Privacy Policy

1. Who We Are

VisaRiskAI is a product operated by Proinvest Global Ltd (Company Number: 16851428), a company registered in England and Wales.

Registered address: 2 Frederick Street, Kings Cross, London WC1X 0ND, United Kingdom.

Contact: info@proinvest.global | +44 7448 810068

Proinvest Global Ltd acts as the data controller for personal data processed through VisaRiskAI. This policy applies to all users of visariskai.com.

2. Data We Collect

We collect the following categories of personal data when you use VisaRiskAI:

a) Account Information

• Full name and email address (required for registration)
• Password (stored in hashed, non-reversible form)
• Account creation date and login activity

b) Visa Application Details

• Personal details as entered in the application wizard (name, nationality, date of birth, country of birth)
• Employment status, occupation, employer details
• Financial information (income, savings, bank balance ranges)
• Travel history and immigration history details you disclose
• Purpose of travel, destination, duration, accommodation details
• Family ties, property ownership, and home country connection details
• Sponsorship details if applicable

c) Uploaded Documents

• Bank statements, payslips, employment letters, invitation letters, and other supporting documents you upload for analysis
• Extracted data fields derived from those documents by our analysis system

d) Payment Information

• Payment transactions are processed by Stripe. We do not store card numbers or full payment instrument data.
• We retain order records (amount, tier purchased, payment status, timestamp) for billing and support purposes.

e) Technical Data

• IP address, browser type, and device information
• Session activity and page interaction logs
• Error logs (via Sentry) for debugging and service reliability

3. How We Use Your Data

We process your personal data for the following purposes:

• Service delivery: To analyse your visa application profile against documented refusal patterns and generate a structured risk report.
• Document analysis: Uploaded documents are processed by our analysis system to extract relevant fields and cross-reference them with your stated application details.
• AI-assisted processing: Parts of the analysis — including document extraction, evidence consistency checks, and report generation — are performed using AI language models. These models process your data to produce structured findings. No automated decisions with legal effect are made solely by AI without your ability to review the output.
• Payment processing: To fulfil purchases of Basic, Standard, and Premium report packages via Stripe.
• Account management: To maintain your account, authenticate your sessions, and allow you to retrieve previous cases.
• Service improvement: Aggregated, anonymised usage patterns may be used to improve the accuracy of the analysis system.
• Legal and compliance: To meet our obligations under applicable law, respond to lawful requests, and protect the security of the service.

4. Legal Basis for Processing (UK GDPR)

• Contract performance (Art. 6(1)(b)): Processing your application data and generating reports is necessary to deliver the service you have requested.
• Legitimate interests (Art. 6(1)(f)): Technical logging, error monitoring, and aggregate analytics are used to maintain and improve the platform.
• Legal obligation (Art. 6(1)(c)): Retaining payment records for accounting and tax purposes.

Where we process special category data (such as information about immigration history), we do so only because you have explicitly provided it as part of your visa application profile for the purpose of obtaining our analysis service.

5. Data Sharing

We do not sell your personal data. The following processors and systems may handle your data strictly to deliver the service:

• Stripe:Payment processing. Your payment data is subject to Stripe's own privacy policy.
• OpenAI:AI language model processing for document extraction and analysis generation. Data is sent via API under OpenAI's data processing agreement. OpenAI does not use API data to train models by default.
• Neon (PostgreSQL): Managed database hosting for case and account data.
• Cloudflare R2 / S3-compatible storage: Secure storage of uploaded document files.
• Upstash Redis: Session caching and rate limiting.
• Sentry: Error monitoring. Error logs may contain request metadata but do not contain document contents.
• Proinvest Global Ltd operational systems: As the operating entity, Proinvest Global Ltd may process payment confirmation data within its own internal systems for order tracking, reconciliation, and partner attribution. This is intra-group data sharing between the product (VisaRiskAI) and its operating company.

Your data is never shared with immigration authorities, embassies, government agencies, or data brokers.

6. Data Retention

• Case data and application details: Retained while your account is active and for up to 12 months after your last login, unless you request earlier deletion.
• Uploaded documents: Stored in encrypted object storage. You may request deletion at any time. Documents are automatically purged 90 days after case completion.
• Payment records: Retained for 7 years to comply with UK accounting and tax obligations.
• Technical logs: Retained for up to 30 days.

7. Security

We implement appropriate technical and organisational security measures, including:

• HTTPS encryption for all data in transit
• Encrypted storage for uploaded documents
• Hashed password storage (bcrypt)
• Authentication via signed session tokens
• Rate limiting on authentication and API endpoints
• Error monitoring without logging of document contents

8. Your Rights (UK GDPR)

You have the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Ask us to correct inaccurate data.
• Right to erasure: Request deletion of your account and associated data (subject to legal retention obligations).
• Right to portability: Receive your data in a structured, machine-readable format.
• Right to object: Object to processing based on legitimate interests.
• Right to restrict processing: Request that we limit how we use your data in certain circumstances.

To exercise any of these rights, email us at info@proinvest.global. We will respond within 30 days.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

9. Cookies

VisaRiskAI uses strictly necessary cookies for session authentication. We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email to registered users. The "Last updated" date at the top of this page reflects the most recent revision.

11. Contact

For any privacy-related enquiries, contact Proinvest Global Ltd at: