Privacy policy.

Who we are

MovingRated.com is operated by Aurum Transfers Limited, a company organized under the laws of Jamaica. Aurum Transfers Limited is the data controller for personal information collected on MovingRated.com. Contact for any privacy matter: hello@movingrated.com.

The short version

• We collect your email when you subscribe to a guide or the newsletter.
• We collect aggregate page-view analytics with no individual tracking and no cross-site profiling.
• We earn affiliate commissions when you click a labeled affiliate link and complete a booking. We don't pass your email or name to the advertiser; the affiliate networks track only the click event and the conversion outcome via their own cookies or tracking parameters.
• We collect aggregate page-view analytics and error-monitoring data to improve site quality. Details below.
• We rely on a small set of third-party service providers (hosting, analytics, error monitoring, advertising, email, and affiliate networks) — summarized under “Service providers” below.
• We do not sell or share your personal information for cross-context behavioral advertising. We do not profile you. We honor the Global Privacy Control (GPC) signal where browsers send it.
• You can unsubscribe with one click. You can request deletion of your data at any time by emailing hello@movingrated.com.

What we collect

Subscriber data. When you sign up for an email lead magnet (state checklist, hidden-cost guide, newsletter), we collect: your email address; the magnet you signed up for; the page you signed up from; the date and time of signup; and an SHA-256 hash of your IP address used solely to detect signup abuse (the hash is one-way and cannot be reversed to recover the original IP).

Concierge service data. If you use our moving-concierge service, the intake form collects what you enter so we can find you a mover: your name, email, and phone number; your origin and destination (city and state, plus ZIP if you provide it); your move date and flexibility; home size; budget range; and any inventory or special-handling notes. We use this only to contact you, confirm the move, and source mover options on your behalf. It is stored in our database and is never sold. You contract and pay your chosen mover directly, so we do not collect payment-card details. These records are retained while we are assisting with your move and for up to 24 months afterward (for support and dispute resolution), and are deletable on request.

Affiliate click data.When you click a link to a featured partner, MovingRated records the click event (which campaign, which page, the date and time) for our own performance reporting. The redirect then forwards you to the partner with the standard affiliate-network parameters; the affiliate network (e.g., Impact, FlexOffers, Rakuten, CJ) records the click on its end and may set its own cookie or use other tracking parameters on the partner's landing page to attribute a later booking. We do not pass your email address, name, or any directly identifying data to the affiliate network or to the partner through our redirect — those parties receive only what their own page collects from you directly when you arrive there. The affiliate networks we work with (Impact, FlexOffers, Rakuten, CJ) are summarized under “Service providers” below.

Contact form submissions. When you email us or submit a contact inquiry, we collect your email address and the content of your message to respond to your enquiry. This data is used solely to address your request and is not shared with third parties.

Analytics. We collect aggregate page-view data: which page was viewed, referrer, device class (mobile vs. desktop), country (not city or precise location). Our analytics setup is configured to operate without setting tracking cookies and without associating page views with individual identities:

• PostHog (product analytics) — pageviews, page-leave timing, and Core Web Vitals performance metrics. Session recordings, heatmaps, and click-level autocapture are explicitly disabled. PostHog runs in memory-only persistence mode, which means no cookies are set and no cross-tab session tracking occurs.
• Cloudflare Web Analytics — a privacy-friendly aggregate analytics beacon provided by our CDN. It records pageviews and basic page performance metrics without setting cookies and without using browser fingerprinting techniques.

Error monitoring.We use Sentry to capture JavaScript errors that occur while you use the site, so we can fix bugs. Error events include the URL where the error occurred, the error message and stack trace, your browser and operating system (e.g., "Chrome on Windows"), and a coarse country-level location. Sentry's session-replay feature is explicitly disabled. Error events are tunneled through our own domain (movingrated.com/monitoring) before being forwarded to Sentry; this is for adblocker resilience, not additional data collection.

Email engagement. If you receive an email from us, our email service provider records when the email was delivered, opened, and which links were clicked. This is used to fix delivery problems and improve content; it is not shared externally and is never used for cross-site profiling.

Sensitive personal information.Under California's CPRA and analogous state laws, "sensitive personal information" includes precise geolocation, biometric data, racial or ethnic origin, religious beliefs, health data, sexual orientation, citizenship status, and similar categories. MovingRated does not collect, infer, process, or retain any such category of sensitive personal information.

What we do not collect. Aside from the concierge intake details described above (which you provide voluntarily to use that service), we do not collect: payment-card information; browsing history outside MovingRated; biometric or behavioral fingerprints; or any data from third-party trackers.

Cookies and similar technologies

Plain version: Cloudflare sets strictly-necessary security cookies. Once Google AdSense is active, it will set advertising and analytics cookies subject to your consent in regions that require it.

