Welcome to Visatoolz. This Privacy and Data Protection Policy ("Privacy Policy") explains how Visatoolz, operated by Ads Vantage Limited ("we", "us", "our"), collects, processes, and protects your personal data in compliance with the United Kingdom General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018.
Ads Vantage Limited is your Data Controller and is responsible for your personal data. Any enquiries about how we handle your data should be directed to:
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues at www.ico.org.uk. We would, however, appreciate the opportunity to address your concerns before you approach the ICO. Please contact us in the first instance.
βΉοΈ
This Privacy Policy applies to all users of the Visatoolz platform, visitors to visatoolz.com, and anyone who contacts us. It applies to all personal data we process at any time.
"Personal Data" means any information about an individual from which that person can be identified. We collect the following categories of personal data:
2.1Account and identity data
- Profile data: Your first name, last name, and email address provided when you create a Visatoolz account.
- Contact data: Your email address, and phone number if provided through the contact form.
- Login credentials: Your hashed password and session tokens used to authenticate your account.
2.2Payment and billing data
- Billing data: Credit or debit card details and billing address processed securely through Stripe (global) or Paystack (Nigeria). We do not store card numbers directly β all payment processing is handled by our PCI-DSS compliant payment providers.
- Transaction data: Records of credit purchases, amounts, dates, and document generation activity tied to your account.
2.3Document input data
- Form inputs: Personal details you provide when generating documents, including names, addresses, passport numbers, travel dates, employment information, financial figures, and purpose of visit. This data is used solely to generate your requested document.
- Uploaded documents: Bank statement PDFs uploaded to the Bank Statement Analyser. These are processed in-session and immediately discarded after analysis. No financial PDFs are stored on our systems.
- Refusal notice content: Text you paste or upload when using the Refusal Response Check tool. This is processed to generate your appeal response and is not retained after your session.
π
Important: Bank statement PDFs and refusal notice documents are processed in-session only. They are never stored, logged, or retained on Visatoolz systems after document generation is complete.
2.4Technical and usage data
- Technical data: Your IP address, browser type and version, operating system, device identifiers, and time zone settings collected automatically when you use the platform.
- Usage data: Pages visited, tools accessed, time spent on the platform, and feature usage patterns used to improve the service.
- Log data: System access logs, error records, and security monitoring data retained for platform security purposes.
2.5Communications data
- Contact form submissions: Any message, subject matter, and contact details you provide when using our contact form.
- Support interactions: Records of messages exchanged through WhatsApp, Telegram, or email when you contact us for assistance.
- Marketing preferences: Your opt-in or opt-out choices regarding communications from us.
β οΈ
We do not collect Special Categories of Personal Data. This includes race, ethnicity, religion, sexual orientation, political opinions, trade union membership, health information, or biometric data. We also do not collect information about criminal convictions.
Under the UK GDPR, we are required to have a lawful basis for each type of processing. We rely on the following legal bases:
- Consent: Where you have explicitly agreed to certain processing, such as subscribing to marketing communications or ticking a consent box on a form. You may withdraw consent at any time by contacting us.
- Contractual necessity: Processing that is necessary to deliver the Visatoolz service to you, including generating your documents, processing your credit purchase, and maintaining your account.
- Legal compliance: Where we are required by law to collect or retain data, such as financial transaction records for tax and accounting obligations.
- Legitimate interests: Where processing is necessary for our reasonable business purposes and does not unduly impact your rights, such as maintaining platform security, improving our services, and detecting fraud. We have assessed that these interests do not override your fundamental privacy rights.
We will only use your personal data when the law allows us to. We use it for the following purposes:
4.1Providing and managing the service
- Creating, maintaining, and securing your Visatoolz account
- Processing your credit purchases and maintaining your credit balance
- Generating your requested documents using inputs you provide
- Storing your document history in your account dashboard for download access
- Processing requests for document regeneration or refunds
4.2Improving and securing the platform
- Analysing usage patterns to improve tool performance and user experience
- Monitoring for security threats, fraud, and unauthorised access
- Maintaining system logs for troubleshooting and reliability
- Conducting internal document quality assessments to improve output accuracy
4.3Communications and marketing
- Responding to enquiries you submit through the contact form or direct messaging
- Sending transactional notifications about your account, credit balance, and generated documents
- Sending product updates and promotional communications where you have consented to receive them
You can opt out of marketing communications at any time by emailing privacy@visatoolz.com or using the unsubscribe link in any email we send. Opting out does not affect transactional communications related to your account.
