Privacy Policy

Last Updated: May 6, 2026

GSAlpha Labs LLC (“we,” “our,” or “us”), a Wyoming limited liability company, operates the MyImmiJourney mobile application (the “App,” available on iOS today and Android in the future). This Privacy Policy explains what data we collect, how we use it, and the rights you have over it.

Your documents stay on your device. Every passport scan, EAD card, approval notice, RFE letter, and personal note you save in the App is stored locally on your phone, encrypted by your operating system. They are never uploaded to our servers, never processed by us, and never sent to any third party — not even for AI features (which use on-device text recognition).

We collect the minimum case metadata needed to fetch USCIS updates and notify you when your case moves: your receipt number, form type, and country of chargeability. Nothing more — no name, no SSN, no address, no attorney info.

We do not sell your data, for profit or other monetary transactions, and we never will.

1. What We Collect

To track your case status, send you push notifications when it changes, and show you anonymous trends across similar cases, we store the following on our servers:

  • Your USCIS receipt number(s) — used to query USCIS on your behalf
  • The form type for each case (e.g., I-485, I-130, I-129)
  • The country of chargeability you tell us (optional, used for cohort grouping with the visa bulletin)
  • The visa category you tell us (optional, e.g., EB-2, EB-3, F2A — used for cohort grouping)
  • The history of status updates we receive from USCIS for your receipt
  • A pseudonymous device token used only to deliver push notifications to your device

We do not collect or store:

  • Your name, email address, or phone number
  • Your physical address or location
  • Your Social Security Number, A-Number, or date of birth
  • Biometrics, document content, or attached files
  • Attorney information
  • Notes, checklist data, or document files you create in the App — those remain on your device only

We do not require an email or password account. We do not use third-party advertising SDKs, cookies, web beacons, or device fingerprinting. We do not sell, share, rent, or transfer your data to data brokers or advertisers. We do not share your data with USCIS, DHS, or any other government agency beyond the queries needed to retrieve your case status.

Important: You should only enter your own immigration case data into the App. Do not enter another person's receipt number or immigration data without their explicit consent. If you enter data belonging to a third party, you represent that you have obtained their consent and that they are aware of and bound by the terms of this Privacy Policy.

2. Data We Store on Our Servers

The data listed in Section 1 is stored in an encrypted database operated by GSAlpha Labs LLC on Cloudflare infrastructure in the United States. We use this data to:

  • Poll USCIS on a schedule so you don't have to keep checking manually
  • Detect when your case moves and send you a push notification
  • Compute aggregate, de-identified trends (e.g., median time at each step for your form/country combination) to help you understand where you are relative to similar cases

Other data you create in the App — personal notes, checklists, and documents you upload to the Document Vault — remains on your device only, stored using your operating system's native local-storage frameworks (Apple's SwiftData on iOS, Android's SQLite/Room on Android when available). These never leave your device. If you use your operating system's built-in cloud backup (iCloud Backup or Google Drive Backup), App data may be included in those backups under Apple's or Google's respective privacy terms — we have no access to those backups.

Data Retention and Deletion

You can delete your server-stored data at any time:

  • Per-case deletion: Stop tracking a case in the App. We permanently delete the corresponding server record within 24 hours.
  • Bulk deletion: Tap “Delete All My Data” in Settings to wipe every server record tied to your device immediately. There is no “anonymized retained copy” — gone means gone.
  • Email request: Contact us at info@myimmijourney.com to request server-side deletion. We respond within 30 days; most requests are completed in 24 hours.

App uninstall does not by itself delete server records. If you want everything gone, please use “Delete All My Data” in Settings before uninstalling, or email us.

Inactive cases: Cases with no app open and no status change for 18 consecutive months are automatically purged from our servers.

On-device data (notes, checklists, documents) is deleted when you delete the App or use “Delete All Data” in Settings. That deletion is immediate and irreversible.

3. AI-Powered Analysis Feature

When you use the AI-powered case analysis feature, the App sends your current case status text to our secure server, which proxies the request to a third-party AI service (Anthropic's Claude API) for analysis. Important details about this process:

  • Only the case status text is transmitted to the AI service — no personal identifiers, names, addresses, document content, or attached files are sent.
  • The data is transmitted securely over HTTPS and is not stored on our servers or by Anthropic after the request is processed.
  • This feature is entirely optional. The App functions fully without it.

This feature is governed by Anthropic's usage policies, which prohibit training on API inputs.

4. Where Your Data Lives

Server-stored data (the categories listed in Section 1) is held in Cloudflare D1, a SQL database operated by Cloudflare in US data centers. Cloudflare's edge network may replicate read-only cached responses globally for performance, but identifying personal data is not transferred outside the United States.

All data on our servers is encrypted at rest and in transit (TLS 1.3). Administrative access is restricted to authorized GSAlpha Labs personnel and is logged.

5. Subscription and Payment Information

If you choose to subscribe to MyImmiJourney Pro, all payment processing is handled entirely by Apple through the App Store. We do not collect, process, access, or store any payment information, including credit card numbers, billing addresses, or Apple ID details.

6. Rate Limiting and Abuse Prevention

To protect our services from abuse, our proxy server applies rate limits keyed on anonymized device tokens (generated via Apple's App Attest framework where available, or pseudonymous UUIDs otherwise). No personally identifying details are stored during this process.

