Privacy Policy

Last Updated: April 2026

1. Introduction

Move-in Survival ("we," "us," or "our"), operated by Fusion Atelier B.V., is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and safeguard your personal data in compliance with the EU General Data Protection Regulation (GDPR), the Digital Services Act (DSA), the ePrivacy Directive, the EU AI Act, and all applicable Dutch and European privacy legislation as of 2026.

By using our mobile application ("App"), you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

Fusion Atelier B.V.
Registered in the Netherlands
Contact: office@fusionatelier.nl

3. Legal Basis for Processing (GDPR Art. 6)

We process your personal data based on the following legal grounds:

• Contract Performance: To provide you with the App's core services (personalized checklists, onboarding, progress tracking).
• Legitimate Interest: To improve our services, analyze anonymized usage patterns, and ensure App security.
• Consent: For optional features such as push notifications, marketing communications, and non-essential analytics.
• Legal Obligation: To comply with applicable laws and regulations.

You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

4. Data We Collect

a) Data You Provide:

• Account Information: Name, email address, profile picture (via Google Sign-In or email registration).
• Onboarding Data: Destination country, city, university, arrival date, student/expat status, EU/non-EU origin.

b) Data Generated Through Use:

• Usage Data: Completed tasks, category interactions, provider clicks, feature engagement, and search queries.
• Notification Preferences: Read/unread status and interaction history.

c) Automatically Collected Data:

• Device Data: Device model, operating system version, app version, and unique device identifiers.
• Crash & Performance Data: Error logs and performance metrics (processed via Firebase Crashlytics).

d) Data We Do NOT Collect:

• We do not collect precise geolocation data.
• We do not collect biometric data.
• We do not collect financial or payment information.

5. How We Use Your Data

• To deliver and personalize your move-in checklist and recommendations.
• To track your onboarding progress and synchronize it across devices.
• To send service reminders and system notifications you have opted into.
• To analyze anonymized, aggregated usage patterns to improve the App.
• To connect you with third-party partner services you voluntarily choose to explore.
• To detect, prevent, and address technical issues and data integrity problems.

6. Automated Decision-Making & AI (EU AI Act Compliance)

The App does not use automated decision-making or profiling that produces legal effects or similarly significant effects on you. Any content personalization (e.g., filtering your checklist by city or student type) is based solely on data you explicitly provide during onboarding and can be changed at any time via your profile settings.

7. Data Storage and Security

Your data is stored using Firebase (Google Cloud Platform) within EU and EEA data centers. We implement robust security measures including:

• Encryption of data in transit (TLS 1.3) and at rest (AES-256).
• Firebase Security Rules restricting data access to authenticated users and their own records only.
• Role-based access control for administrative functions.
• Regular security audits of our database rules and infrastructure.

8. Data Sharing and Third Parties

• We do NOT sell, rent, or trade your personal data. Ever.
• We do NOT share identifiable user data with advertisers.
• Firebase/Google Cloud: Acts as our data processor under a GDPR-compliant Data Processing Agreement (DPA).
• Partner Services: When you tap a partner link, you leave our App. Their privacy policies govern any data they collect. We do not transmit your personal data to partners.
• Anonymized Analytics: We may share fully anonymized, aggregated statistics (e.g., "60% of users complete task X") with partners. This data cannot identify any individual.

9. Your Rights Under GDPR (Articles 15-22)

As an EU/EEA resident, you have the following rights:

• Right of Access (Art. 15): Request a copy of all data we hold about you.
• Right to Rectification (Art. 16): Correct any inaccurate or incomplete data.
• Right to Erasure (Art. 17): Request deletion of your data ("Right to be Forgotten"). You can also delete your account directly in the App under Settings.
• Right to Restrict Processing (Art. 18): Request limitation of how we use your data.
• Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format.
• Right to Object (Art. 21): Object to processing based on legitimate interest.
• Right to Non-Personalized Experience (DSA Art. 38): You may use the App without profile-based content personalization by editing your onboarding preferences.
• Right to Lodge a Complaint: You may file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

To exercise any of these rights, contact us at office@fusionatelier.nl. We will respond within 30 days.

10. Children's Privacy

The App is not directed at children under the age of 16. We do not knowingly collect personal data from individuals under 16. If we become aware that we have collected such data, we will delete it promptly.

11. Cookies, Tracking & Analytics

The App does not use browser cookies. We use Firebase Analytics for anonymized, aggregated usage statistics. No advertising trackers or third-party analytics SDKs that profile users are embedded in the App. Push notification tokens are used solely for delivering notifications you have opted into.

12. Data Retention

• Active Accounts: Your data is retained for as long as your account is active.
• Deleted Accounts: Upon account deletion, all personal data is permanently removed within 30 days, except where retention is required by law.
• Anonymized Data: Fully anonymized, non-identifiable data may be retained indefinitely for statistical purposes.

13. International Data Transfers

Your data is primarily processed within the EU/EEA. Where data is transferred to the United States (e.g., via Google Cloud infrastructure), we ensure compliance through:

• The EU-U.S. Data Privacy Framework.
• Standard Contractual Clauses (SCCs) as approved by the European Commission.
• Supplementary technical safeguards including encryption and access controls.

14. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the Dutch Data Protection Authority within 72 hours (GDPR Art. 33).
• Inform affected users without undue delay if the breach poses a high risk (GDPR Art. 34).

15. Changes to This Policy

We may update this Privacy Policy to reflect changes in legislation or our practices. Material changes will be communicated via in-app notification. The "Last Updated" date at the top will always reflect the latest revision.

16. Contact & Data Protection Officer

For any privacy-related questions, data access requests, or to exercise your rights:

Fusion Atelier B.V.
Email: office@fusionatelier.nl
Subject Line: "Privacy Request - Move-in Survival"

We are committed to resolving any concerns promptly and transparently.