The cookies that may be set on your browser when you visit MovingRated:

• Strictly-necessary cookies set by Cloudflare for security, bot protection, and performance (e.g., __cf_bm, cf_clearance). Exempt from consent requirements under the EU ePrivacy Directive and analogous U.S. state-law carve-outs.
• Advertising and analytics cookiesset by Google AdSense (once active) to measure ad performance and prevent the same ad from being shown repeatedly. In the EEA, UK, and Switzerland, these cookies require your explicit consent via the consent management platform displayed on first visit. In U.S. states with sale/share opt-out rights, you can disable these cookies via the “Do Not Sell or Share My Personal Information” link in the footer.

Advertising partners

MovingRated.com displays advertisements served by named third-party advertising partners. We do not sell or share personal information with these partners for cross-context behavioral advertising; the cookies they set are for ad measurement, frequency capping, and non-targeted serving.

Our current advertising partners:

• Google AdSense— advertising network from Google LLC. Google AdSense's privacy policy: policies.google.com/technologies/ads. Opt-out from personalized advertising: adssettings.google.com.

We use Google Consent Mode v2 to ensure that all advertising cookies require your explicit consent before being set in regions that require it (EEA, UK, Switzerland). Outside those regions, you can opt out of cookie-based personalized advertising via the network-specific links above, or via the YourAdChoices opt-out page at optout.aboutads.info.

How we use what we collect

To send you the email magnet you requested. To send the newsletter you subscribed to. To improve which content we publish next. To respond to contact enquiries and editorial corrections you submit. To detect and stop signup abuse (e.g., one IP submitting hundreds of fake emails). For nothing else. We do not use any of the above for advertising, retargeting, or cross-context behavioral profiling.

Service providers

We use third-party service providers to operate the site. Each processes data only as needed to provide its service to us, is bound by its own privacy policy, and (where applicable) by a written data-processing agreement. We do not share your data with anyone outside these categories:

• Hosting & infrastructure — application hosting, CDN, DNS, and security/bot protection.
• Analytics — PostHog (cookieless, memory-only) and Cloudflare Web Analytics (cookieless), for aggregate page-view and performance metrics only.
• Error monitoring — Sentry, for JavaScript error reports (session replay disabled).
• Advertising— Google AdSense (see “Advertising partners” above).
• Email — our newsletter and transactional-email provider, to deliver messages you request.
• Affiliate networks— Impact, FlexOffers, Rakuten, and CJ, which record only the click and conversion outcome after you leave our site (see “Affiliate click data” above).

To ask which specific provider operates in any category, or for a copy of the relevant data-processing agreement, email hello@movingrated.com.

Data retention

Subscriber records.Retained as long as you're subscribed, plus a 30-day grace period after unsubscribe to honor any re-subscribe request. After 30 days we delete the email address from our active database.

Aggregate analytics. Retained for 24 months in aggregate form. No individual-level analytics records are retained.

Error events (Sentry). Retained for 90 days, then purged.

Email engagement. Retained for 13 months from the most recent engagement event.

Contact enquiries. Retained for 13 months from receipt, after which records are purged unless a regulatory hold or ongoing matter requires longer retention.

Your rights

Regardless of where you live, you may email hello@movingrated.com to:

• Get a copy of all data we have associated with your email address (right of access).
• Correct any data that's wrong (right of rectification).
• Delete all data associated with your email address (right of erasure).
• Object to any specific use (right to object).
• Receive your data in a portable, machine-readable format (right of data portability).
• Request that we stop sending you any emails immediately.
• Withdraw any consent you previously granted.

We respond to substantive data requests within 30 days for GDPR, and within 45 days for U.S. state privacy laws (extendable by 45 additional days where permitted, with notice). Most requests are resolved within five business days. We may verify your identity (typically by replying from the email address tied to the data) before fulfilling a request.

Right to non-discrimination. We will not deny you service, charge you a different price, or provide a different level of service because you exercised any right under this policy.

Universal opt-out: Global Privacy Control (GPC)

MovingRated honors the Global Privacy Control (GPC) signal where your browser sends it. GPC is recognized as a valid opt-out preference signal under the California CCPA/CPRA, the Colorado Privacy Act, and the Connecticut Data Privacy Act, among others. When we detect a GPC header on a request: (a) we treat the request as an opt-out of any "sale" or "sharing" of personal information (we do not sell or share in any case, but the signal is honored); and (b) we do not initiate any non-essential third-party processing for that session. Because we do not run advertising trackers or perform cross-context behavioral advertising, the GPC signal has minimal additional effect — but it is honored, and we treat it as a binding preference under your applicable state law.

MovingRated also honors browser "Do Not Track" (DNT) signals as equivalent to GPC for the same purpose.

Jamaica Data Protection Act, 2020

As a Jamaican company, Aurum Transfers Limited is subject to the Jamaica Data Protection Act, 2020 (the "DPA") and to the oversight of the Office of the Information Commissioner of Jamaica. The DPA grants data subjects rights of access, correction, erasure, objection, and complaint that substantially align with the rights described elsewhere in this policy. To exercise any right under the DPA, email hello@movingrated.com. If you are not satisfied with our response, you may lodge a complaint with the Office of the Information Commissioner of Jamaica at oic.gov.jm.

