Migrossa Logo
Migrossa
Sign in

Migrossa Β· Legal

Privacy Policy

Last updated: May 3, 2026 Β· Effective: May 3, 2026

Migrossa is an immigration intelligence platform that uses AI to analyze your case, generate strategic reports, and operate browser agents on your behalf in government portals. This policy describes what data we collect, why, where it goes, and what rights you have over it.

Plain-English summary (the formal version follows): we collect what you tell us in the questionnaire, what your AI report and agent runs produce, and the minimum login/payment data required to operate the service. We process some of that with AI providers (Anthropic, Voyage, OpenAI). We never sell your data. You can delete it at any time.

1. Who we are

Migrossa is operated by [LEGAL-REVIEW: legal entity name + jurisdiction]. You can reach us at [email protected] for any privacy question, deletion request, or data-access request. For Quebec residents, our privacy officer can be reached at the same address.

2. What we collect

2.1 Information you give us

  • Identity β€” name, email, phone, date of birth, country of citizenship, country of residence
  • Case data β€” answers to the immigration questionnaire including education, work history, language test results, family composition, criminal record (if disclosed), past visa refusals (if disclosed), travel history
  • Documents β€” files you upload to your document vault (passports, transcripts, IELTS reports, police certificates, employment letters, etc.)
  • Payment data β€” billing address only. Card details are processed directly by Stripe and never touch our servers.

2.2 Information we generate about you

  • Rule-engine output β€” your computed CRS score, eligibility-list per program, risk flags, scenario tags
  • AI report content β€” the personalized analysis our LLM stack produces about your case
  • Agent run logs β€” every agent action (timestamps, target URL, status) plus the structured outputs each agent produces (e.g., a confirmation number from a portal). Body text is not stored.
  • Audit log β€” append-only record of who did what (you, an agent, an admin) on your case. Used for forensics + dispute resolution.

2.3 Information we receive from third parties

  • Clerk β€” your authenticated identity (email, profile basics) when you sign in
  • Stripe β€” payment confirmation and the last 4 digits of your card for receipts
  • Google OAuth (optional) β€” your Gmail send-only token if you connect Job Hunter
  • Browser Use Cloud (optional) β€” when you run a browser agent, BU returns the agent's output (e.g. the receipt-number a government portal issued)

2.4 Information we do NOT collect

  • Your Gmail inbox content. The OAuth grant is gmail.send only β€” we cannot read your inbox.
  • Your government-portal credentials. When a browser agent runs, you sign into the portal yourself via the agent's HITL pause. Migrossa never sees your username or password.
  • Your card number, CVV, or expiry. Stripe handles all of this directly.
  • Biometrics, social insurance numbers, or tax-identification numbers. If a process needs these, the agent stops and asks you to enter them yourself in the live portal.

3. Why we collect it

We have a contract with you. The data above is the minimum required to operate the service you signed up for:

  • Generate your report β€” the questionnaire + computed facts feed our AI report pipeline
  • Run your agents β€” agents need your case state to know what to fill into government forms
  • Bill you β€” payment data is processed by Stripe under their own terms
  • Detect fraud + abuse β€” IP/device data helps us catch credential-stuffing and bot accounts
  • Improve the product β€” aggregated, de-identified usage metrics tell us what to build next

4. AI processing β€” explicit disclosure

Migrossa processes your case data through automated AI systems. This is the core of the product, not an ancillary feature. Specifically:

  • Anthropic Claude β€” generates your personalized report from your case state. Each call uses Anthropic's anthropic-no-retain: true header, meaning Anthropic does not retain or train on your prompts or completions.
  • Voyage AI / OpenAI β€” embedding models used for retrieval-augmented generation (RAG) over our policy reference corpus. Your queries are embedded but not retained for training under provider terms.
  • Browser Use Cloud β€” operates a Chrome browser session on your behalf when you run a browser agent. The session is recorded for your viewing during the run; recordings are retained per Browser Use's terms.

Decisions affecting you: our AI does not make legal determinations or grant immigration approvals. The output of our AI is informational and is reviewed by you (and, when applicable, by a human consultant) before any actual application is filed. You may request human review of any AI-generated content by emailing [email protected].

5. Browser-agent consent

When you trigger a browser agent (e.g., to file an ATIP request, book an IELTS test, or submit an Express Entry profile), you authorize Migrossa to:

  • Open and interact with the destination website
  • Type information from your case state into the website's forms
  • Pause and return control to you for any payment, signed consent, or final-submit action

You retain final authority. Every agent has explicit human-in-the-loop pauses before any payment is taken or any government form is submitted. You can stop any agent run at any time from the dashboard.

