Privacy Policy
Effective Date: June 4, 2025
Applies to: Gullie.io website, platform, and services
About Us
Gullie Inc. (“Gullie.io”, “we”, “us”, or “our”) provides global mobility and relocation services to support teams and organizations moving talent across borders. We take privacy seriously and are committed to meeting the highest industry standards, including:
- GDPR (General Data Protection Regulation - EU/EEA)
- ISO/IEC 27001 (Information Security Management)
Gullie has also completed System and Organization Controls (SOC) 2® Type I and Type II examinations on the controls relevant to the security, availability, and confidentiality of customer data, conducted in accordance with AICPA attestation standards.

This Privacy Policy explains how we collect, use, protect, and share personal data when you interact with our Services.
1. What Information We Collect
We collect the following categories of personal data, depending on your interaction with us:
a. Relocation & Employment Information
- Full name, email, phone number, address
- Work permit or visa information
- National ID, passport number, or similar documentation
- Job title, employer, salary info (only if required for immigration)
b. Account & Usage Data
- Account login credentials (hashed)
- Location, IP address, device and browser type
- Interaction logs, preferences, cookies
c. Payment and Billing
- Payment method and transaction history (via Stripe or similar processor)
- Invoice and tax-related info for B2B clients
d. Special Category Data (if required for relocation)
- Health-related documentation (e.g., vaccination status if required by destination country)
- Information on dependents or family members
We do not knowingly collect data from minors under the age of 16.
2. Legal Bases for Processing (GDPR)
We only process your personal data when we have a legal basis to do so, such as:
- Performance of a contract - to deliver relocation services
- Legal obligation - to comply with immigration, labor, or tax law
- Legitimate interest - e.g., service improvements, fraud prevention
- Consent - for optional services, marketing, or special category data
You may withdraw consent at any time.
3. How We Use Your Data
We process personal data to:
- Coordinate international moves and immigration compliance
- Manage vendor relationships (e.g., temporary housing, drivers)
- Personalize relocation plans and dashboards
- Comply with data protection and labor laws
- Provide customer support
- Conduct analytics and service optimization
- Ensure the security and integrity of our platform
4. International Data Transfers
We are headquartered in the United States, but serve clients globally. When data is transferred from the EU/EEA or UK, we rely on:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions issued by the EU/UK
- Binding Corporate Rules (if applicable)
- Data hosting with vendors holding ISO 27001 certifications and SOC 2 reports (e.g., AWS, Vercel, Supabase)
We ensure a high level of protection no matter where your data is processed.
5. Data Retention
We retain data only as long as necessary to fulfill the purpose for which it was collected, including:
- Legal, tax, immigration retention requirements
- Auditability aligned with ISO 27001 and SOC 2 reporting frameworks
- Ongoing customer support
When no longer needed, we securely delete or anonymize the data per our data retention and deletion policy.
6. Data Security
We maintain a robust Information Security Management System (ISMS) including:
- Data encryption (in transit and at rest)
- Access control and least-privilege principles
- Regular audits, penetration testing, and vulnerability scanning
- Business continuity and incident response planning
- Employee training and background checks
If a data breach occurs, we will notify affected individuals and regulators within required timelines.
7. Data Sharing & Subprocessors
We only share data with third parties when necessary:
- Subprocessors (e.g., Supabase, Google, Vercel, Stripe, immigration consultants)
- Government authorities (when legally required)
- Enterprise customers (as part of contracted service delivery)
All subprocessors are contractually bound to meet our data protection standards, including DPA (Data Processing Addenda) and audit rights.
We never sell personal data.
8. Your Rights Under GDPR
If you are in the EU/EEA, UK, or other applicable regions, you may:
- Access your data
- Rectify incorrect or outdated information
- Delete your data (“right to be forgotten”)
- Restrict or object to processing
- Data portability - receive your data in machine-readable format
- Withdraw consent at any time
To exercise these rights, email support@gullie.io. We respond within 30 days.
9. Cookies & Tracking
We use cookies for essential and optional functions:
- Site functionality
- Usage analytics (Google Analytics, Vercel Analytics)
- A/B testing
- Error monitoring (e.g., Sentry)
Cookie preferences can be updated in your browser settings.
We do not respond to browser-based Do-Not-Track signals currently.
10. Children’s Privacy
Our Services are not intended for individuals under 16. If we learn that we have collected data from a child, we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy to reflect legal, technical, or operational changes. We will notify users of significant updates by:
- Posting a notice on our website
- Emailing affected users (if applicable)
Your continued use of our Services indicates your acceptance.
12. Contact Us
Data Protection Officer:
Rachael Annabelle
Email: support@gullie.io
Phone: +1 (347) 538-6321
Gullie Inc.
2093 Philadelphia Pike #4855
Claymont, DE 19703
United States
13. Supervisory Authority Contact (EU)
If you believe we have not properly addressed your privacy concerns, you have the right to contact your local data protection authority: EU Supervisory Authorities List