Privacy Policy

Last updated: 2026-06-24

Our Promises to You

1. Your passport never reaches our servers

Your passport and form data are encrypted locally on your device (WebCrypto AES-GCM in your browser localStorage). They never reach our servers.

2. We hold no key that could decrypt your passport

The encryption key is generated by your browser and stored only on your device. We do not hold any keys that could decrypt your passport data. This is permanent and non-negotiable.

3. Cloud OCR is ephemeral

For passport image recognition, the photo briefly leaves your device to reach a cloud OCR provider, then is discarded. We do not store the original image on our servers.

4. We only know "who you are + how many credits + what you paid"

Our database stores only: your account identity (email + auth provider), credit balance, payment records, and OCR usage audit (timestamp + success/fail status, NO PII). We do not store form content, passport details, or trip data.

5. We charge only when service succeeds

We charge per successful complete service. If our auto-fill plugin fails before you click "Confirm" on the official website, no credit is consumed.

6. Analytics without cookies

We use Umami self-hosted analytics for basic visit statistics. Umami does NOT use cookies and does NOT collect personal identifiers.


Third-Party Service Disclosure

For services we cannot self-host, we use these providers. We do not vouch for their internal data practices — you decide whether to use these features after reading their respective policies.

OCR Recognition

Payment

Authentication

Email

Error Tracking


Your Rights

GDPR / CCPA / China PIPL etc. grant you the following data protection rights. Email support@<domain> to exercise them; we respond within 30 days:

For EU users, you also have the right to lodge a complaint with your local data protection authority.

Data Transfers

Minors

visayes is not intended for users under 18. We do not knowingly collect data from minors. If you believe a minor has provided us data, email support@<domain> for immediate deletion.

Data Breach Notification

In the event of a data breach affecting your personal information, we will notify affected users within 72 hours of becoming aware of the breach, as required by GDPR Article 33.

Changes

We may update this policy. Material changes will be announced via email + in-product notification. Continued use after notice constitutes acceptance.

Contact: support@<domain>