Buitenland LoketBuitenland Loket

Transparency Report

We are committed to being fully transparent about how Buitenland Loket handles data. This report details what we collect, what we do not collect, how we protect information, and the principles that guide every decision we make.

Last updated: March 2026
Our Principles

Privacy is not a feature. It is the foundation.

These principles are not aspirational. They are built into every technical decision, every product feature, and every partnership we enter.

01

Collect only what is necessary

We ask for the minimum amount of information needed to provide the service. Users can choose nicknames instead of real names, and most profile fields are optional.

02

Never sell user data

We do not sell, trade, or share individual user data with third parties for commercial purposes. This is a fundamental principle, not a policy that can change.

03

Anonymize before analyzing

Any data used for research or insights is fully anonymized and aggregated before it is made available. No individual user can be identified from our Research Open Data.

04

Delete when no longer needed

When a case is resolved and handed over to a partner, it is deleted from our systems. We do not retain data beyond its useful purpose.

05

Be transparent about partnerships

When a user's case may be referred to a partner, we always inform the user first, clearly indicate any potential costs, and only proceed with explicit consent.

06

Webviews are private by design

When users access external services through our portal items, all interactions happen directly between the user and the external website. We have no technical ability to view, intercept, or process any data entered on those platforms.

Data Overview

What we collect and what we do not

A complete breakdown of every data category, what is collected, what is explicitly not collected, where it is stored, and how long it is kept.

User Profile Data
EU-based serversUntil user deletes account
Collected
  • Display name (or chosen nickname)
  • Country of residence
  • User type (individual or business)
  • Primary reason for being abroad (voluntary)
  • Installed dashlets and portal items
  • Selected app icon, theme color, and accent color
Not collected
  • Real full name (nickname allowed)
  • Home address
  • Date of birth
  • Government ID numbers
  • Social media profiles
Communication Data
EU-based serversCases deleted after handover to partner
Collected
  • Inbox messages from government institutions
  • Case details (when user creates a case)
  • Email address (only for case follow-up)
Not collected
  • Message read timestamps
  • Personal device identifiers
  • IP addresses
  • Browsing history within the app
Location Data
Not stored persistentlySession-based only
Collected
  • Current country (via network detection)
  • Current region (via network detection)
Not collected
  • GPS coordinates
  • Location history
  • Movement patterns
  • Travel timeline
  • Precise location tracking
Business / CRM Data
Cloudflare Zero Trust secured CRMDuration of partnership
Collected
  • Organization name
  • Contact person name
  • Business email address
  • Partnership details
Not collected
  • Financial data
  • Employee personal data
  • Customer databases
MijnBuitenland Portal Items
EU-based serversUntil user removes the item
Collected
  • User-selected external service bookmarks
Not collected
  • Data entered on external websites
  • Login credentials for external services
  • Form submissions on external platforms
  • Any interaction data within webviews
Security

How we protect your data

Security is not an afterthought. These measures are the foundation of our infrastructure.

Cloudflare Zero Trust

Our CRM and internal systems are protected by Cloudflare Zero Trust architecture. No user or device is automatically trusted. Every access request is continuously verified based on identity, context, and security posture.

Multi-Factor Authentication

All internal systems require multi-factor authentication. Access is managed through Single Sign-On with strict identity verification and session management.

Role-Based Access Control

Access to any data is restricted to authorized personnel only, with role-based permissions ensuring that each person can only access what is strictly necessary for their function.

EU-Based Infrastructure

All user data is hosted on servers located within the European Union, ensuring compliance with EU data protection regulations and GDPR requirements.

AI Transparency

How our AI works

Our AI assistant, Slimme Gids, is designed with transparency and safety in mind. Here is exactly how it works and what data it uses.

AI Framework
Google Gemini (primary)
Custom Layer
WereldGPT
Data Sources
Verified government sources only
Training Data
Own curated dataset
User Queries
Processed via API, not stored
Source Verification
Only trusted, verified sources referenced

Important: AI limitations

While our WereldGPT layer ensures users are only directed to verified and trusted sources, AI can still make mistakes. Users are always encouraged to verify important information through official channels. Buitenland Loket is a guide, not a replacement for professional advice.

Partners

How partnerships work

We work with verified partners to help users with complex situations. Here is how we handle that process.

01

User creates a case

A user has a question too complex for the AI. They describe their situation and provide an email for follow-up.

02

We look for help

If a verified partner (e.g. a lawyer) can assist, we inform the user and clearly indicate any potential costs.

03

User gives consent

The case is only shared with the partner if the user explicitly agrees. No data moves without clear consent.

04

Case is deleted

Once the case is handed over, it is deleted from our systems. We do not retain case data after handover.

Content Policy

All content published within Buitenland Loket is subject to human review and approval.

Allowed

  • Government information and services
  • Legal and tax advisory content
  • Healthcare and insurance information
  • Immigration and visa guidance
  • Banking and financial services relevant to expats
  • Community events and cultural activities

Not allowed

  • Political content or campaigning
  • Unrelated commercial advertising
  • Consumer retail promotions
  • Unverified service providers
  • Content not relevant to users abroad
  • Misleading or deceptive information