(a) Account & profile data — received from your chosen login provider (Google, Facebook, LinkedIn) when you sign in: your provider user ID, name, email address, profile picture, and, depending on the provider and your settings, locale/language, gender, age range, birthday and approximate location. We store the profile payload returned by the provider.
(b) Technical & usage data — collected automatically: IP address, browser/user-agent, language, referring page, login timestamps and login count, and session identifiers.
(c) Service data — the visa queries you run (origin country, destination country, result, time, and the IP address from which the query was made).
We do not intentionally collect special-category / sensitive data; please do not submit it.
| Purpose | Legal basis (GDPR Art. 6 / revFADP) |
|---|---|
| Authenticate you and run the visa check (login is required to view a result) | Performance of a contract |
| Create and maintain your account & profile | Consent (you authorise the provider to share) |
| Security, fraud/abuse prevention, debugging | Legitimate interests |
| Service analytics and improvement | Legitimate interests |
| Comply with legal obligations | Legal obligation |
You can withdraw consent at any time by deleting your account (this does not affect prior processing).
We do not use advertising or tracking cookies. We store a session token in your browser's
localStorage so you stay signed in; this is strictly necessary for the Service. Signing out or
deleting your account removes it.
We do not sell your personal data and do not use it for third-party advertising.
Our infrastructure is hosted on Google Cloud Platform in the United States (region us-central1, Iowa). Transfers from Switzerland and the EEA/UK to the United States are protected by recognised safeguards, including the Standard Contractual Clauses (with the Swiss and UK addenda) and Google Cloud's data-transfer commitments, and, where applicable, Google's certification under the EU-US / Swiss-US Data Privacy Framework. A copy of the safeguards is available on request at privacy@what10.com.
When you delete your account, your profile, sessions and search history are erased immediately (subject to any legal retention requirements).
Subject to applicable law (revFADP / GDPR), you have the right to: access your data; rectify inaccurate data; request erasure; restrict or object to processing; data portability; and withdraw consent. You can exercise access and erasure yourself at any time from your profile, or email privacy@what10.com. We respond within one month (extendable for complex requests) and free of charge unless requests are manifestly unfounded or excessive.
You also have the right to lodge a complaint with a supervisory authority: in Switzerland, the Federal Data Protection and Information Commissioner (FDPIC / EDÖB); if you are in the EEA or UK, your local data-protection authority.
We do not carry out solely automated decision-making that produces legal or similarly significant effects about you. Visa results are generic, country-to-country information, not an individual eligibility decision.
We use reasonable technical and organisational measures (HTTPS/TLS in transit, an access-controlled managed database, scoped credentials, and expiring sessions). No system is perfectly secure, and we cannot guarantee absolute security.
The Service is not intended for children under 16. We do not knowingly collect their data; contact us for deletion if you believe we have.
We may update this policy; the effective date shows the latest version and material changes will be highlighted. Privacy contact: privacy@what10.com.
← Back to VisaBuddy · Terms & Conditions →