Trust & safety

Built on the assumption that you don’t fully trust us yet.

You’re asking us to handle a TLSContact account that holds your visa journey. We take that seriously. Here’s exactly what we do, what we don’t do, and how to verify it for yourself.

🔒

Your password never leaves your browser.

It’s encrypted with a passphrase you choose, stored only in your browser’s local storage. Decrypted in-memory only when auto-login runs. Our servers cannot see, decrypt, or recover it.

No server-side scraping.

Your browser does the work, in your own logged-in session. We never connect to TLSContact from our infrastructure — only your browser does, on the published 5-minute schedule.

No personal data shared between users.

Only anonymised slot availability is broadcast — never your name, application, or appointment details. Members race for slots; they never see each other.

🇭🇰

Hong Kong company. UK / EU data.

VisaReady is operated from Hong Kong. Servers are in the UK and EU. Stripe processes all card payments — we never see card details.

In detail

How your password actually works.

When you sign in to TLSContact through the extension for the first time, here’s what happens:

  • You choose a passphrase — something only you know. We never see it.
  • Your TLS password is encrypted client-side using AES-256-GCM with a key derived from your passphrase via PBKDF2 (310,000 iterations).
  • The encrypted blob is stored only in your browser’s local storage. Nothing about it touches our servers.
  • When auto-login runs, the blob is decrypted in-memory inside your browser, used to log in, then wiped.

If you forget your passphrase, we cannot recover it. You re-enter your TLS password and choose a new one.

What the server does see, in plain English:

  • Your email address (for notifications & billing).
  • Your route selection (e.g. UK → France).
  • Your scan-schedule offset (a number 0–299 that staggers your scans).
  • The fact that you’re a paying member, and your Stripe customer ID.
  • Anonymised events: scan_complete, slot_detected, booking_confirmed.

What the server never sees:

  • Your TLS password.
  • Your visa application details, name, passport number, or photo.
  • Your appointment date or location.
  • Other members’ identities — they’re anonymised across the network.
Verify it yourself

Don’t take our word for it.

Method 01

Inspect the permissions.

Open chrome://extensions after installing — VisaReady only requests host access to tlscontact.com. The same permission list is published on the Chrome Web Store listing before you install.

Method 02

Inspect the network tab.

Open Chrome DevTools while VisaReady is running. You’ll see scans go to tlscontact.com, never via our servers.

Method 03

Read the privacy policy.

Our privacy policy spells out exactly what we store, where, and for how long — written to be read, not hidden.

If something goes wrong

Reach a real person quickly.

We’re a small team. There’s no support queue. Email contact@visaready.ai — security issues, everything else, anything. A human replies within a few hours during business hours.