← Back to home

Privacy Policy

Last updated: March 14, 2026

This Privacy Policy for MyRodmap OÜ, operating under the business name Migrada ("Migrada," "we," "us," or "our"), describes how and why we access, collect, store, use, and share ("process") your personal information when you use our platform ("Services").

This includes when you:

  • Visit our website at https://migrada.eu, including any subdomain or webpage that links to this Privacy Policy
  • Create an account, use the application workspace, upload documents, or purchase any of our service tiers
  • Communicate with us through email, in-platform chat, or any other channel
  • Interact with features such as the country and city selector, document upload, passport scanning, PDF form preview, or expert review submission

MyRodmap OÜ is incorporated and registered in Estonia, company registration number 17216460. Registered address: Harju maakond, Kuusalu vald, Pudisoo küla, Männimäe/1, 74626, Estonia.

MyRodmap OÜ is the data controller responsible for deciding how your personal data is processed. For questions or concerns, contact us at contact@migrada.eu.

If you do not agree with the practices described here, please do not use our Services.

Summary of key points

What personal information do we process?

We collect information you provide when creating an account, filling in your application workspace, and uploading documents. We also collect technical data automatically when you use the platform.

Do we process sensitive personal information?

Yes. To deliver our core service, we process passport details, nationality, financial proof documentation, and educational records. We only process this data with your explicit consent and as required to prepare your residence permit application.

Do we collect data from third parties?

We may receive limited data from social login providers (Google) if you choose to sign in with a social account. We do not purchase data from data brokers.

How do we process your information?

We use your data to prepare and pre-fill Austrian residence permit application forms, generate document checklists, provide expert review, deliver customer support, process payments, and improve the platform.

When and with whom do we share data?

We share data with service providers that operate our infrastructure (Supabase, Vercel, Stripe, Resend, PostHog). We may share application materials with assigned country leaders or reviewers as part of the expert review service. We never sell your personal information. We never share your data with embassies, immigration authorities, or government bodies. You are solely responsible for submitting your application to the relevant authority.

How do we keep your data secure?

We use encrypted data transmission (TLS), row-level security in our database, role-based access controls, and encrypted file storage. No system is completely secure, and we cannot guarantee absolute protection.

What rights do you have?

Depending on your location, you may access, correct, delete, restrict, port, or object to the processing of your personal data. Contact contact@migrada.eu to exercise these rights.

Table of Contents

  1. What information do we collect?
  2. How do we process your information?
  3. What legal bases do we rely on?
  4. When and with whom do we share your data?
  5. Cookies and tracking technologies
  6. Social logins
  7. How long do we keep your information?
  8. How do we keep your information safe?
  9. Information from minors
  10. Your privacy rights
  11. Do-Not-Track signals
  12. United States residents
  13. Verification and document processing
  14. Updates to this policy
  15. Contact us
  16. Review, update, or delete your data

1. What information do we collect?

Information you provide directly

When you register, use the platform, or contact us, we may collect:

Account information: Email address, password (hashed, never stored in plain text), country of origin, target city in Austria.

Application workspace data: Full name, date of birth, gender, nationality, citizenship, passport number, passport issue and expiry dates, place of birth, current address, phone number, marital status, parents' names and dates of birth, previous names, intended Austrian university, field of study, study timeline, accommodation details (address, landlord, rental contract reference), financial information (bank account details, proof of funds amounts), health insurance provider and policy number, criminal record declaration, travel history.

Uploaded documents: Passport copy, university admission letter, proof of financial means (bank statements, blocked account confirmation, scholarship letter), rental or accommodation agreement, health insurance confirmation, birth certificate, criminal record certificate, biometric photographs, academic transcripts, translated and apostilled documents, and any other documents relevant to your Austrian student residence permit application (Aufenthaltsbewilligung Student).

Communication data: Messages sent through the in-platform support chat, emails to contact@migrada.eu, and any content you provide when contacting us.

Payment information: We do not store your credit card number, CVV, or full payment details. Payment processing is handled entirely by Stripe. We receive and store only your billing name, email, transaction amount, payment status, and Stripe customer and payment identifiers.

Information collected automatically

When you access the platform, we automatically collect:

Usage data: Pages visited, features used, buttons clicked, time spent on pages, application completion progress, and interaction patterns. This data is collected through PostHog, our product analytics tool, and is used to understand how users navigate the platform and to identify areas for improvement.