GDPR (European Economic Area and U.K. readers)

If you live in the EEA or the U.K., the legal basis for processing your data is your consent (you subscribed) and our legitimate interest in operating the website. You have the right to withdraw consent, lodge a complaint with your local supervisory authority, and exercise all rights under GDPR Articles 15–22 and the U.K. GDPR. Our data controller contact: hello@movingrated.com.

MovingRated does not currently maintain an EU-based representative under GDPR Article 27. EEA readers may contact us directly at the email above; we will appoint a representative if processing volume materially increases.

Contact enquiry data is retained per the schedule described under "Data retention" above. You can request deletion of your identifying information from any retained record at any time by emailing hello@movingrated.com.

U.S. state privacy laws

If you live in a U.S. state with a comprehensive consumer privacy law, that law gives you rights to know, access, correct, delete, port your data, and opt out of any sale, sharing for cross-context behavioral advertising, or profiling that produces legal or similarly significant effects. MovingRated does not sell personal information, does not share personal information for cross-context behavioral advertising, and does not engage in automated profiling that produces legal or similarly significant effects.

To exercise any state-specific right, email hello@movingrated.com with your request and the state where you reside. We respond per the timelines below.

The list below identifies the comprehensive consumer privacy laws that apply to U.S. state residents as of the "Last updated" date at the top of this page. The rights granted are substantively similar across all of these statutes — access, correction, deletion, portability, opt-out — though specific carve-outs and definitions vary. A consolidated description follows the list.

• California — CCPA / CPRA (effective Jan 1, 2020 / Jan 1, 2023)
• Virginia — VCDPA (Jan 1, 2023)
• Colorado — CPA (July 1, 2023)
• Connecticut — CTDPA (July 1, 2023)
• Utah — UCPA (Dec 31, 2023)
• Texas — TDPSA (July 1, 2024)
• Oregon — OCPA (July 1, 2024)
• Florida — FDBR (July 1, 2024) — applicability is narrower than other states
• Montana — MCDPA (Oct 1, 2024)
• Iowa — ICDPA (Jan 1, 2025)
• Delaware — DPDPA (Jan 1, 2025)
• Nebraska — NDPA (Jan 1, 2025)
• New Hampshire — NHPA (Jan 1, 2025)
• New Jersey — NJDPA (Jan 15, 2025)
• Tennessee — TIPA (July 1, 2025)
• Minnesota — MCDPA (July 31, 2025)
• Maryland — MODPA (Oct 1, 2025)
• Indiana — ICDPA (Jan 1, 2026)
• Rhode Island — RIDTPPA (Jan 1, 2026)
• Kentucky — KCDPA (Jan 1, 2026)

Common rights across these laws. Subject to verification and state-specific exceptions, you may: (a) confirm whether we process your personal data; (b) access a copy of the data we hold about you; (c) correct inaccuracies; (d) request deletion; (e) receive a portable copy; (f) opt out of any sale, sharing for cross-context behavioral advertising, targeted advertising, or covered profiling; and (g) (in several states) appeal a denial of a privacy request. MovingRated does not sell or share personal information for any of those purposes, but the right exists and we honor opt-out signals (including GPC) accordingly.

Response timeline. Substantive response within 45 days of a verifiable consumer request, extendable once by an additional 45 days where permitted, with notice to you. California requests are acknowledged within 10 business days of receipt.

Authoritative references for the most-trafficked states: California (CCPA/CPRA), Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA).

Children (COPPA)

MovingRated is not directed at children under 13 and we do not knowingly collect personal information from children under 13. We comply with the Children's Online Privacy Protection Act of 1998 (COPPA, 15 U.S.C. § 6501 et seq.) and its implementing regulations. If you are a parent or guardian and believe your child has provided us with personal information, email hello@movingrated.com and we will delete it promptly.

Security

We implement administrative, technical, and physical safeguards designed to protect personal information, including encryption at rest for sensitive fields, TLS 1.2+ for data in transit, principle-of-least-privilege access controls, rate-limiting, and routine security review of dependencies. No security program is perfect; we will notify you and any applicable supervisory authority of any data breach affecting your personal information within the timelines required by law (including the GDPR's 72-hour notification requirement to a supervisory authority and applicable state-law breach notification requirements).

International transfers

MovingRated's primary processing infrastructure is located in the United States. If you are located outside the United States, your personal information will be transferred to and processed in the United States. For transfers from the EEA or the U.K., we rely on Standard Contractual Clauses (or the U.K. International Data Transfer Addendum) where required by our service providers.

Changes to this policy

We may update this policy. Material changes will be announced at the top of this page and dated. Where we have your email address, we will provide advance email notice for material changes. Older versions are kept on file and available on request.

Contact

For any privacy question, request, or concern, email hello@movingrated.com.