Data Protection

Privacy Policy

Effective Date: March 14, 2026

PRIVACY POLICY & DATA PROTECTION NOTICE

Effective Date: March 14, 2026

1. INTRODUCTION, SCOPE, AND OUR ABSOLUTE COMMITMENT

This Comprehensive Privacy Policy and Data Protection Notice describes how VARGA ISTVÁN BERTALAN – Sole Proprietor ("the Company," "we," "us," or "our") collects, processes, secures, utilizes, and ultimately destroys your personal data when you interact with the Visa Album platform, accessible via visaalbum.com, lovevisa.eu, and all associated subdomains, API endpoints, and related services (collectively, the "Service" or "Platform").

We recognize that relationship evidence—ranging from intimate late-night chat logs to private photographs, joint financial statements, and personal letters—is among the most highly sensitive data a human being can share online. Immigration applications demand radical transparency from applicants, creating a massive digital footprint of emotional, financial, and biographical vulnerability.

Because of this unparalleled sensitivity, our entire infrastructure is built upon a strict "Privacy by Design and Default" philosophy. This ensures that data protection is not an afterthought, a bolted-on feature, or a mere legal compliance checklist. Rather, it is the core, foundational architecture of our software. Every line of code, every database query, and every third-party integration is evaluated first through the lens of data minimization and security.

As a Hungarian entity operating a global SaaS platform, we operate under the strict, uncompromising supervision of the European Union’s data protection framework. This ensures a level of transparency, security, and robust user rights that significantly exceeds standard international requirements, including those of the United States, Australia, and the United Kingdom.

This document is strictly compliant with, and governed by:

  • Regulation (EU) 2016/679 (General Data Protection Regulation - GDPR), which sets the global gold standard for digital privacy.
  • Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (Hungary), providing localized enforcement mechanisms.
  • Directive 2002/58/EC (ePrivacy Directive), governing our use of cookies and tracking technologies.
  • Act C of 2000 on Accounting (Hungary), which strictly governs the financial retention periods for our billing records.

2. DATA CONTROLLER, DATA PROCESSOR, AND REPRESENTATION

Because our platform serves a dual market—both direct consumer couples (B2C) and professional immigration agencies (B2B)—our legal role and resulting liabilities shift entirely depending on how you utilize the Service.

2.1 When We Are the Data Controller (Direct Users/Couples):

If you are an individual couple signing up directly to build your own personal dossier, we act as the Data Controller. This means we determine the purposes and means of the processing of your personal data. The entity directly responsible for your personal data is:

VARGA ISTVÁN BERTALAN – Sole Proprietor Registered Address: 1078 Budapest, VII. district, Murányi utca 38., ground floor, door 9, Hungary Tax ID: 67025086-1-42 Registration Number: 42530889 Official Email: support@visaalbum.com

By virtue of operating as a Sole Proprietorship under Hungarian law, the Controller maintains direct, personal, and unlimited legal accountability for the implementation of the security measures described herein.

2.2 When We Are the Data Processor (Agency/B2B Users):

If you are an immigration professional, attorney, law firm, or agency utilizing our "Agency Partner" tools, Secure Client Portals, or Impersonation Systems to process data on behalf of your third-party clients, you are the Data Controller and we act strictly as your Data Processor. In these B2B instances:

  • Our processing of your clients' data is governed by a separate, legally binding Data Processing Agreement (DPA) which is automatically incorporated into our Terms and Conditions upon your registration as an Agency.
  • We will only process your clients' data based strictly on your documented instructions (i.e., your programmatic use of the platform's features).
  • You, as the Controller, bear the absolute legal burden of acquiring the necessary explicit consents from your clients before uploading their Special Category Data to our servers. We rely entirely on your representation that such legal bases have been secured.

3. LEGAL BASIS FOR PROCESSING: WHY AND HOW WE USE YOUR DATA

We do not hoard data. We do not engage in exploratory data mining, nor do we sell your relationship history to data brokers. We do not process any data without a specific, documented, and legally defensible justification. Under GDPR Article 6 and Article 9, we rely exclusively on the following legal bases:

