Privacy Policy

Last updated: 6 March 2026

Critical Disclaimer

VisaEvo is software only. It is not a law firm and does not provide immigration or legal advice. You remain fully responsible for your application and all decisions and submissions.

VisaEvo ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our website and services at visaevo.com (the "Service"). We comply with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and the Data Protection Act 2018.

1. What Data We Collect

We collect only the data necessary to provide and improve our Service. The categories of personal data we collect include:

Account information

  • Full name and email address (provided at registration)
  • Password (stored in hashed form; we never have access to your plain-text password)

Application data

  • Documents and information you upload or enter (e.g. financial details, personal circumstances)
  • AI assistant conversation history and prompts
  • Document checklist progress and notes

Payment data

  • Billing name and address
  • Payment card details are collected and processed directly by Stripe; we do not store your full card number
  • Transaction history and plan status

Technical and usage data

  • IP address, browser type, operating system, and device information
  • Pages visited, features used, and session duration
  • Referral source and UTM parameters
  • Error logs and performance data

2. How We Use Your Data

We use your personal data for the following purposes:

  • Service delivery — to create and manage your account, process payments, and provide the tools you have purchased
  • AI features — to send your prompts to our AI provider so that the assistant can generate responses tailored to your situation
  • Communication — to send transactional emails (e.g. purchase confirmations, password resets) and, where you have opted in, product updates
  • Security and fraud prevention — to protect accounts, detect abuse, and comply with legal obligations
  • Analytics and improvement — to understand how the Service is used and to improve performance, features, and user experience
  • Legal compliance — to meet our obligations under applicable law, including tax and accounting requirements

3. Legal Basis for Processing (UK GDPR / EU GDPR)

We process your personal data under the following lawful bases:

  • Performance of a contract (Article 6(1)(b)) — processing necessary to provide the Service you have signed up for, including account management, payment processing, and delivering AI-powered tools
  • Legitimate interests (Article 6(1)(f)) — improving and securing the platform, analytics, and fraud prevention, where these interests are not overridden by your rights
  • Consent (Article 6(1)(a)) — for optional marketing emails and non-essential cookies; you may withdraw consent at any time
  • Legal obligation (Article 6(1)(c)) — where we are required to process data to comply with tax, accounting, or other legal requirements

4. Cookies

Cookies are small text files stored on your device. We use the following types:

Essential cookies

Required for the Service to function. These handle authentication, session management, and security. They cannot be disabled.

Analytics cookies

Help us understand how visitors interact with the Service (e.g. pages visited, time on site). We may use Google Analytics or similar tools. These cookies are only set with your consent.

Functional cookies

Remember your preferences such as theme, language, or cookie consent choices.

You can manage your cookie preferences through our cookie consent banner or your browser settings. Disabling essential cookies may prevent the Service from working correctly.

5. Third-Party Services

We do not sell your personal data. To operate the Service, we share data with the following trusted third-party providers, each acting as a data processor on our behalf:

  • Stripe (stripe.com) — payment processing. Stripe receives your billing details and payment card information to process transactions. Stripe is PCI DSS Level 1 certified. Stripe Privacy Policy
  • Supabase (supabase.com) — authentication, database, and file storage. Your account data, application data, and uploaded documents are stored in Supabase infrastructure. Supabase Privacy Policy
  • Anthropic (anthropic.com) — AI language model provider. When you use the AI assistant, your prompts and relevant context are sent to Anthropic's API to generate responses. Anthropic does not use API inputs to train its models. Anthropic Privacy Policy
  • Resend (resend.com) — transactional email delivery. Your email address and name are shared with Resend to deliver account emails such as purchase confirmations and password resets. Resend Privacy Policy

We may also disclose data to legal authorities if required by law, court order, or regulation.

6. Data Storage and Security

  • All data is encrypted in transit using TLS (HTTPS)
  • Data at rest is encrypted using AES-256 or equivalent by our infrastructure providers
  • Passwords are hashed using industry-standard algorithms; we never store plain-text passwords
  • Access to production systems is restricted and monitored
  • We use Row Level Security (RLS) policies so that users can only access their own data

While we implement industry-standard security measures, no method of electronic storage or transmission is 100 % secure. We cannot guarantee absolute security.

7. Data Retention

We retain your personal data only for as long as necessary:

  • Account data — retained while your account is active. If you delete your account, we will erase your personal data within 30 days, except where retention is required by law.
  • Application and document data — retained while your account is active. Deleted upon account deletion or earlier upon your request.
  • Payment and transaction records — retained for up to 7 years after the transaction date to comply with UK tax and accounting obligations.
  • Technical logs — retained for up to 90 days for security and debugging purposes, then automatically purged.
  • AI conversation data — retained while your account is active. Deleted upon account deletion.

You may request deletion of your data at any time by contacting us (see Section 12 below).

8. Your Rights Under UK GDPR and EU GDPR

You have the following rights in relation to your personal data:

  • Right of access — request a copy of the personal data we hold about you
  • Right to rectification — request correction of inaccurate or incomplete data
  • Right to erasure ("right to be forgotten") — request deletion of your personal data
  • Right to data portability — receive your data in a structured, commonly used, machine-readable format (e.g. JSON or CSV)
  • Right to restrict processing — request that we limit how we use your data in certain circumstances
  • Right to object — object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, please email support@visaevo.com. We will respond to your request within one month, as required by law. There is no fee to exercise your rights, though we may charge a reasonable fee for manifestly unfounded or excessive requests.

If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection.

9. International Data Transfers

Some of our third-party providers operate outside the United Kingdom and the European Economic Area (EEA). Where personal data is transferred internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the UK or EU
  • Adequacy decisions by the UK Secretary of State or European Commission
  • Other legally recognised transfer mechanisms

10. Cookies

We use essential cookies for login and platform functionality. We do not use analytics, advertising, or tracking cookies.

For a full list of cookies we use, their purposes, and durations, please see our Cookie Policy.

11. Children's Privacy

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice on the Service. The "Last updated" date at the top of this page indicates when the policy was last revised. Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or need to report a data protection concern, please contact us:

We aim to respond to all enquiries within 48 hours and to all formal data subject requests within one calendar month.

Start your application prep today

Don't let a missing document delay your visa.

Be ready when you apply. Organise your documents, check the financial requirement, and generate checklists built from official gov.uk guidance.

Start your visa preparationView pricing
Free forever tier
No credit card required
Cancel anytime

VisaEvo is self-service software. We do not provide immigration advice. You are responsible for your own application decisions.

We use cookies

We use essential cookies to keep the platform working. You can also opt in to analytics cookies that help us improve your experience. Privacy Policy · Cookie Policy