4.4Legal and compliance obligations
- Complying with applicable laws, including UK GDPR, the Data Protection Act 2018, and Nigerian data protection regulations
- Retaining transaction records as required for financial and tax compliance
- Responding to lawful requests from regulatory or law enforcement authorities
- Enforcing our Terms of Service and investigating potential violations
Given the sensitive nature of financial documents, we have designed the Bank Statement Analyser and Refusal Response Check tools with explicit data minimisation principles:
- No storage: Bank statement PDFs uploaded to the platform are processed in-session and immediately discarded after analysis is complete. At no point are the source PDFs stored on our servers, databases, or third-party storage systems.
- Output only: The structured output β the monthly income/expense summary table and the deposit explanation narrative β is the only item retained in your document history. The raw financial data from which it was derived is not retained.
- No human access: Bank statement analysis is an automated process. No Visatoolz team member reads, reviews, or has access to your uploaded financial documents.
- No sharing: Financial data extracted during analysis is never shared with third parties, used for profiling, or used for any purpose other than generating your requested output.
- Refusal notices: Text or images of refusal notices submitted to the Refusal Response Check tool are processed to generate your structured response and are not retained after generation.
β
Our commitment: Your bank statement and financial documents are used once, for the specific analysis you requested, and are gone. This is a design principle, not just a policy statement. We do not have the infrastructure to retain financial PDFs β they are discarded at the processing layer before reaching any storage system.
We do not sell or rent your personal data to third parties. We share your data only in the following limited circumstances:
6.1Service providers
- Payment processing: Stripe (global, PCI-DSS compliant) and Paystack (Nigeria) process payment transactions. They receive billing data necessary to complete your purchase but do not receive document input data.
- Cloud infrastructure: Hosting and server infrastructure providers store account data and document history in encrypted form under confidentiality obligations.
- AI inference: Document generation uses an AI inference service as its processing substrate. Form inputs provided to generate a document are passed to this service for the purpose of generating your output. This service operates under a data processing agreement and does not retain or use your inputs for any other purpose.
- Analytics: Anonymised or aggregated usage data may be passed to analytics services to help us understand how the platform is used. This data does not identify individual users.
6.2Legal requirements
We may disclose your personal data to law enforcement, regulatory authorities, or government bodies where required by applicable law, court order, or to protect the rights, property, or safety of Visatoolz, our users, or the public.
6.3Business transfers
In the event of a merger, acquisition, or sale of all or part of our business, your personal data may be transferred to the acquiring entity. You will be notified of any such transfer and the applicable privacy policy of the new entity will govern the further use of your data.
6.4Third-party links
The Visatoolz platform may contain links to third-party websites or services. We are not responsible for the privacy practices of those sites. When you leave our platform, we encourage you to read the privacy policy of every service you visit.
- Account data: Retained for as long as your account is active. If you delete your account, account data is removed from our live systems within 30 days. Backup systems may retain a copy for up to 90 days before permanent deletion.
- Document history: Generated document outputs stored in your account history are retained for as long as your account is active, or until you delete them. Deleting your account deletes your document history.
- Bank statement and financial document data: Not retained. Processed in-session and discarded immediately. There is no retention period because there is no retention.
- Transaction and billing data: Retained for a minimum of 7 years in compliance with financial record-keeping obligations under UK law.
- Communication records: Support communications and contact form submissions are retained for up to 3 years from the date of last interaction, or until you request deletion.
- Technical and log data: System access logs and security monitoring data are retained for 12 months and then deleted.
- Inactive accounts: Accounts with no login activity for 24 consecutive months may be flagged for deletion. You will receive advance notice by email before any deletion takes place.
We may retain your personal data for longer than the periods above in the event of a complaint, dispute, or where we reasonably believe there is a prospect of legal proceedings in respect of our relationship with you.
Under UK data protection law, you have the following rights in relation to your personal data. These rights are not absolute and may be subject to conditions or limitations in certain circumstances.
πRight to be informed
You have the right to be told how and why we process your data. This Privacy Policy fulfils that obligation.
ποΈRight of access
You can request a copy of all personal data we hold about you (a Subject Access Request). We will respond within 30 days.
βοΈRight to rectification
You can ask us to correct inaccurate or incomplete personal data we hold about you.
ποΈRight to erasure
You can ask us to delete your personal data where there is no longer a lawful reason to retain it. Account deletion removes your data from live systems within 30 days.
π«Right to object
You can object to processing based on legitimate interests or for direct marketing. We will stop that processing unless we can demonstrate compelling grounds that override your rights.
βΈοΈRight to restrict processing
You can ask us to pause processing in certain circumstances, such as while you contest the accuracy of your data.
π¦Right to data portability
Where processing is based on consent or contract and is carried out by automated means, you can request your data in a structured, machine-readable format.
