This Privacy Policy ("Policy") governs the data processing practices of Megaleios Digital Solutions, LLC ("Company", "we", "us", or "our") when you ("you" or "your") use or access our VisaPilotAI mobile application ("App"). This Policy constitutes an integral part of our Terms of Use ("Terms"), and governs the collection, processing, storage, and transfer of data while you install and use the App.
This Policy explains what data we may collect from you, how such data may be used or shared with others, how we safeguard it, and how you may exercise your rights related to your Personal Data (as defined below), including as required under the EU General Data Protection Regulation ("GDPR"), the Brazilian General Data Protection Law ("LGPD"), the California Consumer Privacy Act ("CCPA"), and other applicable U.S. state and international privacy laws.
If there is a data breach, we will notify all affected users and provide instructions for further actions you may take, if any.
1 Policy Amendments
We reserve the right to amend this Policy from time to time, at our sole discretion. The most recent version of the Policy will always be available within the App and on our website. The updated date will be reflected in the "Last Modified" heading. We will provide notice if these changes are material, and where required under applicable laws, we will obtain your consent prior to enforcing such revisions. Otherwise, any amendments to the Policy will become effective within 30 days of publication. We recommend you review this Policy periodically.
2 Data Controller Information
Megaleios Digital Solutions, LLC is the Data Controller (as such term is defined under the GDPR or equivalent privacy legislation) of the Personal Data processed through the App.
For any question, inquiry, or concern related to this Policy or the processing of your Personal Data, you may contact our privacy team:
Email: privacy@visapilotai.com
Website: www.visapilotai.com
3 What Information We Collect and How We Use It
Non-Personal Data
We may collect aggregated, non-personal, non-identifiable information which may be collected directly or indirectly through your use of the App ("Non-Personal Data"). This includes technical information transmitted from your device, such as browser version, type of operating system, mobile network information, internet service provider, mobile carrier, device settings, language preference, screen resolution, and similar technical data.
Personal Data
We may also collect individually identifiable information, namely information that identifies an individual or may with reasonable effort be used to identify an individual ("Personal Data"). For the avoidance of doubt, any Non-Personal Data connected or linked to any Personal Data shall be deemed as Personal Data if such connection or linkage exists.
We do not knowingly collect or process any Personal Data constituting or revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning a person's health, or data concerning a person's sex life or sexual orientation ("Special Categories of Personal Data" or "Sensitive Data").
Data We Process
| Data Category | Purpose & Operations | Lawful Basis (GDPR) |
|---|---|---|
|
Account Registration Data Full name, email address, password (hashed), phone number, profile photo |
(1) Creating and managing your account; (2) Authentication and security; (3) Communicating with you about your account and the Services; (4) Personalizing your experience within the App. | Performance of contract (providing the Services you requested). Legitimate interest for security and fraud prevention. |
|
Case Tracking Data USCIS receipt numbers, case statuses, case types, priority dates, processing updates |
(1) Providing case tracking and monitoring services; (2) Sending push notifications about case status changes; (3) Displaying case progress and history; (4) Enabling AI Advisor to provide informational responses about your case. | Performance of contract. Consent for notifications and AI processing. |
|
Online Identifiers & Device Data IP address, device ID, advertising ID (GAID/IDFA), device model, OS version |
(1) Providing and operating the App; (2) Security and fraud prevention; (3) Analytics and measurement; (4) Serving personalized advertisements (free tier). | Legitimate interest for operational and security purposes. Consent for advertising and tracking (via App permissions). |
|
Usage & Telemetry Data Access time, date logs, feature interactions, screens viewed, tap events, session duration |
(1) Improving and optimizing the App; (2) Internal analytics and product development; (3) Understanding user behavior to enhance features; (4) Ad performance reporting. | Legitimate interest for service improvement. Consent for analytics and advertising purposes. |
|
AI Advisor Interaction Data Chat messages, prompts, generated responses, session context |
(1) Generating informational responses about your immigration case and process; (2) Improving AI model quality and accuracy; (3) Quality assurance and error detection; (4) Service improvement. | Performance of contract (providing AI Advisor service). Legitimate interest for quality improvement. |
|
Subscription & Transaction Data Purchase records, subscription status, billing period, plan type |
(1) Managing your subscription and access to Premium features; (2) Transaction records and billing history; (3) Customer support. Note: Payment processing is handled entirely by Apple App Store / Google Play Store. We do not collect or store credit card numbers or payment credentials. | Performance of contract. Legal obligation for record-keeping. |
|
Contact & Support Data Name, email, message content, attachments |
(1) Responding to your inquiries and support requests; (2) Improving customer service; (3) Retaining correspondence for dispute resolution. | Legitimate interest. Contractual obligation for customer support. |
|
Visa Bulletin Preferences Selected chargeability area, visa category preferences |
(1) Displaying relevant Visa Bulletin data; (2) Sending targeted notifications about relevant visa bulletin updates. | Performance of contract. Consent for notifications. |
|
Notification Preferences Push notification token, notification settings, alert preferences |
(1) Sending push notifications about case updates, document statuses, appointment reminders; (2) Delivering subscription and feature alerts. | Consent (opt-in through device permissions). |
We use various technologies to collect and store the information listed above, including SDKs, pixel tags, local storage, and secure databases. We use different technologies to process your information. The actual processing operation per each purpose and lawful basis detailed in the table above may differ, and usually includes a set of operations made by automated means, such as collection, storage, use, disclosure, erasure, or destruction.
