Privacy Policy

• We collect the minimum we need to run Visafold.
• Your documents are stored encrypted at rest. We do not manually access them unless needed to provide requested features, troubleshoot at your request, investigate security or abuse issues, or comply with legal obligations.
• Our database is hosted in Sydney. Uploaded documents may be stored or processed through our cloud provider’s global infrastructure.
• You can export your documents as a ZIP, and you can delete your account at any time.
• We don’t use third-party advertising trackers.

Visafold (“we”, “us”) is a registered business name (ASIC). ABN 25 307 024 751. Operated by Louie Pelaez, sole trader, Merrylands NSW 2160 Australia.

For privacy questions, email info@visafold.com.au.

Account data: your email address and a hashed password (we never see your password in plain text).

Visa data you enter: visa subclass, lodgement date, stage, document checklist items, deadlines, and any free-text notes you add. This is the data you actively type into Visafold to track your application.

Documents you upload: PDFs and images you upload (passports, certificates, etc.). We store them so you can access them across applications.

Sensitive information: some documents you upload may contain sensitive personal information, such as passports, identity documents, visa grants, health or police checks, relationship evidence, financial records, employment records, or education records. By uploading these documents, you consent to Visafold storing and processing them to provide the service.

Document metadata: where you use features such as expiry reminders, Visafold may process uploaded documents to detect dates, document types, or related metadata needed to provide those features.

Payment data (if you upgrade):processed by Stripe. We don’t store full card numbers. We retain the transaction ID and your billing email.

Usage data: basic logs for security and reliability, e.g., authentication events, error reports. No third-party analytics that build advertising profiles.

We use your data to:

• Provide the service you signed up for (track your application, store your documents, surface deadlines);
• Send you account emails (password reset, deadline reminders if you opt in, important service notices);
• Process your payment if you upgrade to Pro;
• Keep the service secure and reliable.

We don’t use your data to train AI models, build advertising profiles, or sell it to third parties.

Database (Supabase): your account data, visa data, and metadata about documents are stored in our Supabase instance hosted in Sydney (ap-southeast-2). Encrypted in transit and at rest.

Documents (Cloudinary): uploaded document files are stored with Cloudinary, our media provider. Cloudinary encrypts files at rest and serves files via HTTPS. Cloudinary may store or process files through its default global infrastructure, which may include locations outside Australia. See cloudinary.com/privacy for details.

Email (Resend): outgoing emails, such as password reset emails and reminders, are sent via Resend.

Payments (Stripe): if you upgrade, payment processing happens on Stripe. We never see your full card details.

You. You can see everything we have about you in your dashboard and settings.

Visafold staff. A small number of trusted staff may access your account data or documents only when needed to troubleshoot at your request, provide support, investigate a security or abuse issue, maintain the service, or comply with legal obligations. Access is limited to what is reasonably needed. We aim to log and monitor staff access where technically available.

No one else.We don’t share your data with third parties for marketing. We don’t share your data with government agencies unless legally required (court order, search warrant). If that happens, we’ll let you know unless legally prohibited.

Under the Australian Privacy Act, you have the right to:

• Know what personal information we hold about you;
• Ask us to correct inaccuracies;
• Ask us to delete your data;
• Complain to the Office of the Australian Information Commissioner (OAIC) if you think we’ve mishandled your data.

Self-service: in your settings, you can export your documents as a ZIP, or delete your account, which removes your data from active systems within 30 days, subject to reasonable backup, legal, security, or compliance retention periods.

For other requests, email info@visafold.com.au. We’ll respond within 30 days.

We keep your data while your account is active. If you delete your account, we remove your data from active systems within 30 days, subject to reasonable backup, legal, security, or compliance retention periods. Some logs, security records, and billing records may be retained longer where required or permitted by Australian law, including financial records that may need to be kept for up to 7 years.

We use a small number of cookies that are strictly necessary for the service to work (e.g., to keep you logged in). We don’t use third-party advertising cookies.

We take security seriously. Passwords are hashed. Database access is restricted by row-level security policies designed to limit access to authorised users. Documents are encrypted at rest by our storage provider and served over HTTPS.

No system is perfectly secure. If you believe your account has been compromised, email info@visafold.com.au.

If we make material changes to this policy, we’ll let registered users know by email at least 7 days before the changes take effect.