π€Rights related to automated decisions
We do not make solely automated decisions that produce legal or similarly significant effects about you. Document generation is a user-initiated service, not an automated decision about your visa application.
To exercise any of these rights, email us at privacy@visatoolz.com with your name, email address, and a description of your request. We will not charge a fee for reasonable requests and will respond within 30 calendar days. We may need to verify your identity before fulfilling your request.
βΉοΈ
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at any time:
www.ico.org.uk or 0303 123 1113. We would appreciate the opportunity to address your concerns first.
We implement appropriate technical and organisational measures to protect your personal data against accidental loss, unauthorised access, disclosure, alteration, or destruction. These measures include:
- Encryption in transit: All data transmitted between your browser and our platform is encrypted using HTTPS/TLS protocols.
- Encryption at rest: Stored account data and document history are encrypted at rest on our infrastructure.
- Access controls: Access to personal data within our systems is restricted to a limited number of authorised team members bound by confidentiality obligations. Role-based access controls prevent unnecessary access.
- Data minimisation: We do not collect data we do not need. Bank statement PDFs and refusal notices are discarded at the processing layer before reaching any storage system.
- Secure payments: We do not store payment card numbers. All card processing is handled by Stripe and Paystack, which are PCI-DSS certified payment providers.
- Security monitoring: We maintain access logs and monitor our systems for suspicious activity, unauthorised access attempts, and security incidents.
- Password security: Account passwords are stored in hashed form using industry-standard cryptographic algorithms. We never store passwords in plain text.
β οΈ
Important notice: No internet transmission is 100% secure. While we implement robust security measures, we cannot guarantee the absolute security of data transmitted to us. If you believe your account has been compromised, contact us immediately at
privacy@visatoolz.com.
Visatoolz is operated by Ads Vantage Limited, registered in Nigeria. Your personal data may be processed and stored in Nigeria, the United Kingdom, the United States, or other countries where our infrastructure providers maintain facilities.
When we transfer personal data outside the United Kingdom, we ensure that appropriate safeguards are in place to protect your data, including:
- Standard Contractual Clauses (SCCs): Agreements with our processors and sub-processors that meet the requirements of the UK International Data Transfer Agreement (IDTA) or equivalent safeguards.
- Adequacy decisions: Where the UK government or ICO has recognised a country as providing an adequate level of data protection.
- Processor agreements: All third-party service providers who may receive your data are required to process it only in accordance with our instructions and applicable data protection law.
By using Visatoolz, you acknowledge that your data may be transferred and processed in jurisdictions outside the UK. We always ensure appropriate safeguards are in place before any such transfer.
We use cookies and similar tracking technologies on visatoolz.com to improve your experience and understand how the platform is used.
11.1Types of cookies we use
- Essential cookies: Required for the platform to function, including authentication cookies that keep you logged in and session cookies that maintain your state during document generation. These cannot be disabled without affecting platform functionality.
- Analytics cookies: Anonymised usage data collected to understand how users interact with the platform, which tools are used most frequently, and where users encounter difficulties. This helps us improve the product.
- Preference cookies: Store your settings such as theme preference (light/dark mode) and language.
11.2Managing cookies
You can control and manage cookies through your browser settings. Most browsers allow you to block or delete cookies. Note that blocking essential cookies will affect your ability to use the platform, including staying logged in. For more information about managing cookies, visit www.allaboutcookies.org.
Visatoolz is not intended for use by individuals under the age of 18. We do not knowingly collect, process, or retain personal data from children under 18.
If you are under 18, please do not use Visatoolz or submit any personal data to us. If we become aware that we have inadvertently collected personal data from a child under 18 without appropriate consent, we will take immediate steps to delete that data from our systems.
If you are a parent or guardian and believe your child has provided personal data to us, please contact us immediately at privacy@visatoolz.com.
We review this Privacy Policy regularly and will post any updates on this page with a revised "Last Updated" date. Material changes β those that significantly affect how we use your personal data or your rights β will be communicated to registered users by email before they take effect.
We encourage you to review this Privacy Policy periodically. Continued use of Visatoolz following the posting of changes constitutes your acceptance of those changes, subject to your rights under applicable data protection law.
π
This version of the Privacy Policy was last updated on 1 April 2026 and applies to all Visatoolz services and the visatoolz.com website from that date.
For any questions, concerns, or requests relating to this Privacy Policy or the data we hold about you, please contact us through any of the following channels:
We aim to respond to all privacy-related enquiries within 5 business days and to all Subject Access Requests within 30 calendar days as required by UK GDPR.
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at www.ico.org.uk.