4 How We Collect Information
Depending on the nature of your interaction with the App, we may collect information as follows:
(i) Automatically — We process device and usage data automatically when you install and use the App, based on your consent provided through in-app permissions, in order to execute our contract with you and provide the Services.
(ii) From publicly accessible sources — We retrieve case status data from government public sources (such as egov.uscis.gov and travel.state.gov) based on the receipt numbers you provide.
(iii) Provided by you voluntarily — We collect and process Personal Data you provide when creating an account, entering receipt numbers, interacting with the AI Advisor, contacting support, or providing any information through the App.
5 AI Advisor Data Processing
5.1. The AI Advisor feature processes your Case Data and chat inputs to generate informational responses. When you interact with the AI Advisor, the following data processing occurs:
(a) Your chat messages and case context are transmitted to our AI processing systems to generate responses;
(b) Conversation data may be temporarily stored for the duration of your chat session to maintain context;
(c) Anonymized and aggregated interaction data may be used to improve the AI model's accuracy and quality;
(d) We do not use your individual conversations to train AI models on your specific personal data.
5.2. The AI Advisor does not have access to any non-public government systems or databases. All case information referenced by the AI Advisor is derived from publicly available sources or data you have provided through the App.
5.3. You may request deletion of your AI Advisor conversation history at any time by contacting us at privacy@visapilotai.com or by deleting your account through the App.
6 Tracking Technologies
We use "cookies" and similar tracking technologies such as software developer kits ("SDKs") when you access or use our App. These technologies are used for: (i) allowing you to navigate between screens efficiently; (ii) enabling automatic activation of certain features; (iii) remembering your preferences; and (iv) making the interaction between you and our App quicker and easier.
| Technology / SDK | Purpose | Privacy Policy |
|---|---|---|
| Google Analytics / Firebase | Analytics, measurement, crash reporting, performance monitoring |
Google Privacy Policy GA Opt-Out |
| Google AdMob | Advertising (free tier only) | Google Privacy Policy |
|
Push Notification Services APNs / FCM |
Delivering push notifications for case updates, reminders, and alerts | Apple Privacy / Google Privacy |
When tracking is used for marketing or advertising, we will process Personal Data solely based on your consent provided through the App permissions or device settings. You may withdraw consent at any time through your device settings (e.g., opt-out of advertising ID or tracking).
7 Sharing Data — Categories of Recipients
We share your Personal Data with third parties only as described below. We do not sell your Personal Data.