  • Art. 6(1)(b) GDPR (Contractual Necessity): We process your email address, authentication tokens, payment status, and uploaded dossier contents because it is technically impossible for us to fulfill our core contract with you (building, rendering, and exporting your high-fidelity A4 Relationship Album) without this information. If you refuse to provide this data, we cannot render the Service.
  • Art. 6(1)(c) GDPR (Legal Obligation): Hungarian and EU laws require us to maintain highly accurate financial records to prevent tax evasion and money laundering. When you purchase a Pass or Subscription, we are legally compelled to process your billing details (name, address, IP location, transaction amount) to generate a valid invoice through our sub-processor (Szamlazz.hu) for the Hungarian National Tax and Customs Administration (NAV). We cannot delete this specific data upon request until the statutory retention period has expired.
  • Art. 6(1)(f) GDPR (Legitimate Interest): We process technical telemetry (IP addresses, browser user-agents, device fingerprints, crash reports) to detect fraudulent login attempts, prevent "account stuffing" (illegally sharing one account among multiple couples to bypass paywalls), optimize the rendering speed of our html-to-image A4 Layout Engine, and secure our infrastructure against Distributed Denial of Service (DDoS) attacks. We have conducted a rigorous balancing test to ensure these legitimate security interests do not override your fundamental privacy rights.
  • Art. 9(2)(a) GDPR (Explicit Consent for Special Categories): Relationship evidence often inadvertently reveals highly protected "Special Category Data" (detailed exhaustively in Section 4.4). Because processing this exact data is the literal, stated purpose of the tool, we require your explicit, affirmative, and unambiguous consent via an unchecked, mandatory checkbox during the onboarding and registration process to handle this sensitive information legally. You may withdraw this consent at any time by deleting your account, which immediately halts all further processing.

4. COMPREHENSIVE CATEGORIES OF DATA COLLECTED

To successfully transform scattered, raw digital memories and disorganized files into a cohesive, chronological, and embassy-ready PDF dossier, we must process several distinct, highly sensitive layers of information. We collect and process the following categories:

4.1 Account & Authentication Metadata:

  • Access Credentials: Email addresses used for our secure SMTP Magic Link system or Google OAuth integration tokens.
  • Security & Session Logs: Exact login timestamps, browser fingerprints, operating system versions, geographic velocity checks, and IP addresses. This is critical telemetry utilized to ensure session integrity, detect compromised accounts, and prevent unauthorized third parties from accessing your private media library.

4.2 Personal Profile & Biographical Data:

  • Identity Markers: Full legal names, passport numbers, national ID numbers, citizenship statuses, and exact dates of birth for both the "Applicant" and the "Sponsor," as entered by you into the Cover Page layout.
  • Logistics & Timelines: Employment history, current and past residential addresses, specific travel itineraries (flight numbers, boarding passes, hotel booking references), and the chronological "Trip Logs" you create to document the trajectory of your relationship.
  • Financial Interdependence Markers: If you choose to upload them as evidence, we process images of joint bank account statements, shared residential lease agreements, utility bills in both names, and wire transfer receipts.

4.3 Evidence, Media, & The "Global Media Library":

  • Visual Evidence: High-resolution photographs documenting the timeline of your relationship, including locations, timestamps, and geolocation metadata (EXIF data) embedded within the original image files.
  • Narrative Evidence: Personal chat logs (e.g., WhatsApp, iMessage, Messenger screenshots), transcripts of video calls, letters of support from family/friends (statutory declarations), and the descriptive, emotional notes you provide to contextualize your visual evidence for the immigration officer.
  • Technical Cryptographic Metadata: To massively optimize our cloud storage and ensure rapid loading times, we generate a mathematical SHA-256 hash for every single image uploaded. This "digital fingerprint" allows our system to prevent redundant storage (e.g., uploading the identical 5MB photo twice). More importantly, it ensures that if you request the deletion of an image, all its scattered instances across different albums, layouts, and trip logs are instantly identified by their hash and permanently purged from the database.

4.4 Special Category Data (SENSITIVE - ARTICLE 9 GDPR):

Relationship dossiers are uniquely and inherently sensitive. Unlike a standard word processor, our platform is designed specifically to collate intimate life details. By utilizing our Layout Builder, you acknowledge that your uploads may deliberately or inadvertently reveal:

  • Racial or Ethnic Origin: Visually apparent through passport scans, family photographs, or cultural ceremonies.
  • Religious or Philosophical Beliefs: Evidenced through photos of religious wedding ceremonies, christenings, holiday celebrations, or places of worship visited during trips.
  • Sexual Orientation & Sex Life: Inherently revealed through the very nature of a same-sex partner visa application, or through the intimate context of private chat log evidence.
  • Biometric Data: Facial imagery and physiological traits contained within your "Applicant" and "Sponsor" portrait slots and general photo uploads.
  • Health Data or Criminal Records: Occasionally included by users if uploading medical examination certificates or police clearance certificates required for specific visa stages.

5. AI PROCESSING PROTOCOLS & SUB-PROCESSORS

Visa Album utilizes advanced Artificial Intelligence (via the OpenAI API) to provide the "AI Audit Officer" and "Magic Wand" narrative enhancement tools. Recognizing the severe implications of feeding private data into language models, we have configured these specific integrations to be strictly "Privacy-First" and legally isolated.

