Report Now

Privacy Policy for Report A Migrant

Effective Date: 09/28/2025  |  Last Updated: 09/28/2025

Report A Migrant (“we,” “our,” “us,”) is a civilian-operated reporting platform designed to collect, review, and forward reports related to suspected unlawful immigration activity. Because submissions may involve highly sensitive data and potential legal consequences, this Privacy Policy is designed to be comprehensive, transparent, and compliant with global data protection standards.

By submitting information through Report A Migrant, you agree to the practices described in this Privacy Policy.

1. Applicability & Scope

This Privacy Policy governs all data collected via:

  • The Report A Migrant website, forms, and portals.
  • Any supporting documents or evidence uploaded.
  • Payment verification systems tied to submissions.
  • Direct communications with Report A Migrant staff or automated systems.

This Policy does not govern:

  • The actions of recipients to whom reports are forwarded (e.g., U.S. Immigration and Customs Enforcement, employers, landlords, or organizations).
  • External services you use independently (e.g., browser, ISP, third-party storage).

2. Types of Information Collected

a) User-Submitted Report Data

  • Written descriptions of individuals, businesses, landlords, or organizations.
  • Personal identifiers such as names, nicknames, or aliases.
  • Nationality, immigration status (suspected or known), and language spoken.
  • Social media accounts, phone numbers, or online handles.
  • Uploaded evidence (images, documents, videos, audio).
  • Incident dates, times, and locations.
  • Optional categorization selected by you (e.g., individual, business, residence).

b) Verification & Financial Data

  • Limited billing information processed by PCI-compliant providers.
  • Transaction IDs, payment method type, amount, and timestamps.
  • Fraud-prevention checks performed by third parties.

Note: We never store full payment card numbers, CVVs, or bank account details.

c) Technical & Network Data

  • IP addresses, approximate geolocation, and device identifiers.
  • Browser type, operating system, and session length.
  • Security logs for fraud prevention, abuse detection, and system stability.

d) Metadata Awareness

  • Uploaded files may contain hidden metadata (EXIF data, GPS coordinates, author names, timestamps).
  • Report A Migrant does not scrub metadata; responsibility lies with the submitter.

e) Cookies & Tracking

  • Session cookies required for form functionality.
  • Security cookies for bot and spam prevention.
  • Analytics cookies only if explicitly consented.

3. Lawful Basis for Processing

For GDPR/UK GDPR (EU/UK Users)

  • Legitimate Interests – Processing reports to fulfill the platform’s purpose.
  • Legal Obligation – Compliance with lawful demands.
  • Consent – When providing optional data or agreeing to analytics.
  • Contractual Necessity – Payment verification transactions.

For CPRA/CCPA (California Users)

  • You have rights to know, delete, correct, and opt-out of certain data uses.
  • Report A Migrant does not “sell” personal data as defined by CPRA.

4. Use of Information

We use data to:

  1. Log, review, and forward reports to appropriate recipients.
  2. Detect, prevent, and investigate fraud, spam, or abuse.
  3. Fulfill financial and tax obligations.
  4. Improve platform reliability, performance, and security.
  5. Respond to lawful government or court requests.

We do not:

  • Monetize reports.
  • Sell personal data.
  • Use data for behavioral advertising or user profiling.

5. Disclosures & Sharing

a) Authorized Recipients

  • U.S. Immigration and Customs Enforcement (ICE) or other government agencies.
  • Employers, landlords, or organizations identified in reports, when appropriate.
  • Law enforcement or policymakers as relevant.

b) Service Providers

  • Payment processors (e.g., Stripe, PayPal).
  • Cloud hosting, database, and content delivery networks.
  • Cybersecurity and anti-fraud vendors.

c) Legal Obligations

  • Compliance with subpoenas, warrants, or statutory demands.
  • Investigations into misuse of the platform.

6. Data Retention

  • Reports & Submissions: Retained only as long as necessary for forwarding, auditing, or compliance, then deleted or anonymized.
  • Payment Metadata: Retained 3–7 years for financial and tax compliance.
  • Technical Logs: Retained 30–90 days unless extended for investigations.
  • Anonymized Data: Retained indefinitely for research and auditing purposes.

7. Security Safeguards

  • Encryption: TLS/SSL in transit; AES-level encryption at rest.
  • Access Controls: Role-based, least-privilege permissions.
  • Network Security: Firewalls, DDoS protection, intrusion detection.
  • Data Segmentation: Uploaded evidence stored separately from logs.
  • Monitoring: Automated anomaly detection and manual reviews.
  • Backups: Encrypted, short-lived, and regularly purged.

8. Data Governance & Accountability

  • Data Protection Officer (DPO): Oversees compliance and audits.
  • Training: Staff/contractors receive mandatory privacy training.
  • Vendor Agreements: Bound by written Data Processing Agreements (DPAs).
  • Audits: Regular internal and vendor compliance checks.
  • Documentation: Detailed records of processing activities.

9. User Rights

Depending on jurisdiction, you may request to:

  • Access your personal data.
  • Correct inaccurate information.
  • Request deletion (subject to legal exceptions).
  • Restrict or object to processing in specific contexts.
  • Request data portability (GDPR).
  • File a complaint with your supervisory authority.

10. International Transfers

Data may be stored in the U.S. or transferred internationally with safeguards such as:

  • EU Standard Contractual Clauses (SCCs).
  • Vendor certifications (ISO 27001, SOC 2).

11. Children’s Privacy

We do not knowingly accept submissions from individuals under 18. Any identified data will be deleted promptly.

12. Incident Response & Breach Notification

  1. All incidents logged and investigated immediately.
  2. Containment and mitigation measures implemented.
  3. Affected parties notified when legally required.
  4. Regulators notified within timelines (72 hours under GDPR).
  5. Post-incident reviews conducted to strengthen protections.

13. Anonymity & User Responsibility

  • We do not request personal identifiers beyond payment verification.
  • Complete anonymity cannot be guaranteed; IP addresses or logs may be disclosed under lawful compulsion.
  • Users are responsible for stripping metadata before uploading files.
  • Fraudulent, malicious, or defamatory submissions may void anonymity protections.

14. Third-Party Links

Our platform may link to external websites. We are not responsible for the content or practices of third parties.

15. Governing Law

This Privacy Policy is governed by the laws of the State of Texas, United States. Disputes shall be resolved exclusively in Texas courts.

16. Updates & Amendments

We may update this Privacy Policy at any time. Revised versions will display a new “Last Updated” date. Continued use constitutes acceptance.