Device and connection data: IP address, browser type and version, operating system, device type, screen resolution, referring URL, and approximate geographic location derived from IP address.

Cookies and similar technologies: We use essential cookies required for authentication and session management. We use PostHog for analytics. We do not use advertising cookies or retargeting pixels. See Section 5 for details.

Information from third parties

Social login: If you sign in using Google, we receive your name, email address, and profile picture as authorized by your Google account settings. We do not access your contacts, emails, or other Google data.

IP geolocation: We use your IP address to suggest your country of origin in the country selector on the landing page. This is a convenience feature only and is not stored beyond the session.

Passport scanning (OCR)

If you use the optional passport scanning feature, your passport image is processed using optical character recognition (OCR) to extract structured data (name, date of birth, passport number, nationality, expiry date) and auto-fill corresponding fields in your application workspace. The OCR processing occurs server-side. The extracted data is stored in your application record. The original passport image is stored as an uploaded document. You may choose not to use the scanning feature and enter all data manually.

Your responsibility

You are responsible for ensuring that the personal information you provide is accurate, complete, and current. Providing false or inaccurate information may affect your residence permit application. If your information changes, update it in your account or contact us.

2. How do we process your information?

We process your personal information for the following purposes:

To operate the platform and deliver our core service. This includes creating your account, generating your nationality-specific and city-specific document checklist, providing the application workspace where you fill in your details and upload documents, pre-filling the official Austrian residence permit application form ("Antrag auf Erteilung einer Aufenthaltsbewilligung Student") using the pdf-lib library, generating a real-time PDF preview of your form, and producing a branded download package (cover sheet, pre-filled form, document checklist, and uploaded documents in organized folders).

To provide expert review. If you purchase the expert review tier (currently priced at €149), your application data and uploaded documents are made accessible to an assigned reviewer (either an admin or a country leader) through the admin panel. The reviewer adds notes, flags issues, and changes the application status. You are notified of the review outcome.

To process payments. We use Stripe to process the one-time payment of €149 for application preparation. Stripe handles all payment card processing. We receive confirmation of payment status and transaction identifiers.

To detect and prevent abuse. We log message timestamps and interaction frequency for the purpose of detecting automated, scripted, or abusive usage of the AI Immigration Expert. This monitoring is automated and does not involve human review of message content unless required for abuse investigation. Accounts displaying patterns of abuse may be rate-limited or suspended.

To communicate with you. We send transactional emails (account confirmation, payment receipts, application status updates, review completion notifications) through Resend. We may also respond to your support inquiries via the in-platform chat or email.

To assign country leaders. Based on your country of origin and target city, we may assign a country leader to your case. Country leaders are independent contractors who serve as native-language case managers for specific nationality groups. Assignment is based on matching countries and languages. Country leaders access only the application data of clients assigned to them, enforced by row-level security in Supabase.

To improve the platform. We use PostHog to analyze aggregate usage patterns, identify friction in the application flow, measure conversion rates, and improve the user experience. We do not use this data to build individual profiles for advertising purposes.

To ensure platform security. We monitor for suspicious activity, unauthorized access attempts, and misuse of the platform.

To comply with legal obligations. We may process or retain data as required by Estonian, EU, or other applicable law, including tax, accounting, and regulatory obligations.

3. What legal bases do we rely on?

For users in the EU, EEA, UK, and Switzerland (GDPR)

Consent. You provide explicit consent when you create an account, upload documents, and authorize the processing of sensitive personal data (passport details, financial proof, nationality) for the purpose of preparing your residence permit application. You may withdraw consent at any time by contacting contact@migrada.eu or deleting your account. Withdrawing consent does not affect the lawfulness of processing before withdrawal.

Performance of a contract. We process your data to deliver the services you purchased: generating your document checklist, pre-filling your application form, providing expert review, and delivering your application package.

Legitimate interests. We process data to improve the platform, prevent fraud, ensure security, and conduct internal analytics, provided your rights are not overridden.

Legal obligations. We may retain or disclose data for tax, accounting, or regulatory compliance as required by Estonian and EU law.

For users in Canada

We process data with your express or implied consent. You may withdraw consent at any time, subject to legal or contractual restrictions.

For users in the United States

Your rights depend on your state of residence. See Section 12 for details.

4. When and with whom do we share your data?

We share your personal data only with the following parties and only as necessary:

Supabase (database, authentication, file storage). Your account data, application workspace data, and uploaded documents are stored in Supabase. Supabase provides PostgreSQL database hosting, authentication, and file storage with row-level security. Data is hosted in the EU.

