Privacy Policy

1. Who We Are

wheretostudyaway.io is operated by CONNEX LDA, a company registered in Lisbon, Portugal. When we say "we," "us," or "our" in this policy, we mean CONNEX LDA.

For any privacy-related questions, contact us at hello@wheretostudyaway.io.

2. What Data We Collect

We collect data in two ways: information you provide directly, and information collected automatically when you use our site.

Information you provide

• Assessment data: When you complete our study-abroad assessment, you provide information about your nationality, age, education level, field of study, budget, language skills, and study preferences. This data is used to generate your programme match results.
• Email address: If you opt in to receive your results or subscribe to updates, you provide your email address.
• Payment information: If you purchase a report, payment is processed by our payment provider (Stripe). We do not store your credit card details — Stripe handles this securely under PCI-DSS compliance.

Information collected automatically

• Analytics data: We use Google Analytics to understand how visitors use our site. This includes pages visited, referral source, device type, browser, country, and session duration. GA4 is configured with IP anonymisation enabled and no advertising features active.
• Cookies: See our Cookie Policy for details on what cookies we use and why.

3. How We Use Your Data

We use your data for the following purposes:

• To generate your personalised study-abroad programme matches and reports
• To process payments for premium reports via Stripe
• To send you your results via Resend (transactional email) and, if you opted in, study-abroad updates via MailerLite
• To improve our assessment algorithm and content based on aggregate, anonymised usage patterns
• To respond to support requests

We do not sell, rent, or share your personal data with third parties for their marketing purposes. Ever.

4. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), UK, or Switzerland, we process your data under the following legal bases:

• Consent: For email marketing communications. You can withdraw consent at any time by clicking "unsubscribe" in any email.
• Contract performance: To deliver the assessment results and reports you request.
• Legitimate interest: For analytics, fraud prevention, and improving our services, where these interests do not override your rights.

5. Data Sharing

We use the following third-party services to operate wheretostudyaway.io:

• Stripe: Payment processing (USA, PCI-DSS compliant)
• Resend: Transactional email delivery (EU-based, eu-west-1)
• MailerLite: Marketing email delivery (EU-based)
• Cloudflare: Hosting, CDN, and R2 storage (global network, GDPR-compliant)
• Google Analytics: Website usage analytics (configured without advertising features)

Each provider processes data only as necessary to provide their service and under contractual data protection obligations.

6. International Data Transfers

Some of our service providers operate outside the EEA. Where data is transferred outside the EEA, we ensure adequate safeguards are in place, including Standard Contractual Clauses approved by the European Commission and/or reliance on providers' compliance frameworks.

7. Data Retention

• Assessment data: Retained for 90 days from submission, then deleted or anonymised.
• Email addresses: Retained until you unsubscribe, after which they are deleted within 30 days.
• Payment records: Retained as required by Portuguese tax law (up to 7 years).
• Analytics data: Retained in aggregate form only. No personally identifiable analytics data is stored beyond 26 months.

8. Your Rights

Under GDPR and applicable data protection laws, you have the right to:

• Access your personal data and receive a copy
• Rectify inaccurate or incomplete data
• Erase your data ("right to be forgotten")
• Restrict processing in certain circumstances
• Data portability — receive your data in a structured, machine-readable format
• Object to processing based on legitimate interest
• Withdraw consent at any time for consent-based processing

To exercise any of these rights, email hello@wheretostudyaway.io. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organisational measures to protect your data, including HTTPS encryption across the entire site, secure data storage with access controls, and regular review of our data processing practices.

10. Children

Our services are not directed at individuals under 16 years of age. We do not knowingly collect data from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Cookies

We use a minimal set of cookies for site functionality, analytics, and consent preferences. For a full breakdown of each cookie, its purpose, and its duration, see our Cookie Policy.

12. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email to registered users and/or a notice on our website. The "last updated" date at the top reflects the most recent revision.

13. Supervisory Authority

If you are in the EEA and believe we have not addressed your data protection concerns adequately, you have the right to lodge a complaint with your local supervisory authority. In Portugal, the relevant authority is the Comissao Nacional de Protecao de Dados (CNPD) — www.cnpd.pt.