§ 01
Introduction
At VisaPics (“we”, “our”, “us”) we treat your personal data the way we’d want a passport bureau to treat it: deliberately, briefly, and behind a locked door. This policy explains what we collect, why, and what you can do about it.
By using visapics.org you agree to this policy. If you don’t — close the tab. No hard feelings.
§ 02
What we collect
Things you give us
- ·Email — for receipts and processed-photo delivery.
- ·Payment details — handled end-to-end by Stripe; we never see card data.
- ·The photo you upload, plus your country and document choice.
- ·Order history — needed for refunds and support.
Things your browser sends
- ·IP address, browser, device class.
- ·Pages visited, durations, and referring URL.
§ 03
How we use it
We use this data, and only this data, to:
- ·Run your photo through the model and deliver the result.
- ·Process the payment and maintain transaction records.
- ·Respond to support requests.
- ·Improve service quality — never on identifiable photos.
- ·Meet legal obligations (e.g. tax records).
§ 04
Photo storage & deletion
The most important section in this document.
- ·Photos are stored only as long as needed for processing and delivery.
- ·All uploaded and generated images are auto-deleted after 30 days.
- ·Email privacy@visapics.org for immediate deletion.
- ·We never train models on your photo, sell it, or share it.
- ·Storage is at-rest encrypted on EU/US dual-region buckets.
§ 05
Data security
- ·TLS 1.3 on every connection.
- ·Stripe is PCI-DSS Level 1 — they handle the card, not us.
- ·Quarterly security review, least-privilege access controls.
- ·SOC-2-compliant data centres.
§ 06
Your rights
Whether you’re under GDPR, CCPA, or neither, you can:
- ·Access the data we hold on you.
- ·Correct anything inaccurate.
- ·Request deletion.
- ·Object to or restrict processing.
- ·Export your data in a portable format.
- ·Withdraw consent at any time.
Reach privacy@visapics.org — we respond inside 48 hours.
§ 08