Data Privacy Protocol

/// COMPLIANCE: GDPR + CCPA/CPRA /// LAST UPDATED: FEBRUARY 2026

PARALLEL operates under a strict non-disclosure and data minimization protocol. As a global mobility consultancy, we understand that our clients require absolute discretion regarding their jurisdictional structuring and asset profiles. This protocol outlines how we protect your sovereignty in a digital landscape.

1.0 / Data Collection Vectors

We only collect data explicitly provided by you for strategic analysis. Under California and EU law, we disclose the following categories:

Identity Data: Name, Email, and Encrypted Contact Methods (Signal/Telegram).
Sovereign Data: Current citizenship, tax residency, and asset allocation ranges (collected via the Sovereign Simulator).
Technical Data: IP addresses and browser fingerprints are minimized and used solely for security verification via Formspree/Zapier.

2.0 / Legal Basis for Processing (GDPR)

Pursuant to Article 6 of the GDPR, PARALLEL processes your information under the following legal frameworks:

Performance of Contract: Necessary to deliver the Vulnerability Audit or Strategy Roadmap you requested.
Legal Obligation: To comply with California Business & Professions Code § 22443, which mandates record retention for immigration consultants.
Legitimate Interests: To protect our interface from fraudulent activity and manage our internal workflows via Zapier.
Consent: For any optional strategic briefings or newsletters (managed via an active opt-in).

3.0 / International Data Transfers

PARALLEL is headquartered in the United States. Data from residents of the EEA, UK, or Switzerland is transferred to the US under Standard Contractual Clauses (SCCs). We have implemented supplementary technical measures, including end-to-end encryption for document transfers, to ensure your data receives a level of protection equivalent to European standards.

4.0 / The "Retention vs. Burn" Protocol

California Statutory Retention: As a registered California Immigration Consultant, we are legally required to retain copies of all client contracts and forms for **three (3) years** from the date of last service. We cannot delete these records upon request until this window expires.

GDPR Right to Erasure: For all other data (marketing leads, simulator results, or correspondence not part of a formal filing), we honor the "Burn Protocol" (Right to Erasure). Upon request, we will purge this data within 30 days.

5.0 / Third-Party Logic

We do not sell, rent, or trade your data. To facilitate our operations, data flows through the following secure pipelines:

Formspree: Our secure endpoint for form submissions.
Zapier: Used for automated internal triggers and routing your requests to our advisors.
Strategic Partners: Only upon your explicit instruction do we share data with licensed attorneys or investment funds in your target jurisdiction.

6.0 / Your Global Rights

Regardless of your location, you may exercise the following rights by emailing compliance@globalcitizenship.co:

Access & Portability: Request a digital dossier of all data we hold on you.
Correction: Update inaccurate sovereign or financial data.
Opt-Out (California): Execute your right to stop the "sharing" of your personal info for targeted advertising (Note: We do not currently share data for this purpose).
Withdraw Consent: Revoke your opt-in for our digital briefings at any time.

7.0 / Operational Jurisdiction

This protocol is governed by the laws of the State of California. Any disputes regarding data privacy shall be resolved via binding arbitration in San Diego County. Residents of the EU retain the right to lodge a complaint with their local Data Protection Authority.

PARALLEL
Questions regarding this protocol should be directed to our Compliance Officer via secure email.