Privacy Policy

GSAlpha Labs LLC (“we,” “our,” or “us”), a Wyoming limited liability company, operates the MyImmiJourney mobile application (the “App”). This Privacy Policy explains how we handle information when you use our App.

We are committed to your privacy. MyImmiJourney is designed from the ground up to keep your immigration data private and under your control.

We do not sell your data, for profit or other monetary transactions, and we never will.

1. Information We Do Not Collect

MyImmiJourney does not collect, transmit, or store any personal information on our servers. Specifically:

• We do not require user registration or login. There is no account system.
• We do not use any third-party analytics, tracking SDKs, or advertising frameworks.
• We do not use cookies, web beacons, or device fingerprinting.
• We do not collect names, email addresses, phone numbers, or any other personal identifiers.
• We do not sell, share, rent, or transfer any user data to third parties.
• We do not share any data with USCIS, DHS, or any other government agency.

2. Data Stored Locally on Your Device

All immigration case data you enter into the App is stored locally on your device using Apple's SwiftData framework. This data falls into the following categories:

• Case identifiers: Case numbers, receipt numbers, and form types
• Status data: Case status information, dates, and timeline events
• User-generated content: Personal notes and follow-up effort logs
• Documents: Files stored in the Document Vault
• Checklist data: Medical exam checklist progress

Important: You should only enter your own immigration case data into the App. Do not enter another person's personal information or immigration data without their explicit consent. If you enter data belonging to a third party, you represent that you have obtained their consent and that they are aware of and bound by the terms of this Privacy Policy.

This data never leaves your device and is not uploaded to any cloud server, backup service, or third-party platform operated by us. Your data is protected by your device's built-in security features, including your passcode, Face ID, or Touch ID.

Data Retention and Deletion

Your data persists on your device for as long as the App is installed. We do not retain any copy of your data at any time. You can delete your data in the following ways:

• Individual deletion: Remove specific cases, documents, or notes within the App. Deletion is immediate and permanent.
• Bulk deletion: Use “Delete All Data” in Settings to erase all App data immediately and permanently.
• App deletion: Uninstalling the App permanently removes all locally stored data from your device immediately.

Since we do not store any data on our servers, there is no server-side data to delete and no waiting period. All deletions are immediate and irreversible. Exported encrypted backup files remain wherever you chose to save them and are entirely under your control.

Dormant accounts: There is no account system in MyImmiJourney. Your data remains on your device until you delete the App or clear data through Settings. We do not automatically purge data based on inactivity. If the App remains installed but unused for any period of time, your data remains stored locally on your device. No data is transmitted, accessed, or deleted automatically due to inactivity.

3. AI-Powered Analysis Feature

When you use the AI-powered case analysis feature, the App sends your current case status text to our secure server, which proxies the request to a third-party AI service (Anthropic's Claude API) for analysis. Important details about this process:

• Only the case status text is transmitted — no personal identifiers, names, addresses, receipt numbers, document content, or immigration case numbers are sent.
• The data is transmitted securely over HTTPS and is not stored on our servers after the request is processed.
• This feature is entirely optional. The App functions fully without it.

Data transmitted for AI analysis is processed in real time and is not stored on our servers or by Anthropic after the request completes. No logs of your case status text are retained. This feature is governed by Anthropic's usage policies, which prohibit training on API inputs.

4. No Cloud Storage or Sync

MyImmiJourney does not offer cloud sync, cloud backup, or any form of server-side data storage. All data resides exclusively on your device. If you use iOS device backups (via iCloud or your computer), your App data may be included as part of that system-level backup, which is managed by Apple and subject to Apple's privacy policies.

5. Subscription and Payment Information

If you choose to subscribe to MyImmiJourney Pro, all payment processing is handled entirely by Apple through the App Store. We do not collect, process, access, or store any payment information, including credit card numbers, billing addresses, or Apple ID details.

6. Rate Limiting and Abuse Prevention

To protect the AI analysis feature from abuse, our server uses Upstash Redis for rate limiting API requests. This process stores anonymized device tokens temporarily (generated via Apple's App Attest framework) to prevent excessive requests. No personal data, case information, or identifying details are stored during this process.

7. Third-Party Services

The App does not integrate with any third-party analytics, crash reporting, or advertising services. The only third-party interaction occurs during the optional AI analysis feature, as described in Section 3 above.

8. Your Data and Your Rights

Since all data is stored locally on your device, you have full and direct control over your data at all times:

• Access: View all your case data, events, documents, and notes directly within the App.
• Edit: Modify any data at any time.
• Delete individually: Remove individual cases, events, documents, or notes within the App.
• Delete everything: Use “Delete All Data” in the App's Settings to permanently erase all App data.
• Delete the App: Uninstalling the App permanently removes all locally stored data.
• Export: Create encrypted backups (AES-256-GCM) to take your data with you.

