form:

  • Spanish consulate location
  • Family size (number of adults and children)
  • Target move date
  • Passport status
  • FBI background check status
  • Financial clarity level

Timeline Data

  • Generated timeline information based on your profile
  • Timeline preferences and milestone completion status

Chat Messages

  • Important: Chat conversations are ephemeral and are NOT stored in our database
  • Messages are processed in real-time for AI responses only

Usage Data

  • Basic analytics through Vercel (page views, session duration)
  • Error logs for debugging and service improvement

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Generate personalized timelines: Create visa preparation timelines based on your specific situation
  • Provide AI chat responses: Answer your questions using our RAG (Retrieval-Augmented Generation) system with Pinecone vector database
  • Account management: Send magic link authentication emails via Resend
  • Service improvement: Analyze usage patterns to improve product quality and user experience
  • Support: Respond to your inquiries and provide customer assistance

We do NOT:

  • Sell your personal information to third parties
  • Use your data for advertising purposes
  • Share your information with immigration agencies or consulates

3. Data Storage & Security

Where We Store Data

  • Database: Supabase PostgreSQL (hosted in United States)
  • Profile and timeline data: Retained until you delete your account
  • Guest timelines: Stored in your browser's LocalStorage only (not on our servers)

Security Measures

  • Encryption: All connections use HTTPS/SSL encryption
  • Authentication: Magic link authentication (no passwords stored)
  • Access control: Row-level security policies in Supabase
  • No password vulnerabilities: We never store or handle passwords

Important: While we implement industry-standard security measures, no system is 100% secure. You use SpainBound at your own risk.

4. Third-Party Services

SpainBound uses the following third-party services to operate:

Supabase

Purpose: Database and authentication

Data shared: Email, profile data, timeline data

Privacy policy: supabase.com/privacy

OpenAI

Purpose: AI chat responses

Data shared: Chat messages (ephemeral, not stored)

Important: Per OpenAI API terms, your data is NOT used to train their models

Privacy policy: openai.com/privacy

Pinecone

Purpose: Vector database for knowledge base search

Data shared: Embeddings of your questions (not stored)

Privacy policy: pinecone.io/privacy

Resend

Purpose: Transactional email delivery (magic links)

Data shared: Email address

Privacy policy: resend.com/legal/privacy-policy

Vercel

Purpose: Hosting and analytics

Data shared: Basic usage metrics (page views, session data)

Privacy policy: vercel.com/legal/privacy-policy

5. Your Rights (GDPR Compliance)

If you are a resident of the European Economic Area (EEA), you have the following rights under GDPR:

  • Right to Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can update or correct your profile information at any time through your account settings.
  • Right to Erasure: You can request deletion of your account and all associated data.
  • Right to Data Portability: You can request your data in a machine-readable format.
  • Right to Object: You can object to processing of your personal data for certain purposes.
  • Right to Withdraw Consent: You can withdraw consent at any time (e.g., delete your account).

To exercise any of these rights, please contact us at the email address provided in the Contact section.

6. Cookies & Tracking

Essential Cookies

  • Supabase authentication cookies: Used to keep you logged in
  • Session cookies: Required for the service to function

LocalStorage

  • Guest timelines: If you use SpainBound without creating an account, your timeline is stored locally in your browser
  • This data never leaves your device unless you sign up

What We Don't Use

  • No third-party advertising trackers
  • No social media pixels
  • No cross-site tracking

7. Children's Privacy

SpainBound is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us and we will delete it.

8. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

How we notify you:

  • Update the "Last updated" date at the top of this page
  • For material changes, we will send an email notification to registered users

Continued use of SpainBound after changes indicates acceptance of the updated policy.

9. Contact Us

If you have questions about this Privacy Policy or want to exercise your data rights, please contact us:

SpainBound Privacy Team

Email: hello@spainbound.co

← Back to SpainBound