| Category | Data Shared | Purpose |
|---|---|---|
| Service Providers | As necessary for service provision | We employ third-party companies and individuals to perform functions on our behalf, including hosting, analytics, AI processing, push notification delivery, customer support tools, and payment processing. These providers are contractually prohibited from using your Personal Data for any purpose other than providing services to us. |
| AI Processing Partners | AI Advisor interaction data (anonymized where possible) | We may use third-party AI infrastructure providers to power the AI Advisor feature. Your data is processed in accordance with strict data processing agreements and is not used by these providers for their own purposes. |
| Advertisers | Advertising ID only (free tier) | We share advertising identifiers with ad networks to display relevant advertisements in the free tier of the App. Premium subscribers are not subject to advertising data sharing. |
| App Stores | Transaction data | Subscription purchases are processed through Apple App Store and Google Play Store, subject to their respective privacy policies. We do not receive or store payment card details. |
| Legal & Enforcement | As required by law | We may disclose Personal Data to comply with legal obligations, enforce our Terms, protect our rights, investigate fraud, or respond to government requests, court orders, or legal proceedings. |
| Business Transfers | All types of Personal Data | In the event of a merger, acquisition, or sale of assets, your Personal Data may be transferred to the acquiring entity. We will provide notice before your Personal Data is transferred and becomes subject to a different privacy policy. |
When we share information with service providers, we ensure they only have access to information that is strictly necessary to provide their services. These parties are required to secure the data they receive and use it for pre-agreed purposes only, in compliance with all applicable data protection regulations.
8 Your Rights
Depending on your jurisdiction, applicable data protection laws may grant you certain rights regarding your Personal Data, including:
(i) Right to access — review and obtain a copy of the Personal Data we hold about you;
(ii) Right to rectification — request correction of inaccurate or incomplete Personal Data;
(iii) Right to erasure — request deletion of your Personal Data (subject to legal retention requirements);
(iv) Right to restrict processing — request that we limit how we process your Personal Data;
(v) Right to data portability — receive your Personal Data in a structured, commonly used, machine-readable format;
(vi) Right to object — object to the processing of your Personal Data for certain purposes, including direct marketing;
(vii) Right to withdraw consent — where processing is based on consent, withdraw that consent at any time;
(viii) Right to lodge a complaint — file a complaint with a supervisory authority in your jurisdiction.
To exercise any of these rights, please contact us at: privacy@visapilotai.com. We will respond to your request within 30 days (or as required by applicable law). We may require certain information from you to verify your identity before processing your request.
• Delete your data — Use "Close my account" in Profile & Settings
• Manage notifications — Adjust in the App's notification preferences or device settings
• Edit your profile — Update your information in Edit Profile
• Opt out of ads — Adjust advertising preferences in your device settings
Note: Deleting the App from your device does NOT automatically delete your Personal Data from our servers. You must delete your account through the App or contact us.
9 Data Retention
We retain Personal Data only for as long as it remains necessary for the purposes described in this Policy, subject to applicable regulations or until you express your preference to opt out or delete your account. The retention periods are determined according to the following criteria:
(i) Operational necessity — For as long as it remains necessary to achieve the purpose for which the data was initially collected. For example, if you contact us for support, we will retain your contact information at least until we resolve your inquiry.
(ii) Legal and regulatory compliance — Transactional data may be retained for up to seven years for compliance with bookkeeping and tax obligations.
(iii) Dispute resolution — Data necessary to resolve claims or disputes may be retained until such disputes are resolved, and following, in accordance with applicable statutory limitation periods.
(iv) AI Advisor conversations — Chat interaction data is retained for up to 12 months for quality assurance and model improvement purposes, after which it is anonymized or deleted.
(v) Account deletion — Upon account deletion, we will delete or anonymize your Personal Data within 30 days, except where retention is required by law.
Except as required by applicable law, we are not obligated to retain your data for any particular period and may delete it as needed, in accordance with this Policy.
10 Security Measures
We implement physical, technical, and administrative security measures that comply with applicable laws and industry standards to protect the Personal Data we process from unauthorized access, alteration, disclosure, or destruction. These measures include:
(a) Encryption of data in transit using TLS/SSL protocols;
(b) Encryption of sensitive data at rest;
(c) Secure password hashing (we never store passwords in plain text);
(d) Access controls restricting Personal Data access to authorized personnel only;
(e) Regular security assessments and vulnerability testing;
(f) Minimization of data stored on our servers.
However, no method of transmission over the internet or electronic storage is 100% secure, and the Company cannot guarantee absolute security. We make no warranty, express or implied, that we will always be able to prevent unauthorized access.
Please contact us at privacy@visapilotai.com if you believe your privacy was compromised or if you become aware of a third party's attempt to gain unauthorized access to your Personal Data. We will make a reasonable effort to notify you and the appropriate authorities (if required by applicable law) in the event we discover a security incident related to your Personal Data.
11 International Data Transfer
Our data servers are located in the United States. If you are accessing the App from outside the United States, please be aware that your Personal Data may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction.
