Privacy policy

Welcome to Simplicity Visa ("Simplicity Visa", "we", "us", or "our"). This Privacy Policy describes how we collect, use, disclose, and protect information when you use our website, application flows, and related visa assistance and travel support services (together, the "Services"), including information you provide online. Please read this policy before using the Services or submitting personal data. By using the Services, you acknowledge this policy.

Our website is simplicityvisa.com. For cookie-specific details, see our Cookie policy.

1. Information we collect

We collect information when you provide it to us, when you use the Services (including automatically through your device or browser), and in some cases from third parties. The categories depend on how you use the Services (for example, which destination or product you choose).

Information you provide directly

We may collect information when you:

• create or manage an account;
• start or complete a visa or related application;
• upload passports, selfies, or other documents for verification;
• pay for services or save billing-related details with our processor;
• contact us by email, chat, or support channels;
• respond to surveys or feedback requests; or
• subscribe to updates where we offer them.

This may include, where applicable:

• Identity and profile: name, email, phone or WhatsApp number if you provide it, date of birth, gender, nationality, city or country of birth.
• Travel and application: intended travel dates, arrival port or airport, purpose of travel, address where required by forms, employer or occupation if collected for a form.
• Passport and documents: passport number, issue and expiry dates, place of issue, machine-readable zone data, and images you upload.
• Payment: payment is processed by Stripe; we receive billing metadata and do not store full card numbers on our servers.
• Communications: content of messages you send us for support.

Information collected automatically

When you access the Services, we and our subprocessors may collect technical and usage information such as IP address, device and browser type, language, general location inferred from IP, referring and exit pages, pages viewed, time and date of access, and diagnostic or error information. We use this to operate, secure, and improve the Services.

Cookies and similar technologies

We use cookies and similar technologies as described in our Cookie policy. Essential cookies support sign-in and security. Analytics tools (such as PostHog) load only if you consent through our cookie banner or preferences. You can control cookies through your browser settings; blocking some cookies may limit features.

Information from third parties

If you sign in or connect an account through a third party (for example Google or another provider offered via Supabase), we may receive identifiers or profile details that provider shares with us according to its settings and your choices. Those providers have their own privacy policies. We may combine information we hold with data from subprocessors or partners only as needed to provide the Services and as allowed by law.

2. How we use information

We use the information we collect to:

• provide, operate, and improve the Services;
• process applications, payments, and communications about your orders;
• verify identity and detect fraud or abuse;
• respond to questions and support requests;
• send transactional messages (for example application status) and, where permitted, service-related notices;
• analyse usage in aggregate or de-identified form to improve the product;
• enforce our terms and protect our users and systems; and
• comply with legal obligations.

We may aggregate or de-identify information so it no longer identifies you. We may use de-identified or aggregated data for analytics, research, or reporting.

3. How we disclose information

We may disclose information:

• Service providers: to vendors that process data on our behalf (hosting, payments, email, analytics with consent, document processing, cloud storage), under contracts that require appropriate protection.
• Government or authorities: when you direct us to submit an application, or when we must comply with law, court order, or lawful requests, or to protect rights, safety, and security.
• Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to confidentiality and continued protection where required.
• With your consent: when you ask us to share information in a specific way.

We do not sell your personal information for money. We do not use third-party advertising networks to track you across unrelated websites for behavioural ads. Product analytics may use cookies or similar tools when you opt in; see our Cookie policy.

4. Subprocessors we rely on

Examples include:

• Supabase for authentication and database hosting;
• Stripe for payments;
• PostHog for product analytics when you consent;
• Cloudflare R2 for object storage for uploads where configured;
• Anthropic (Claude) to read passport images and suggest form fields (not used to train models per Anthropic's applicable terms);
• Resend or similar providers for transactional email where enabled.

A current list may be provided on request for enterprise customers. DPAs are available where applicable.

5. Legal bases (EEA, UK, and similar jurisdictions)

Where GDPR or similar law applies, we rely on:

• Contract: processing necessary to provide the Services you request.
• Legal obligation: where we must retain or disclose records.
• Legitimate interests: for example security, fraud prevention, service improvement, and analytics balanced against your rights.
• Consent: for non-essential cookies and analytics when required, which you may withdraw at any time (see Cookie policy and banner).

Simplicity Visa acts as the controller of personal data described in this policy for the Services. To exercise rights under GDPR (access, rectification, erasure, restriction, objection, portability, or withdrawal of consent), contact us at help@simplicityvisa.com. You may also lodge a complaint with your supervisory authority. For EEA or UK requests, include "Data subject request" in the subject line and, if possible, send from the email associated with your account. We may need information to verify your identity before responding.

6. Your choices

• Account: update certain information in your profile where the product allows it.
• Marketing: if we send promotional email, use the unsubscribe link. We may still send transactional messages about your applications and orders.
• Cookies and analytics: use our cookie banner and Cookie policy; adjust browser settings to block cookies (may affect sign-in).
• GDPR tools: use in-app options under Profile / GDPR where available (export, deletion), or email us.

7. Retention

We keep information for as long as needed to provide the Services, meet legal, tax, and accounting requirements, resolve disputes, and enforce agreements. Passport and identity images may be removed sooner per automated retention: for example, after your application is submitted to the relevant government portal, or within 30 days of upload, whichever is sooner, unless a longer period is required by law or dispute. After deletion requests, we may retain minimal records in anonymised form where permitted.

8. Security

We use administrative, technical, and organisational measures designed to protect personal information. No method of transmission or storage is completely secure; we cannot guarantee absolute security. You are responsible for protecting your account credentials and devices.

9. International transfers

We and our subprocessors may process data in the United States, the EEA, the United Kingdom, and other countries. Where we transfer personal data from the EEA, UK, or Switzerland to countries not deemed adequate, we use appropriate safeguards such as Standard Contractual Clauses where required. By using the Services, you understand that your information may be processed in countries with different data protection laws than your own.

10. Children's privacy

The Services are not directed at children under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us data, contact us and we will take steps to delete it where required by law.

11. Third-party sites

The Services may link to websites we do not operate. This policy does not apply there. We encourage you to read the privacy notices of every site you visit.

12. Automated processing

We may use automated checks (for example document validation or risk signals) to support human review. We do not make solely automated decisions that produce legal or similarly significant effects without human oversight where applicable law requires it.

13. United States privacy notices

California residents (CCPA / CPRA)

In the preceding 12 months, we may have collected identifiers (name, email, phone), commercial information (transactions), internet or device activity (IP, browser type), professional or employment-related information if you provide it for a form, visual information (photos you upload), and other categories described in Section 1. Sources include you, your use of the Services, and our service providers. We use this data for the purposes in Section 2. We disclose data to service providers and as described in Section 3. We do not sell personal information for money. Some jurisdictions treat certain sharing for cross-context behavioural advertising as a "sale" or "share"; we do not run third-party ad networks across the web for that purpose. Analytics cookies, when you opt in, may be used for product analytics as described in our Cookie policy.

California residents may have the right to know, access, correct, delete, and port certain personal information, and to limit use of sensitive personal information where applicable, subject to exceptions. To exercise these rights, email help@simplicityvisa.com with "California privacy request" in the subject. We will verify your request as required by law. You may designate an authorised agent with written permission. We will not discriminate against you for exercising rights. Under California's "Shine the Light" law, we do not share personal information with third parties for their direct marketing purposes as defined by that law.

Do Not Track

Some browsers send "Do Not Track" signals. There is no consistent industry standard; we do not respond to all such signals today.

Other U.S. states

If you live in a state with a consumer privacy law, you may have similar rights (for example access, correction, deletion, portability, or opt-out of targeted advertising) depending on the law. Contact us at the email above with your state and request. We may deny requests where the law does not apply or an exception applies.

14. Changes to this policy

We may update this policy to reflect legal, technical, or business changes. We will post the updated version on this page and adjust the "Last updated" date. If changes are material, we will provide additional notice where appropriate (for example by email or a notice on the Services). Continued use after the effective date means you accept the updated policy.

15. Contact us

For privacy questions or to exercise your rights, contact us at help@simplicityvisa.com. If you have appointed a data protection officer, their details may be added here.