Privacy Policy
Last Updated: December 29, 2025 | Version 1.1
1. Introduction
Visaro AI ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered visa document assistance service.
We comply with the Personal Information Protection Act (PIPA) of Korea and the General Data Protection Regulation (GDPR) of the European Union.
2. Information We Collect
2.1 Information You Provide
- Account information (email address for Google OAuth)
- Visa application information (visa type, purpose of visit)
- Personal documents (passport information, address, contact details) - masked after 24 hours
- Payment information (processed securely by our payment provider; we do not store full card details)
2.2 Automatically Collected
- Device information (browser type, operating system)
- Usage data (pages visited, features used)
- IP address (anonymized for analytics)
3. How We Use Your Information
- To provide visa document assistance and form filling
- To generate personalized checklists
- To save your progress so you can resume from any device
- To pre-fill common fields (name, passport, etc.) across multiple forms for your convenience
- To process subscriptions and credit purchases
- To improve our AI responses and service quality
- To communicate service updates
- To comply with legal obligations
4. Data Storage and Retention
Privacy-First Data Handling
Your chat history and form data are saved permanently so you can reference past conversations. For your privacy, sensitive personal information (passport numbers, ARC numbers, full names, addresses, phone numbers, etc.) is automatically masked after 24 hours. You'll still see partial data like "John ***" or "M12***" for reference.
| Data Type | Retention Period |
|---|---|
| Chat History & Form Data | Permanent (PII masked after 24h) |
| Full Assist Progress | Permanent (PII masked after 24h) - enables resume from any device |
| Active Session Data | 60 minutes (extendable while actively working) |
| Generated PDFs (Cached) | 2 hours (auto-deleted) |
| On-Demand PDFs (Streamed) | Not stored - streamed directly to your device |
| Uploaded Documents | End of session (auto-deleted) |
| Account Email | Until account deletion |
| Anonymized Analytics | 90 days |
| Payment Transaction Records | 7 years (legal requirement) |
| Credit Balance & Usage History | Until account deletion |
5. Data Security
We implement industry-standard security measures:
- AES-256 encryption for sensitive data at rest
- TLS 1.2+ encryption for data in transit
- Regular security audits and penetration testing
- Access controls and authentication
- Secure cloud infrastructure (AWS)
6. Your Rights
Under PIPA and GDPR, you have the right to:
- Access your personal data
- Request correction of inaccurate data
- Request deletion of your data
- Withdraw consent at any time
- Data portability
- Lodge a complaint with supervisory authorities
To exercise these rights, contact us at: [email protected]
7. Third-Party Services
We use the following third-party services:
- Google OAuth (authentication)
- OpenAI API (AI processing - no PII shared)
- AWS (cloud infrastructure)
- Payment processor (secure payment handling - we do not store full card numbers)
We do not sell your personal information to third parties.
8. Contact Us
For privacy inquiries:
- Email: [email protected]
9. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of significant changes via email or in-app notification. Continued use of the service after changes constitutes acceptance of the updated policy.