When Personal Data collected within the European Economic Area ("EEA"), the United Kingdom, or Brazil is transferred outside of these regions to a country that has not received an adequacy decision, we will take necessary steps to ensure that sufficient safeguards are in place, including the use of Standard Contractual Clauses approved by the European Commission or other appropriate transfer mechanisms.
By using the App and providing your Personal Data, you consent to the transfer of your data to the United States and its processing in accordance with this Policy.
12 Children's Privacy
The App is not intended for use by children. For the purposes of this Policy, "child" means an individual under the age of 13 in the United States, under the age of 16 in the EEA, and as otherwise defined under applicable law. We do not knowingly collect Personal Data from children.
If we discover that we have inadvertently collected Personal Data from a child, we will promptly delete that information from our systems. If you have reason to believe that a child has provided Personal Data to us, please contact us immediately at privacy@visapilotai.com.
13 Jurisdiction-Specific Notices
A. California Residents (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act and the California Privacy Rights Act provide you with additional rights regarding your Personal Data, including the right to know what Personal Data we collect, the right to delete, the right to correct, the right to opt-out of the sale or sharing of Personal Data, and the right to non-discrimination.
We do not sell your Personal Data as defined by the CCPA. We may "share" certain identifiers with third-party advertising networks for cross-context behavioral advertising purposes in the free tier. You may opt out of this sharing by adjusting your device advertising settings or by contacting us.
To exercise your rights under the CCPA/CPRA, please contact us at privacy@visapilotai.com. We will respond within 45 days of receiving a verifiable consumer request.
B. Colorado Residents (CPA)
If you are a Colorado resident acting in an individual or household context, the Colorado Privacy Act provides you with rights including the right to access, correct, delete, and port your Personal Data, as well as the right to opt out of targeted advertising, sale, or profiling. We do not process Sensitive Data as defined by the CPA.
To submit a request, contact us at privacy@visapilotai.com. We will respond within 45 days. If we decline your request, you may appeal by contacting us. If the appeal is denied, you may file a complaint with the Colorado Attorney General at coag.gov/file-complaint.
C. Virginia Residents (VCDPA)
If you are a Virginia resident acting in an individual or household context, the Virginia Consumer Data Protection Act provides you with rights to access, correct, delete, and port your data, and to opt out of targeted advertising, sale, or profiling. To exercise these rights, contact us at privacy@visapilotai.com. We will respond within 45 days. Appeals may be directed to the Virginia Attorney General at oag.state.va.us.
D. Connecticut Residents (CDPA)
If you are a Connecticut resident acting in an individual or household context, the Connecticut Data Privacy Act provides you with similar rights to access, correct, delete, and port your Personal Data. To exercise these rights, contact us at privacy@visapilotai.com. We will respond within 45 days. If your appeal is denied, you may file a complaint with the Connecticut Attorney General at dir.ct.gov/ag/complaint.
E. Utah Residents (UCPA)
If you are a Utah resident acting in an individual or household context, the Utah Consumer Privacy Act provides you with rights to access, delete, and port your Personal Data, and to opt out of targeted advertising and sale. To exercise these rights, contact us at privacy@visapilotai.com.
F. Nevada Residents
Nevada law allows Nevada residents to opt out of the sale of certain types of personal information. We currently do not sell Personal Data as defined under Nevada law. However, if you are a Nevada resident, you may submit a verified request to opt out of future sales by contacting us at privacy@visapilotai.com.
G. Brazilian Residents (LGPD)
If you are a resident of Brazil, the Lei Geral de Proteção de Dados (LGPD) provides you with rights including confirmation of processing, access, correction, anonymization, portability, deletion, information about sharing, and the ability to revoke consent. To exercise these rights, contact us at privacy@visapilotai.com.
H. EEA / UK Residents (GDPR / UK GDPR)
If you are a resident of the European Economic Area or the United Kingdom, the GDPR and UK GDPR provide you with comprehensive data protection rights as outlined in Section 8 of this Policy. You may also lodge a complaint with your local supervisory authority if you believe your data protection rights have been violated.
14 Contact Us
If you have any questions regarding this Policy, our data practices, or wish to exercise any of your data protection rights, you may contact us at:
Email: privacy@visapilotai.com
Website: www.visapilotai.com