Privacy Policy

1. Introduction

VisaApt ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our visa appointment monitoring service.

By using VisaApt, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.

2. Information We Collect

2.1 Personal Information

We collect information that you provide directly to us, including:

• Name and email address
• Phone number (for WhatsApp notifications, if opted in)
• Appointment preferences (location, dates, visa type)
• Bid amount and payment information
• Communication preferences

2.1a Google Sign-In

When you sign in with Google (Google OAuth), we collect:

• Email address: Used for account identification and communication
• Full name: Used to personalize your account
• Google user ID: Used to link your Google account to our service
• Profile picture (optional): May be displayed in your account

We only request the minimum permissions necessary (email and basic profile information). We do not access your:

• Google Drive files
• Gmail messages
• Google Calendar events
• Google Contacts
• Any other Google services data

Your use of Google Sign-In is subject to Google's Privacy Policy: https://policies.google.com/privacy

You can revoke VisaApt's access to your Google account at any time by visiting your Google Account Permissions page.

2.2 Payment Information

We use Stripe as our payment processor. When you provide payment information:

• Your payment card details are sent directly to Stripe and never stored on our servers
• We receive a secure token from Stripe to process future charges
• We store only the last 4 digits of your card and expiration date for reference
• All payment data is encrypted and PCI DSS Level 1 compliant

2.3 Automatically Collected Information

When you access our service, we automatically collect:

• IP address and geolocation data
• Browser type and version
• Device information (type, operating system)
• Usage data (pages visited, time spent, features used)
• Cookies and similar tracking technologies

2.4 Analytics and Tracking

We use PostHog for analytics to understand how users interact with our service. This includes:

• Page views and user flows
• Feature usage and interactions
• Session recordings (anonymized)
• Performance metrics

You can opt out of analytics tracking in your account settings.

3. How We Use Your Information

We use the information we collect to:

• Monitor visa appointment systems for available slots matching your criteria
• Send notifications when appointments are found
• Process payments when we successfully deliver results
• Communicate with you about your requests and our service
• Improve and optimize our service
• Detect and prevent fraud or abuse
• Comply with legal obligations
• Provide customer support

4. How We Share Your Information

4.1 Service Providers

We share information with third-party service providers who perform services on our behalf:

• Google: OAuth authentication for Google Sign-In (email and profile only)
• Stripe: Payment processing and card storage
• PostHog: Analytics and product insights
• Email providers: Transactional email delivery
• WhatsApp Business API: Notification delivery (if opted in)
• Cloud hosting: Infrastructure and data storage

4.2 Legal Requirements

We may disclose your information if required by law or in response to:

• Legal process or government requests
• Enforcement of our terms and policies
• Protection of our rights, privacy, safety, or property
• Detection and prevention of fraud or security issues

4.3 Business Transfers

If VisaApt is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your information becomes subject to a different privacy policy.

5. Data Security

We implement industry-standard security measures to protect your information:

• All data transmitted over encrypted connections (TLS/SSL)
• Payment information handled exclusively by PCI DSS Level 1 certified providers
• Regular security audits and vulnerability assessments
• Access controls and authentication measures
• Secure backup and disaster recovery procedures

However, no method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to:

• Provide our services to you
• Comply with legal obligations (tax, accounting, etc.)
• Resolve disputes and enforce agreements
• Prevent fraud and abuse

When information is no longer needed, we securely delete or anonymize it. Payment records are retained for 7 years to comply with financial regulations.

7. Your Rights and Choices

7.1 Access and Correction

You can access and update your personal information through your account dashboard or by contacting us at [email protected].

7.2 Data Deletion

You can request deletion of your account and associated data. Note that some information may be retained as required by law or for legitimate business purposes.

If you signed in with Google, deleting your VisaApt account does not delete your Google account. To remove VisaApt's access to your Google account, visit Google Account Permissions.

7.3 Marketing Communications

You can opt out of marketing emails by clicking "unsubscribe" in any promotional email or adjusting your communication preferences in your account settings.

7.4 Cookies

You can control cookies through your browser settings. Note that disabling cookies may affect service functionality.

7.5 Regional Rights

Depending on your location, you may have additional rights under applicable law:

• GDPR (EU): Right to access, rectification, erasure, restriction, portability, and objection
• CCPA (California): Right to know, delete, opt-out of sale, and non-discrimination
• Other US states: Rights vary by state law

To exercise these rights, contact us at [email protected].

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable law.

9. Children's Privacy

Our service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. Third-Party Links

Our service may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to review their privacy policies.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Material changes will be communicated via:

• Email notification to registered users
• Prominent notice on our website
• In-app notification

Your continued use of the service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us: