Privacy Policy – VisaPot

1. Introduction

Welcome to Visapot ("we," "us," or "our"). Visapot is a mobile visa-tracking and community intelligence platform that helps users monitor visa application statuses, explore embassy information, access community-sourced processing data, and receive real-time updates.

This Privacy Policy explains how we collect, use, store, disclose, and protect your personal information when you use the Visapot mobile application (the "App") and any related services (collectively, the "Services"). By creating an account or using the App, you agree to the practices described in this Privacy Policy.

If you do not agree with this Privacy Policy, please discontinue use of the App immediately.

2. Data Controller

The data controller responsible for the processing of your personal data is:

Company Visapot

Contact info@visapot.com

3. Information We Collect

We collect information in two ways: information you provide directly to us, and information collected automatically.

3.1 Information You Provide Directly

Category	Examples
Account & Identity	First name, last name, email address, password (hashed), profile avatar
Profile Data	Country of residence (location), passport nationalities, education level
Visa Application Data	Embassy name, visa category, application date, status, interview details, rejection reasons, processing timelines
Communications	Messages and feedback submitted through Help & Feedback, support inquiries

3.2 Information Collected Automatically

Category	Examples
Usage Analytics	Screen views, feature interactions, button taps, navigation paths (via Firebase Analytics)
Device & Technical Data	Device type, operating system version, app version, unique device identifiers, language settings
Crash & Error Reports	Stack traces, error logs, device state at time of error (via Firebase Crashlytics)
Push Notification Metadata	FCM token, notification delivery status, embassy subscription preferences

3.3 Aggregated Community Data

When you submit a visa application entry, we aggregate this data anonymously to generate community-level statistics, such as average processing times, approval/rejection ratios, and interview rates per embassy and visa category. This aggregated data does not identify individual users.

4. How We Use Your Information

Purpose	Legal Basis
Providing and operating the Services	Performance of a contract
Creating and managing your account	Performance of a contract
Personalising your experience	Legitimate interests
Sending push notifications about embassy updates	Consent (opt-out anytime)
Generating anonymous community statistics	Legitimate interests
Improving and debugging the App	Legitimate interests
Complying with legal obligations	Legal obligation
Detecting and preventing fraud or security incidents	Legitimate interests / Legal obligation
Responding to support requests	Performance of a contract

5. Sharing of Your Information

We do not sell your personal information. We may share your data with the following categories of third parties:

5.1 Service Providers (Processors)

Supabase Inc. – Backend infrastructure, database, and authentication services. Data is processed on our behalf in accordance with a Data Processing Agreement (DPA).
Google Firebase – Analytics (Firebase Analytics), crash reporting (Firebase Crashlytics), and push notifications (Firebase Cloud Messaging). Data is processed by Google LLC in accordance with Google's data processing terms.

5.2 Community Data (Anonymised)

Anonymised, aggregated application statistics are displayed to other users as community intelligence. No data is presented in a way that could identify an individual user.

5.3 Legal Requirements

We may disclose your information where required to do so by law, regulation, court order, or government authority.

5.4 Business Transfers

If we are involved in a merger, acquisition, or asset sale, your personal data may be transferred as part of that transaction. We will notify you before any transfer takes place.

6. Data Retention

We retain your personal data for as long as your account remains active, plus a reasonable period thereafter to comply with legal obligations and resolve disputes.

Data Type	Retention Period
Account data	Duration of account + 30 days after deletion
Visa application data	Duration of account + 30 days after deletion
Anonymised community statistics	Indefinitely (no longer personally identifiable)
Crash & analytics logs	90 days (Firebase default)
Push notification tokens	Until you revoke consent or delete your account

7. Data Security

We implement industry-standard technical and organisational security measures to protect your data, including:

Encrypted data transmission (HTTPS/TLS)
Supabase Row Level Security (RLS) to enforce data access controls at the database level
Password hashing via Supabase Auth (bcrypt)
Firebase App Check to prevent unauthorised API access
Firebase Crashlytics for real-time monitoring of application errors

No system is completely secure. If you become aware of any security breach, please contact us immediately at info@visapot.com.

8. Cookies and Similar Technologies

The App itself (mobile) does not use browser cookies. However, our backend services and any associated web interfaces may use:

Session tokens stored securely on your device for authentication
Device identifiers for push notification delivery

Firebase Analytics may use advertising identifiers (IDFA/GAID) subject to your device-level permissions. You can limit ad tracking via your device settings. For full details, see our Cookie Policy.

9. Push Notifications

You may subscribe to embassy-specific push notifications to receive real-time updates (e.g., processing time changes, status updates, newsfeed articles) via Firebase Cloud Messaging (FCM).

Subscriptions are preference-based and can be managed per embassy within the App.
You may enable or disable all push notifications via your device's notification settings.
Notification preference data is stored in our backend and associated with your account.

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Right	Description
Access	Request a copy of the personal data we hold about you
Rectification	Request correction of inaccurate or incomplete data
Erasure	Request deletion of your account and personal data ("right to be forgotten")
Restriction	Request that we limit processing of your data in certain circumstances
Portability	Request your data in a structured, machine-readable format
Object	Object to processing based on legitimate interests or for direct marketing
Withdraw Consent	Withdraw any previously given consent (e.g., notifications) at any time

To exercise any of these rights, please contact us at info@visapot.com. We will respond within 30 days of receiving your request.

11. Children's Privacy

Visapot is intended for users aged 16 and older. We do not knowingly collect personal data from children under the age of 16. If you believe a child has provided us with personal information, please contact us at info@visapot.com and we will delete it promptly.

12. International Data Transfers

Your data is processed by service providers whose servers may be located outside your country or the European Economic Area (EEA). Where international data transfers occur, we ensure appropriate safeguards are in place, such as:

EU Standard Contractual Clauses (SCCs) with Supabase and Google Firebase
Adequacy decisions where applicable

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via in-app notification or email at least 14 days before the changes take effect. Your continued use of the App after the effective date constitutes your acceptance of the updated policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, please contact:

🔒

Visapot – Privacy Team info@visapot.com