No request to us is needed to exercise any of these rights. Since we do not collect or store your personal data on our servers, there is nothing for us to provide, correct, or delete on our end.

9. Children's Privacy

MyImmiJourney is not directed at children under the age of 13 (or under 16 in the European Economic Area). We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information through the App, please contact us so we can take appropriate action.

10. Device and Data Security

Your data is protected by multiple layers of security:

• Device security: Your device's built-in passcode, Face ID or Touch ID, and iOS full-disk encryption at rest protect all locally stored App data.
• Backup encryption: Exported backup files use AES-256-GCM encryption with a password you choose. We cannot recover lost passwords or decrypt your backup files.
• Network security: The optional AI analysis feature and USCIS status check both use HTTPS encryption for all data in transit.
• No server-side risk: Since we do not store your personal data on any server, server-side data breaches affecting your immigration data are not possible.

11. Data Breach Notification

Because MyImmiJourney does not collect or store personal data on our servers, a traditional server-side data breach affecting your immigration data is not possible. However, in the unlikely event that any system we operate (such as the stateless proxy or AI analysis service) experiences a security incident that could affect data in transit, we will:

• Notify affected users within 72 hours of discovering the incident through an in-app announcement and on our website.
• Describe the nature of the incident and what data may have been affected.
• Explain the steps we have taken to address the incident and prevent recurrence.
• Comply with all applicable state and federal breach notification laws.

12. USCIS Live Status Check

The App includes an optional feature to check your case status directly on the USCIS website (egov.uscis.gov). When you use this feature:

• The connection is made directly between your device and the USCIS website. It is not routed through our servers.
• Your receipt number is sent only to USCIS, not to us.
• We do not log, monitor, intercept, or store any data from this process.
• This feature depends on the USCIS website remaining accessible and may stop working if USCIS changes their website.

This feature is entirely optional and user-initiated. The App functions fully without it.

13. International Users

MyImmiJourney is available globally through the Apple App Store. Since all personal data remains on your device and is never transmitted to or stored on our servers, there are no international data transfers of your personal data and no cross-border data flows to disclose.

The limited data transmitted during optional AI analysis (case status text only, no personal identifiers) is processed on servers located in the United States. This data is not stored after processing.

14. State and Regional Privacy Rights

California (CCPA/CPRA)

We do not sell, share (as defined by the CPRA), or disclose personal information to third parties for monetary or other valuable consideration. Because we do not collect personal information as defined under the California Consumer Privacy Act and California Privacy Rights Act, there are no categories of personal information to report, no third-party sales or disclosures to opt out of, and no financial incentives tied to personal data. The limited data processed during optional AI analysis (case status text only) is not stored and does not constitute a “sale” or “share” under CCPA/CPRA. California residents may contact us with questions at the email below.

Virginia, Colorado, Connecticut, Utah, and Other US States

We comply with the Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CDPA), Utah Consumer Privacy Act (UCPA), and other applicable state privacy laws. Since we do not collect, process, or maintain personal data on our servers, standard data subject rights (access, correction, deletion, portability, opt-out) are exercisable directly within the App without any request to us. You may contact us with any questions.

European Economic Area and United Kingdom (GDPR / UK GDPR)

We do not process personal data as defined under the General Data Protection Regulation or the UK GDPR on our servers. All personal data remains on your device under your exclusive control. The limited processing during optional AI analysis involves only non-identifying case status text, is performed with your explicit consent (by choosing to use the feature), and is not retained after processing. No data controller or processor relationship exists with respect to your personal immigration data because it is never transmitted to or stored by us.

15. Business Transfer or Closure

In the event that GSAlpha Labs LLC is acquired, merged with another company, or undergoes a change in ownership, we will notify users at least 30 days in advance through an in-app announcement and on our website. The notification will include:

• The identity of the new owner or acquiring entity.
• Any changes to data practices that will result from the transfer.
• Your options, including how to delete your data before the transfer takes effect.

Since MyImmiJourney does not store user data on our servers, a business transfer does not involve the transfer of your personal data. Your locally stored data remains on your device and under your control regardless of any ownership change.

If GSAlpha Labs LLC ceases operations, we will provide at least 30 days' notice through the App and our website. The App will continue to function offline for locally stored data. Users are encouraged to export their data using the encrypted backup feature before the App is removed from the App Store.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We handle changes as follows:

• Material changes (such as introducing new data collection, changing data sharing practices, or modifying how we use your data): We will notify you at least 30 days before the changes take effect through an in-app announcement. We will provide a plain-language summary of what changed and why. You will be asked to actively acknowledge and accept the updated policy before continuing to use affected features. If you do not accept the changes, you may continue using the App's offline features or delete the App and your data.
• Non-material changes (clarifications, formatting, or corrections that do not alter data practices): These take effect immediately upon posting. The “Last Updated” date will be updated.

17. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at: