Privacy Policy

VisaReady is operated by VisaReady, registered in Hong Kong. We are the data controller for the personal data described below. Contact: contact@visaready.ai.

We collect the minimum we need to run the service: enough to sign you in, charge the right fees, coordinate scanning timing across users, and answer support tickets. Your TLSContact password never touches our servers — it lives on your machine. We don't sell data and we don't use it for advertising.

• Account data: your email and a Stripe customer id and payment-method id linked to you. Stored in our database.
• TLSContact credentials: stored in your browser's local extension storage (chrome.storage.local). They never leave your machine and we can't see them. The extension uses them only to re-establish your TLS session when it expires, locally, in your browser.
• Pool participation data: the pool key (visa centre + city), slot detection events, near-miss timing, and a pseudonymous user id used to coordinate the scanning network. This is what lets us stagger scans across users without anyone polling TLSContact too often.
• Payment data: processed by Stripe under their own privacy policy. We store a Stripe customer id and a payment-method id. We never see or store card numbers.
• Support tickets: when you submit a help request via the extension, we store your message and an optional debug bundle (the page URL you were on, recent extension logs, the extension's current state, and an optional screenshot). The debug bundle is stored as a file on Cloudflare R2. See "Retention" below.

To run the service you signed up for: signing you in, watching TLSContact for slots matching your preferences, attempting to book one when we see a match, charging the agreed fees, and answering support requests when something goes wrong.

The legal basis is performance of the contract between us (the Terms of Service) for most of it, and our legitimate interest for things like aggregated reliability tuning and fraud prevention. We don't sell personal data and we don't use it for advertising.

Our backend runs on Cloudflare Workers. The database is Cloudflare D1; file storage (debug bundles) is Cloudflare R2. The R2 bucket has a lifecycle rule that deletes support bundles after 90 days. We configure D1 and R2 to use Cloudflare's Western Europe region group where available; Cloudflare may replicate or cache data across other regions in the ordinary course of operating their network.

Stripe processes payment data on its own infrastructure under Stripe's privacy policy.

• Account data: kept for as long as your VisaReady account exists, plus up to 7 years afterwards for billing reconciliation and to satisfy applicable financial-record retention requirements.
• Pool participation data: kept for up to 12 months for reliability tuning of the scanning network, then deleted.
• Support debug bundles: auto-deleted from R2 after 90 days via a lifecycle rule. Any signed link in your confirmation email stops working at the same time.
• TLSContact credentials: never leave your machine. They're cleared when you uninstall the extension or click "Forget" in Settings.

We only share data with the processors we need to run the service:

• Cloudflare — hosting (Workers, D1, R2).
• Stripe — payment processing for the £29 success fee.
• Resend — transactional email (magic-link sign-in, booking confirmations, support replies).

We do not share your personal data with TLSContact beyond the actions you authorise the extension to take in your browser using your own credentials.

We don't sell your data to anyone. The visaready.ai marketing site uses Google Analytics 4 and Google Ads to measure how visitors find us and to attribute paid sign-ups to ad campaigns we run; this lets us spend ad budget on what actually works. The Chrome extension itself runs no analytics — it talks only to TLSContact (with your credentials) and to our own backend.

The visaready.ai website sets a session cookie that's required for sign-in, plus a small number of functional cookies (for example, to remember your sign-in state). We also set a cookie called vr_gclid (90-day expiry) when you arrive via a Google Ads click, so we can credit your sign-up back to the ad — this is how Google Ads' conversion measurement works. Google Analytics 4 sets its own cookies on the marketing site for aggregate usage reporting. The Chrome extension stores state and your TLSContact credentials in your browser's local extension storage on your own machine; it does not set any cookies.

You can ask us to send you a copy of your personal data, correct anything that's wrong, or delete your account. Email contact@visaready.ai and we'll respond within 30 days.

If you're in the UK or EU you also have the right to object to processing, restrict processing, request data portability, and lodge a complaint with your local data protection authority (in the UK, the ICO at ico.org.uk).

We aim to keep personal data within the UK and EEA via Cloudflare's Western Europe region group. Cloudflare's global edge network may transit data through other jurisdictions in the course of routing traffic. Where any onward transfer of personal data outside the UK / EEA does occur, we rely on the standard data protection terms Cloudflare offers as part of their data processing addendum, which include the UK International Data Transfer Addendum and EU Standard Contractual Clauses where applicable.

VisaReady is for adults (18+). We don't knowingly collect personal data from children. If you believe a child has used the service, email contact@visaready.ai and we'll delete the data.

We may update this policy. The "Last updated" date above reflects the current version. We'll flag material changes in the extension or by email.

Privacy questions or general support: contact@visaready.ai. See also our Terms of Service.