7. Third-Party Services

The App does not integrate with any third-party analytics, crash reporting, or advertising services. The third-party interactions are limited to:

  • USCIS Torch API — to retrieve your case status, authorized via our developer-program credentials
  • Cloudflare — to host our proxy server, database (D1), and edge network (data processor under DPA)
  • Apple Push Notification service (APNs) — to deliver push notifications to your device
  • Anthropic Claude API — only when you opt to use the AI analysis feature, and only for the case status text

8. Your Data and Your Rights

You have the following rights over your data:

  • Access: View all your case data, events, documents, and notes directly within the App.
  • Correct: Edit any data at any time within the App.
  • Delete individually: Stop tracking a case to delete its server record (within 24 hours) and on-device record immediately.
  • Delete everything: Use “Delete All My Data” in Settings to permanently erase every server-stored record tied to your device, plus all on-device data.
  • Delete the App: Uninstalling removes on-device data but does not by itself delete server records — please use “Delete All My Data” first if you want everything gone.
  • Export: Create encrypted backups (AES-256-GCM) of your on-device data at any time.
  • Object / Restrict / Portability: Email us at info@myimmijourney.com to exercise any data subject rights under applicable law. We respond within 30 days.

9. Children's Privacy

MyImmiJourney is not directed at children under the age of 13 (or under 16 in the European Economic Area). We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information through the App, please contact us so we can take appropriate action.

10. Device and Data Security

Your data is protected by multiple layers of security:

  • Device security: Your device's built-in passcode, biometric authentication (Face ID, Touch ID, or Android equivalents), and operating-system-level full-disk encryption at rest protect all locally stored App data, including documents in the Document Vault.
  • System backups (your choice): If you use your operating system's built-in backup feature (iCloud Backup on iOS, Google Drive Backup on Android), App data may be included in those backups, which are managed by Apple or Google respectively under their own end-to-end encryption and privacy terms. We have no access to those backups. You can opt out of system backups in your device settings.
  • Backup encryption: Exported backup files use AES-256-GCM encryption with a password you choose. We cannot recover lost passwords or decrypt your backup files.
  • Server-side encryption: The limited case metadata we store (receipt #, form, country, status history) is encrypted at rest. All network traffic uses HTTPS / TLS 1.3.
  • Access controls: We restrict administrative access to authorized GSAlpha Labs personnel and log all administrative actions for audit.

11. Data Breach Notification

In the event that any system we operate (proxy server, database, AI analysis service) experiences a security incident affecting user data, we will:

  • Notify affected users within 72 hours of discovering the incident through an in-app announcement and on our website.
  • Describe the nature of the incident and what data may have been affected.
  • Explain the steps we have taken to address the incident and prevent recurrence.
  • Comply with all applicable state and federal breach notification laws.

12. USCIS Live Status Check

The App lets you check your USCIS case status through our proxy server, which authenticates with USCIS on your behalf using our approved developer credentials. When you check your case:

  • Your receipt number is sent through our proxy to USCIS's official Case Status API. The proxy stores your receipt to enable scheduled polling and notifications (see Section 1).
  • Your name, address, and any other personally identifying information are not transmitted — USCIS's API does not require them.
  • We do not log raw USCIS API responses. Only the data fields listed in Section 1 are persisted to our database.

13. International Users

MyImmiJourney is available globally through the Apple App Store. Server-stored data is hosted in the United States on Cloudflare's network. We do not transfer identifying personal data internationally beyond Cloudflare's edge replication of cached, non-identifying responses.

The limited data transmitted during optional AI analysis (case status text only, no personal identifiers) is processed on servers located in the United States and is not stored after processing.

14. State and Regional Privacy Rights

California (CCPA/CPRA)

We do not sell, share (as defined by the CPRA), or disclose personal information to third parties for monetary or other valuable consideration. The categories of personal information we collect from California residents are limited to those listed in Section 1: receipt number, form type, country, visa category, status history, and a pseudonymous device token. California residents have the right to know, correct, delete, and request portability of this information. To exercise these rights, use the in-app controls or email us at info@myimmijourney.com. We do not engage in cross-context behavioral advertising.

Virginia, Colorado, Connecticut, Utah, and Other US States

We comply with the Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CDPA), Utah Consumer Privacy Act (UCPA), and other applicable state privacy laws. Residents have the right to access, correct, delete, and request portability of the limited personal data described in Section 1. Use the in-app controls or email us to exercise these rights.

European Economic Area and United Kingdom (GDPR / UK GDPR)

For users in the EEA and UK, the lawful basis for processing the data described in Section 1 is the performance of a contract — the service you signed up for when you started tracking a case in the App. AI analysis processing is based on your explicit consent (which you give by tapping to use the feature). You have the right of access, rectification, erasure, restriction, portability, and objection. To exercise any right, use in-app controls or email us at info@myimmijourney.com. You also have the right to lodge a complaint with your local supervisory authority.

15. Business Transfer or Closure

If GSAlpha Labs LLC is acquired, merged with another company, or undergoes a change in ownership, your server-stored case data would transfer to the new owner under terms at least as protective as this Privacy Policy. We will notify users at least 30 days in advance through an in-app announcement and on our website. The notification will include:

  • The identity of the new owner or acquiring entity
  • Any changes to data practices that will result from the transfer
  • A one-tap option to export and delete all your data before the transfer takes effect

If GSAlpha Labs LLC ceases operations, we will provide at least 30 days' notice through the App and our website, give you the option to export your data, and permanently delete server-stored records before shutdown.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We handle changes as follows:

  • Material changes (such as introducing new data collection categories, changing data sharing practices, or modifying how we use your data): We will notify you at least 30 days before the changes take effect through an in-app announcement. We will provide a plain-language summary of what changed and why. You will be asked to actively acknowledge and accept the updated policy before continuing to use affected features. If you do not accept the changes, you may continue using the App's on-device-only features or delete the App and your data.
  • Non-material changes (clarifications, formatting, or corrections that do not alter data practices): These take effect immediately upon posting. The “Last Updated” date will be updated.

17. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

GSAlpha Labs LLC

Email: info@myimmijourney.com