Privacy Policy

Effective date: 20 Sep 2025 • Version: 1.0

This Privacy Policy explains how VisaDirections (“we”, “us”, “our”) collects, uses, shares and protects personal data when you visit visadirections.com, create an account, purchase and access our digital products (guides, courses, checklists, videos), or interact with us. We process personal data in accordance with the EU/EEA General Data Protection Regulation (“GDPR”).

Who we are & contacts

Controller: VisaDirections (website operator)
Website: visadirections.com
Email: support@visadirections.com
Registered office (if applicable): legal entity name & address

Social login. When you sign in with Google or Facebook, we receive basic identifiers (provider user ID, verified email and name as shared by the provider) to create or link your site account. We never receive the password of your social account.

Key terms

“Personal data”: any information relating to an identified or identifiable natural person (e.g., name, email, IP address).
“Processing”: any operation performed on personal data (collection, storage, use, disclosure, deletion).
“Processor”: a service provider that processes personal data on our behalf under a contract.

Data we collect

Account & purchases: name, email, hashed password, orders, invoices, download/access history.
Support & forms: messages, attachments, preferences, timestamps, newsletter opt-ins.
Technical: IP address, device/browser type, operating system, referral URLs, approximate location, pages viewed (see Cookies).
Social login data: provider user ID, email, name as shared by Google/Facebook.
Payments: we do not store payment card data. Our payment processors receive necessary billing details to complete your purchase.

Purposes & legal bases

Provide services & fulfill orders (create account, deliver digital content, customer service) — Contract
Payments, invoicing & compliance — Legal obligation & Contract
Security & fraud prevention (access controls, abuse detection) — Legitimate interest
Service messages & product updates — Legitimate interest / Contract
Marketing/newsletters (only if you consent) — Consent (withdraw anytime)
Analytics & UX improvements — Consent where required

Necessity. Where data is required to enter into or perform a contract (e.g., account email, payment details), failure to provide it may prevent us from delivering the service.

Right to withdraw consent. You can change marketing and analytics preferences at any time (see Marketing and Cookies).

Sharing & processors

We share data with trusted providers only to operate our website and deliver orders. Processors act under written data-processing agreements and only on our instructions. We do not sell personal data.

Category	Provider	Purpose	Location / Safeguards
Payments	Stripe and/or Paddle	Payment processing, billing, anti-fraud	EU/US • SCCs / adequacy
Email & newsletter	FluentSMTP / ESP in use	Transactional emails, newsletters (if consent)	EU/US • SCCs / adequacy
Authentication	Nextend + Google/Facebook	Social login (OAuth)	Global • SCCs / adequacy
Analytics	Google Analytics/Tag Manager (if enabled)	Usage analytics (consent-based)	Global • SCCs
Security	Wordfence or equivalent	Threat detection & protection	EU/US • SCCs
Hosting/CDN	Infrastructure providers	Website hosting, performance	EU/Global • SCCs / adequacy

Note: the concrete vendor set may change over time as we improve the service. Material changes will be reflected in this Policy.

Cookies & tracking

We use cookies and similar technologies. Categories, third-party tools and your consent choices are detailed in our Cookie Policy. You can adjust your preferences there at any time.

Retention

We keep personal data only as long as necessary for the purposes stated below or to comply with legal obligations.

Data	Typical retention	Rationale
Account profile (name, email, credentials)	For the life of the account; backups per policy	Service delivery; security
Orders, invoices	Up to statutory periods (e.g., 5–10 years, tax/accounting)	Legal obligation
Support tickets	Up to 24 months after closure	Quality & dispute handling
Marketing preferences	Until you opt out or consent expires	Consent management
Analytics data	As configured in the analytics tool	Product improvement

Security

We implement appropriate technical and organisational measures, including HTTPS/TLS, encryption at rest where feasible, strict access control, least-privilege policies, hashed passwords, regular updates and monitoring, and vendor due diligence.

International transfers

Where data is transferred outside the EEA/UK (e.g., to global processors), we rely on adequacy decisions or Standard Contractual Clauses (“SCCs”) and apply additional safeguards as needed.

Your rights

You may have the right to access, rectify, erase, restrict or object to processing, and to data portability under GDPR. Where processing is based on consent, you can withdraw it at any time without affecting prior processing.

Account & access: manage your data after logging in at /login/.
Cookies: change choices in the Cookie Policy.
Account/data deletion request: use https://visadirections.com/data-deletion/.
Contact us: support@visadirections.com.

Marketing communications

We send newsletters or promotional emails only if you opted in (e.g., by ticking a checkbox). You can unsubscribe at any time via the link in our emails or by contacting us. Transactional/service emails (e.g., order confirmations, password resets) are not marketing and are sent as part of our contract with you.

Automated decision-making

We do not engage in automated decision-making producing legal or similarly significant effects about you. We may use basic anti-fraud and abuse-prevention checks to protect our service (legitimate interest).

Changes to this Policy

We may update this Policy from time to time. The latest version will always be available at /privacy-policy/ with the effective date shown at the top.

Contact & complaints

Email: support@visadirections.com

You also have the right to lodge a complaint with your local data protection authority.