Privacy Policy
Effective date: March 11, 2026
1. Who we are
GreenCardClock is operated by STS Solutions LLC ("we", "us", "our"). We operate greencardclock.com, an informational tool for employment-based immigration data. Contact us at hello@greencardclock.com.
2. Information we collect
Account data — When you sign in with Google we receive your name, email address, and profile picture from Google. We store only your email address and subscription status in our database. We do not store your Google password or any payment information. Payment data — When you subscribe to our Pro plan, Stripe processes your payment. We receive only a Stripe customer ID and your subscription status (active, canceled, etc.). Your card details never touch our servers. Newsletter — When you subscribe to our newsletter, we store your email address to send weekly digest emails. Community-submitted data — When you submit an immigration journey (e.g., OPT, H-1B, PERM milestones), a consular case (visa appointments, interview outcomes), or a consular alert, we store the information you provide. If you are signed in, your email is stored with the submission for verification purposes but is never displayed publicly. If you submit anonymously, no identifying information is stored with the submission. Voting data — When you vote on community submissions (helpful or suspicious), we generate a one-way cryptographic hash of your IP address and browser user-agent to prevent duplicate votes. We do not store your actual IP address or user-agent string — only the irreversible hash. Analytics — We use Google Analytics 4 to understand how visitors use our site. Analytics data is collected only after you consent via our cookie banner. This includes pages visited, session duration, device type, and approximate geographic location. See Section 5 for details. Error monitoring — We use Sentry to detect and diagnose application errors. Sentry may collect error context including page URL, browser type, and anonymized stack traces. No personal data is intentionally sent to Sentry.
3. How we use your information
We use your email to: • Identify your account and unlock Pro features after payment • Send the weekly visa bulletin digest (only if you subscribed) • Associate community submissions with your account for trust verification • Respond to support requests you send us We use community-submitted data to: • Display aggregated immigration processing timelines and statistics • Calculate average processing times, approval rates, and trend data • Identify potentially fraudulent or inaccurate submissions via community moderation We use voting hashes to: • Prevent duplicate votes on community submissions • Enable community moderation of data quality We use automated checks to: • Detect statistically implausible submissions (e.g., impossible processing timelines) • Rate-limit submissions per IP address to prevent spam and abuse • Flag outlier data for manual review before including it in aggregated statistics We do not sell your data. We do not use your data for advertising. Community submissions are displayed publicly but never include your email address or personally identifying information.
4. Third-party services
Google OAuth — used for sign-in. Governed by Google's Privacy Policy. Stripe — used for payment processing. Stripe stores your card and billing details. We never see them. Governed by Stripe's Privacy Policy. Google Analytics 4 — used for website analytics. Collects anonymized usage data only after you consent via our cookie banner. Governed by Google's Privacy Policy. Google AdSense — may display advertisements on our site. Ad personalization depends on your cookie consent. Governed by Google's Privacy Policy. Sentry — used for error monitoring and application performance. May receive anonymized error context. Governed by Sentry's Privacy Policy. Google reCAPTCHA — may be used on submission forms to prevent automated spam. reCAPTCHA analyzes user behavior (mouse movements, browsing patterns) to distinguish humans from bots. No personal data is stored by us from reCAPTCHA. Governed by Google's Privacy Policy. Resend — used to send transactional and newsletter emails. Your email address is shared solely to deliver emails you requested. Vercel — hosts our application. May log request metadata (IP, user agent) for security and performance purposes. Neon — your account data, community submissions, and aggregated statistics are stored in a secured PostgreSQL database hosted in the United States.
5. Cookies and session storage
Session cookie — We use a single encrypted session cookie (set by NextAuth) to keep you signed in. This cookie contains your name, email, and subscription status. It expires after 30 days or when you sign out. Cookie consent — On your first visit, we show a cookie consent banner. You can choose to accept or decline analytics and advertising cookies. Analytics cookies — If you consent, Google Analytics 4 sets cookies to measure site usage (e.g., _ga, _ga_*). These cookies are not set unless you click "Accept" on the consent banner. Advertising cookies — If you consent, Google AdSense may set cookies for ad personalization. If you decline, only non-personalized ads may be shown. Consent cookie — We store your consent choice in a cookie (gcc_consent) that expires after 1 year. We implement Google Consent Mode v2 to ensure no tracking occurs before you grant consent.
6. Data retention
Account data — We retain your account data for as long as your account is active. If you request deletion, we will remove your email and subscription record from our database within 30 days. Community submissions — We retain community-submitted data according to the following schedule: • Immigration journey entries (OPT, H-1B, PERM milestones): 3 years • Consular case data (appointments, interview outcomes): 3 years • Green card community timelines (EB category timelines): 5 years • Consular alerts (closures, policy changes): 2 years • Voting hashes (anonymized IP+user-agent hashes): 90 days, then permanently deleted After the retention period, data is permanently deleted from our database. Magic link tokens — Expire after 24 hours and are automatically deleted. Deletion requests — You may request deletion of any community submission you made while signed in, or request full account deletion, by emailing hello@greencardclock.com. We will process your request within 30 days.
7. Security
We use HTTPS for all connections. Passwords are never stored — authentication is handled entirely by Google. Payment data is handled entirely by Stripe. Access to our database is restricted to application infrastructure.
8. Your rights (GDPR / international users)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under data protection law: • Right to access — request a copy of the personal data we hold about you • Right to rectification — request correction of inaccurate data • Right to erasure — request deletion of your data ("right to be forgotten") • Right to data portability — receive your data in a structured, machine-readable format • Right to restrict processing — request that we limit how we use your data • Right to object — object to processing based on legitimate interests • Right to withdraw consent — withdraw consent at any time where processing is based on consent To exercise any of these rights, email us at hello@greencardclock.com. We will respond within 30 days. Legal basis for processing: We process your data based on (a) your consent (newsletter subscription, cookie consent), (b) performance of a contract (providing our service to registered users), and (c) legitimate interests (security, service improvement). Our data is stored in the United States via secured cloud infrastructure providers. By using GreenCardClock, you consent to data transfer to the US. If you believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection authority.
9. Community data and public display
When you submit immigration journey data, consular case data, or consular alerts, this information is displayed publicly on our platform to help other immigration applicants. The following information is never publicly displayed: • Your email address • Your IP address or any network identifier • Your Google account details The following information may be publicly displayed as part of your submission: • Immigration milestone dates (filing dates, decision dates, etc.) • Visa type, country of birth, consulate city, employer type/industry, and state • Service center, receipt prefix (first 5 characters only, e.g., "MSC24"), and decision outcomes • Free-text notes you provide (limited to 500 characters) • Your verification level badge (Anonymous, Email Verified, or Gold Verified) • Vote counts (helpful/suspicious) from other users Automated quality checks — Submissions are automatically checked for statistical plausibility. Entries with dates or timelines that fall significantly outside normal ranges may be automatically flagged and excluded from aggregated statistics until manually reviewed. Community moderation — Other users can vote submissions as "helpful" or "suspicious." Submissions flagged as suspicious by multiple users or by our automated systems may be hidden from public view. You may report inaccurate submissions. By submitting data, you confirm that the information is truthful to the best of your knowledge. You understand that your submission will be visible to other users and used in aggregated statistics.
10. Children
GreenCardClock is not directed at children under 13. We do not knowingly collect data from children under 13.
11. Changes to this policy
We may update this policy as our service evolves. We will update the effective date at the top of this page. Continued use of the service after changes constitutes acceptance of the updated policy.
12. Contact
Questions about this policy? Email us at hello@greencardclock.com.