6. Third-party processors

We use the following processors. Each has its own privacy policy that governs their handling of your data:

  • Vercel (United States) β€” application hosting + edge network
  • Convex (United States) β€” primary database + real-time subscriptions
  • Clerk (United States) β€” authentication + session management
  • Stripe (United States) β€” payment processing
  • Anthropic (United States) β€” AI report generation (zero-retention header in use)
  • Voyage AI (United States) β€” embedding model for RAG
  • OpenAI (United States) β€” embedding model fallback
  • Browser Use Cloud (United States) β€” browser-agent execution
  • Resend (United States) β€” transactional email delivery
  • Inngest (United States) β€” durable job execution
  • Cloudflare (United States) β€” DNS + edge caching
  • Google (OAuth, Gmail API) (United States) β€” only when you explicitly connect your Gmail

All processors are bound by Data Processing Agreements (DPAs) where the underlying contract permits, and process data only on Migrossa's instructions for the specific purpose of operating the service.

7. Where your data lives + cross-border transfers

Your data is primarily stored in the United States (Vercel + Convex + the processors listed above). If you are in the European Union, the United Kingdom, Canada, Quebec, or any other jurisdiction with cross-border transfer restrictions, transferring data to the United States is a recognized transfer mechanism under:

  • Standard Contractual Clauses (EU) with each US-based processor
  • UK International Data Transfer Addendum where applicable
  • PIPEDA accountability for Canadian users β€” Migrossa remains accountable for data we transfer to US-based processors

[LEGAL-REVIEW] Confirm SCC + UK IDTA execution status before launch in regulated regions.

8. Data retention

We retain your data for as long as your account is active, plus the periods below for specific data types:

  • Active case data + reports: while your account is active. Deleted within 30 days of account closure.
  • Audit logs (immigration purposes): retained for 7 years to support possible IRCC / USCIS / UKVI audit requests on submitted applications. This retention serves your interest as well β€” IRCC has requested records as far back as 5 years on misrepresentation cases.
  • Agent run logs: 18 months. Includes target URL, agent step-by-step status, structured output. Body content is not retained.
  • Payment records: 7 years per applicable tax law.
  • Anonymized aggregate metrics: indefinite (no personal data).

9. Your rights

You have the following rights, regardless of jurisdiction:

  • Access β€” request a copy of all data we hold about you
  • Rectification β€” correct inaccurate data
  • Deletion β€” request deletion (with the 7-year audit-log retention exception above)
  • Portability β€” receive your data in a machine-readable format
  • Withdraw consent β€” opt out of optional processing (e.g., disconnect Gmail, revoke browser-agent authorization)
  • Lodge a complaint β€” with your local data protection authority. EU/UK users: EDPB members list; Canadian users: Privacy Commissioner of Canada; Quebec residents: Commission d'accΓ¨s Γ  l'information du QuΓ©bec; California residents: California Attorney General.

To exercise any of these rights, email [email protected]. We respond within 30 days (60 days for complex requests, with notice).

10. Security

  • Data is encrypted in transit (TLS 1.2+) and at rest (AES-256 by our hosting providers)
  • Authentication tokens are short-lived; refresh tokens are encrypted before storage
  • OAuth tokens are scoped to the minimum permissions required (e.g., Gmail send-only, never inbox-read)
  • We log every administrative action on your account (admin views, deletions, support overrides)
  • We do not run background checks, do not buy data from brokers, and do not sell to third parties

If we suffer a breach affecting your personal data, we will notify you within 72 hours of discovery (faster where required by law) and report to the applicable authorities under the relevant breach- notification rules (PIPEDA, GDPR, etc.).

11. Children

Migrossa is not directed to children under 16. We do not knowingly collect data from anyone under 16. If you believe a child has provided us data, contact [email protected] and we will delete it.

12. Cookies + tracking

We use essential cookies only β€” session cookies for authentication, CSRF tokens, and a theme-preference cookie. We do not use third-party advertising cookies, do not run cross-site trackers, and do not embed analytics that identify individual users (we use a privacy-respecting product-analytics layer that hashes user IDs). [LEGAL-REVIEW] confirm analytics-vendor specifics before launch.

13. Changes to this policy

We will update this policy from time to time. Material changes will be flagged via email + in-app notice 30 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.

14. Contact

Questions, requests, or complaints: [email protected]. Postal: [LEGAL-REVIEW: registered office address].

This privacy policy is the entire agreement between you and Migrossa regarding our data practices. It does not constitute legal advice. If you have specific privacy concerns we have not addressed, please contact us before using the service. Terms of Service β†’

Privacy Policy | Migrossa | Migrossa