Vercel (website and application hosting). Our website and web application are hosted on Vercel. Vercel processes server requests and may log IP addresses and request metadata.

Stripe (payment processing). Stripe processes all payments. Stripe receives your billing information and payment card details. Stripe is PCI DSS compliant. We never see or store your full card number.

Resend (transactional email). Resend delivers transactional emails on our behalf (account confirmations, status updates, payment receipts). Resend processes your email address and email content.

PostHog (product analytics). PostHog collects anonymized usage data (page views, feature interactions, session recordings if enabled with consent). PostHog is self-hostable and GDPR-compliant. We use PostHog's EU cloud instance.

Country leaders (assigned reviewers and case managers). If you purchase the expert review or dedicated case manager tier, your assigned country leader can view your application data and uploaded documents through the admin panel. Country leaders are bound by confidentiality agreements. They can only access data of clients assigned to them, enforced by Supabase row-level security.

We do not share your data with:

  • Embassies, consulates, or immigration authorities (you submit your own application)
  • Advertising platforms (we do not run retargeting or behavioral advertising)
  • Data brokers or third-party marketers
  • Any party for the purpose of selling your personal information

Other situations where we may share data:

  • Legal requirements. If required by law, court order, or government request, we may disclose your information.
  • Business transfers. In connection with a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity.
  • With your consent. We may share your information for any other purpose with your explicit consent.

5. Cookies and tracking technologies

We use a minimal set of cookies and tracking technologies:

Essential cookies. Required for authentication, session management, and core platform functionality. These cannot be disabled without breaking the service.

Analytics (PostHog). We use PostHog to collect usage data. PostHog may set cookies to identify returning sessions. PostHog does not track you across other websites. You can opt out of analytics tracking through our cookie consent banner.

We do not use:

  • Advertising or retargeting cookies
  • Facebook Pixel, Google Ads tags, or LinkedIn Insight tags
  • Third-party tracking scripts that follow you across websites

You can manage cookies through your browser settings. Disabling essential cookies will prevent you from using the platform.

6. Social logins

If you register or sign in using Google, we receive your name, email address, and profile picture. We use this information only to create or link your Migrada account and to authenticate your identity. We do not post on your behalf, access your contacts, or request any permissions beyond basic profile information.

Your social login provider's privacy policy governs their use of your data. We recommend reviewing it. You can revoke Migrada's access through your Google account settings at any time.

7. How long do we keep your information?

Account and application data. Retained while your account is active, plus 12 months after account closure or inactivity, to allow for re-engagement and to defend against potential claims.

Uploaded documents and application materials. Retained for the duration of your application process, plus up to 24 months, to support follow-up questions, renewals, and potential disputes.

Transaction and payment records. Retained for up to 7 years as required by Estonian and EU tax and accounting law.

Usage and analytics data. Retained in anonymized and aggregated form indefinitely for platform improvement. Individual session data is retained for up to 12 months.

Communication records (support chat, emails). Retained for up to 36 months for customer support and quality purposes.

Contact form submissions. Retained for up to 12 months or until resolved.

When we no longer have a legitimate need to process your data, we delete, anonymize, or securely archive it.

You may request deletion at any time by contacting contact@migrada.eu. We will delete your data within 30 days, except where retention is required by law.

8. How do we keep your information safe?

We implement the following technical and organizational measures:

  • Encrypted data transmission via TLS for all communication between your browser and our servers
  • Supabase row-level security (RLS) ensuring users, country leaders, and admins can only access data they are authorized to view
  • Role-based access control: three roles (user, country leader, admin) with distinct permission boundaries
  • Hashed passwords (never stored in plain text)
  • Encrypted file storage for uploaded documents (passport copies, certificates, financial proof)
  • Stripe PCI DSS compliance for all payment processing
  • Regular dependency updates and security patches
  • Access logging in the admin panel for accountability
  • Country leader data isolation: leaders can only see clients assigned to them, enforced at the database level

No method of electronic transmission or storage is 100% secure. We cannot guarantee that unauthorized parties will never breach our security measures. By using our Services, you acknowledge this inherent risk.

If you suspect unauthorized access to your account or a data breach, contact us immediately at contact@migrada.eu.

9. Information from minors

Migrada is intended for users who are at least 18 years old. We do not knowingly collect personal information from individuals under 18 without parental or guardian consent.

