Privacy Policy

At Visa Document Checker, we collect information to provide you with our AI-powered visa preparation services. This includes:

• Account Information: Name, email address, and authentication data when you create an account or sign in via third-party providers (e.g., Google).
• Applicant Details: Passport number, date of birth, nationality, visa history, and travel dates you provide for your visa applications.
• Visa Documents: Documents, images, and forms you upload directly into our platform for AI evaluation, which may include passports, bank statements, invitation letters, and other supporting materials.
• Usage Data: Information about how you interact with our platform, including specific visa types selected, application progress, and interactions with our chatbot.
• Payment Information: We use Stripe to process payments. We do not store your complete credit card information on our servers.
• Technical Data: IP address (stored with your session for security purposes), browser type, and device information collected automatically.

We process your personal data based on the following lawful grounds:

• Contract Performance: Processing your data is necessary to provide the visa preparation service you signed up for, including document evaluation, checklist generation, and AI-powered feedback.
• Consent: You provide explicit consent when creating your account and agreeing to our Terms of Service and this Privacy Policy. You may withdraw consent at any time by deleting your account.
• Legitimate Interest: We process certain data to improve our services, ensure platform security, and prevent fraud, where such interests are not overridden by your rights.

We use the information we collect primarily to deliver our core services:

• To analyze your uploaded documents using AI algorithms to detect inconsistencies and calculate rejection risks.
• To provide personalized, embassy-specific checklists and feedback.
• To power our AI chat assistant that answers visa-related questions using context from your documents.
• To process transactions and send you related information, including confirmations and receipts.
• To send technical notices, updates, security alerts, and support messages.

We rely on a small set of trusted third-party subprocessors to operate the product, including providers for AI processing, hosting, payments, email delivery, authentication, monitoring, and account-security checks.

For the current public registry of subprocessors, their role in the service, and their website, see our Subprocessors page. Each provider operates under a Data Processing Agreement (DPA) or comparable contractual safeguards where applicable.

We do not sell, trade, or rent your personal information to any third party. Data is shared with processors solely for the purpose of operating our service.

Your data may be processed outside your country of residence. Specifically:

• Personal data may be processed by OpenAI in the United States.
• Personal data may be processed by Perplexity AI in the United States.
• Data may be stored and served through Cloudflare's globally distributed infrastructure.
• Payment-related data is processed by Stripe in the United States.

These transfers are protected by Data Processing Agreements with each provider, which include Standard Contractual Clauses (SCCs) as approved by the European Commission where applicable.

We retain your data for the following periods:

• Account data: Retained until you delete your account.
• Visa applications and uploaded documents: Retained until you delete the application or your account. You can delete individual applications at any time from your dashboard.
• AI chat history: Retained as part of your visa application and deleted when the application is deleted.
• Document embeddings (Vectorize): Deleted when the associated document or application is deleted.
• Session data: Automatically expires after 30 days of inactivity.
• Payment records: Retained as required by applicable tax and accounting laws.

We use the following cookies, all of which are necessary for the operation of our service:

• session — Authentication session cookie (httpOnly, secure, 30-day expiry).
• csrf-token — Cross-site request forgery protection (httpOnly, secure, 24-hour expiry).
• lastActiveApp — Remembers your last active visa application for convenience (30-day expiry).

We use Cloudflare Web Analytics for anonymous, aggregated performance metrics. This does not use cookies and does not track individual users.

We do not use any advertising trackers, retargeting pixels, or third-party analytics that track individual users.

Depending on your location, you may have the following rights under GDPR, UK GDPR, CCPA, or other applicable data protection laws:

• Right to Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate personal data.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your account and all associated data, including uploaded documents, AI evaluations, chat history, and document embeddings.
• Right to Data Portability: Request your data in a structured, machine-readable format.
• Right to Object: Object to certain types of data processing.
• Right to Withdraw Consent: Withdraw your consent at any time by deleting your account.
• Right to Lodge a Complaint: File a complaint with your local data protection authority.

How to exercise your rights: You can delete individual visa applications and their documents directly from your dashboard. To delete your entire account or exercise any other right listed above, please contact us at support@visadocumentchecker.com. We will respond to your request within 30 days.

Visa Document Checker's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We only request the minimum required scopes necessary for authentication (such as email and basic profile information) unless explicit consent is provided for additional integrations.

Our service is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy on this page with a new "Last updated" date. We encourage you to review this policy periodically.