Privacy Policy

1. Who we are

WhereToMove (“we”, “us”, “our”) operates the WhereToMove service. For data requests or questions about this policy, contact us at privacy@wheretomove.io.

2. What data we collect

• Account data: email address and hashed password when you register.
• Search data: addresses and place types you search for.
• Saved data: addresses and lists you save to your account.
• Payment data: billing details processed by Stripe — we never see or store raw card numbers.
• Session data: an HttpOnly refresh token cookie for authentication and a short-lived JWT access token held in memory only.
• Usage data: request logs and analytics (where consent is given).

3. Legal basis for processing

• Contract: processing your account and delivering the service you subscribed to.
• Legitimate interest: security logging, fraud prevention, and service improvement.
• Consent: analytics cookies — you can withdraw at any time via Cookie Preferences in the footer.
• Legal obligation: retaining transaction records as required by UK law.

4. Third-party processors

• Stripe — payment processing under Stripe's DPA and UK GDPR adequacy framework.
• Google Maps Platform — nearby place search and photo proxy. Coordinates derived from your entered address are sent to this service.
• OSRM — open-source routing engine for walking, cycling, and driving distances. No personal data is transmitted.

5. International data transfers

Some of our third-party processors are based outside the UK. Where your data is transferred to a country not covered by a UK adequacy regulation, we ensure appropriate safeguards are in place:

• Stripe — data may be processed in the United States. Stripe operates under Standard Contractual Clauses and its own UK GDPR-compliant Data Processing Agreement.
• Google Maps Platform — data (coordinates derived from your entered address) may be processed on Google servers globally. Google operates under Standard Contractual Clauses and its Cloud Data Processing Addendum.

6. Cookies

We use the following cookies:

• refresh_token (HttpOnly, Secure) — strictly necessary for keeping you logged in. No consent is required under PECR for strictly necessary cookies.
• Analytics cookies — only set after you accept via the cookie consent banner on your first visit.

For full details, see our Cookie Policy. You can change your cookie preferences at any time via the Cookie Preferences link in the footer.

7. Your rights under UK GDPR

• Access — request a copy of the data we hold about you.
• Erasure — request deletion of your account and all associated data by emailing privacy@wheretomove.io.
• Portability — receive your data in a machine-readable format.
• Rectification — correct inaccurate data we hold.
• Restriction — ask us to pause processing in certain circumstances.
• Objection — object to processing based on legitimate interest.

To exercise any right, email privacy@wheretomove.io. We will respond within 30 days.

8. Data retention

• Account and search data is retained for the lifetime of your account and deleted within 30 days of account deletion.
• Payment records are retained for 7 years to comply with UK financial regulations.
• Server logs are retained for 90 days.

9. Data security

Passwords are hashed with bcrypt. Access tokens are short-lived and stored in memory only. Refresh tokens are stored in HttpOnly, Secure, SameSite=Strict cookies. All data is transmitted over HTTPS.

10. Complaints

If you believe we have handled your data incorrectly, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

11. Automated decision-making

We do not use automated decision-making or profiling that produces legal or similarly significant effects about you.

12. Is providing your data required?

Providing your email address is a contractual requirement to create an account. Without it, you cannot use the authenticated features of the service (saving addresses, paid plans). You may use the free search without an account.