If you are under 18, you may use Migrada only with the direct involvement and consent of your parent or legal guardian. In many cases, the parent or guardian will be the person creating the account and managing the application on behalf of the minor applicant.

If we become aware that we have collected data from a user under 18 without appropriate consent, we will promptly deactivate the account and delete the data.

If you believe we have inadvertently collected data from a minor without consent, contact us at contact@migrada.eu.

10. Your privacy rights

Users in the EU, EEA, UK, and Switzerland

Under the GDPR and equivalent legislation, you have the right to:

  • Access the personal data we hold about you and obtain a copy
  • Rectify inaccurate or incomplete information
  • Erase your personal data ("right to be forgotten") in certain circumstances
  • Restrict processing of your personal data
  • Data portability: obtain your data in a structured, machine-readable format
  • Object to processing, including for direct marketing
  • Not be subject to automated decision-making or profiling that produces legal effects
  • Withdraw consent at any time

To exercise these rights, contact contact@migrada.eu. We will respond within 30 days.

Right to lodge a complaint. You may file a complaint with your local data protection authority. Find yours at: https://edpb.europa.eu/about-edpb/board/members_en

For Estonia specifically, the supervisory authority is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon): https://www.aki.ee

Account management

You may review or update your account information at any time through your account settings or by contacting contact@migrada.eu. If you request account deletion, we will deactivate your account and delete your data from active systems. We may retain some information in archived form to comply with legal obligations.

11. Do-Not-Track signals

There is no universally accepted standard for responding to Do-Not-Track (DNT) browser signals. Migrada does not currently respond to DNT signals. If a recognized standard is adopted that we are legally required to follow, we will update this policy accordingly.

12. United States residents

If you are a resident of a U.S. state with applicable privacy legislation (including California, Virginia, Colorado, Connecticut, and others), you may have the following rights:

  • The right to know what personal information we collect and how it is used
  • The right to access your personal information
  • The right to correct inaccuracies
  • The right to delete your personal information
  • The right to obtain a portable copy of your data
  • The right to opt out of the sale or sharing of personal information (we do not sell or share your data for advertising)
  • The right to non-discrimination for exercising your rights

Categories of personal information we collect: Identifiers (name, email, passport number, IP address), protected characteristics (nationality, date of birth, gender), commercial information (transaction records), internet activity (usage data), education information (transcripts, admission letters), and sensitive personal information (passport details, financial proof) processed only with explicit consent.

We do not sell your personal information. We have not sold or shared personal information with third parties for commercial or advertising purposes.

To exercise your rights, contact contact@migrada.eu with sufficient identifying information. We may request verification of your identity before processing your request.

13. Verification and document processing

Our core service involves processing identity documents and personal data to prepare your Austrian student residence permit application. This includes:

  • Extracting data from your passport using OCR (optical character recognition) to auto-fill application fields
  • Pre-filling the official Austrian application form ("Antrag auf Erteilung einer Aufenthaltsbewilligung Student") using the data you provide
  • Generating a branded, organized application package for your use

All document processing occurs within our platform infrastructure. We do not send your documents to external third-party verification services. If this changes in the future, we will update this policy and obtain your consent where required.

Country leaders who review your application as part of the expert review service access your documents through the Migrada admin panel, not through external tools or personal devices.

14. Updates to this policy

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or product features. When we make material changes, we will update the "Last updated" date at the top and, where appropriate, notify you by email or through a prominent notice on the platform.

We encourage you to review this policy periodically.

15. Contact us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data:

Company: MyRodmap OÜ
Business name: Migrada
Registration number: 17216460
Address: Harju maakond, Kuusalu vald, Pudisoo küla, Männimäe/1, 74626, Estonia
Email: contact@migrada.eu

16. Review, update, or delete your data

You have the right to:

  • Access the personal data we hold about you
  • Request corrections to inaccurate or outdated information
  • Request deletion of your personal data
  • Withdraw consent to processing
  • Object to processing of certain categories of data
  • Request a copy of your data in a portable format

To exercise any of these rights, submit a request to contact@migrada.eu. We will verify your identity and respond within 30 days in accordance with applicable data protection law.

Migrada: Digital platform for Austrian residence permit applications.

MyRodmap OÜ (Migrada) is not a law firm. We provide software and services to help you prepare immigration application documents.

© 2026 Migrada

See also: Terms of Service and Cookie Policy