5.1 The OpenAI Privacy Firewall:

  • Data Minimization (Vision AI): We strictly do not send your high-resolution original photos to the AI. When you trigger an AI Audit, our system utilizes a local rendering engine to generate a low-resolution, heavily compressed "Audit Screenshot" of your A4 page. We only send this blurred, compressed map alongside a structured "Text Cheat Sheet" of your captions.
  • Absolute No-Training Guarantee: We utilize the commercial, enterprise-grade OpenAI API endpoints. Under strict, legally binding contractual terms with OpenAI, absolutely none of the visual or textual data you input into Visa Album is retained by OpenAI to train, fine-tune, or improve their public foundational models (such as ChatGPT, DALL-E, or Sora). Your private relationship story remains your own and is discarded by the API after the request is fulfilled.
  • Transient Processing: Audit thumbnails are temporarily uploaded to a private audit-thumbnails bucket simply to allow you to review the AI's visual feedback on your screen. These thumbnails are subjected to aggressive, routine purging cycles separate from your main media library.

5.2 Critical Infrastructure Sub-Processors:

To provide a reliable, fast, and globally accessible SaaS platform, we partner with industry-leading cloud infrastructure providers. By using the Service, you explicitly consent to the use of the following sub-processors, all of whom have been vetted for SOC 2 Type II and ISO 27001 compliance:

  • Vercel & Supabase (Hosting & Database): Our front-end application logic is hosted on Vercel, with PostgreSQL databases and Private Storage Buckets completely managed by Supabase. We specifically strictly provision our databases in the EU-Central-1 (Frankfurt, Germany) server regions. This deliberate architectural choice ensures your core relationship data stays securely within the jurisdictional protection and physical borders of the European Economic Area (EEA).
  • Stripe (Payments): All financial transactions, subscription management, and credit card processing are handled securely by Stripe. We never process, see, or store your raw credit card numbers on our own servers. We only receive cryptographic tokens indicating successful payment.
  • Szamlazz.hu (Invoicing): Used strictly for generating automated, Hungarian tax-compliant invoices upon successful Stripe webhooks.
  • Tolt.com (Affiliates): We use Tolt.com to manage our affiliate referral program. Tolt processes non-identifiable referral codes (window.tolt_referral) to accurately attribute sales to our agency partners.

5.3 International Transfers (SCCs & DPF):

While our primary databases and processing centers are anchored in Germany, certain global sub-processors (like OpenAI and Stripe) are headquartered in the United States. Any transfer of personal data outside the EEA is strictly safeguarded by the EU-US Data Privacy Framework (DPF) or, where applicable, Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring your fundamental privacy rights travel seamlessly with your data regardless of physical geography.

6. AUTOMATED DECISION-MAKING & PROFILING (ARTICLE 22 GDPR)

We must be exceptionally, legally clear: Visa Album does NOT engage in legally binding automated decision-making or profiling. The "AI Audit Officer" feature provides a simulated "Score" (e.g., 8/10) and identifies formatting gaps (such as missing dates or empty image slots) strictly as an assistive, organizational tool to reduce user anxiety and prevent easily avoidable clerical errors.

This AI tool operates completely in a silo. It does not communicate with any government embassy, border control agency, or immigration database. It does not approve, reject, or legally influence your actual visa application, and its outputs produce absolutely zero legal or significant effects on your person. The final, consequential decision to submit the dossier—and the ultimate outcome of the visa application—relies entirely on human intervention, human review by you, and the sovereign judgment of human government officials. You maintain total human agency over the final PDF output.

7. "PRIVACY BY DESIGN" SECURITY ARCHITECTURE & ACCESS CONTROLS

We protect your data from interception, corporate espionage, and unauthorized access using a multi-layered, state-of-the-art security stack designed to withstand enterprise-level threats:

  • AES-256 Encryption at Rest: Your profile data, trip logs, financial metadata, and textual captions are symmetrically encrypted within our Supabase PostgreSQL database using industrial-grade Advanced Encryption Standard (AES) with 256-bit keys.
  • TLS 1.3 Encryption in Transit: Every single byte of data moving between your web browser and our servers is wrapped in a highly secure, cryptographic tunnel utilizing Transport Layer Security (TLS) 1.3. This prevents "man-in-the-middle" (MITM) attacks and packet sniffing, ensuring your uploads remain confidential even if you are operating on unsecured public Wi-Fi networks in airports or hotels.
  • The "60-Second Signed URL" System: Our Supabase media storage architecture is entirely private. Media files cannot be accessed via standard public URLs. When you open your Layout Builder to view your album, our backend server cryptographically authenticates your session token and generates a highly complex "signed URL" for your images that strictly and irrevocably expires in 60 seconds. Even if a malicious actor successfully intercepted the image link, it would be mathematically useless and return a 403 Forbidden error moments later.
  • Row-Level Security (RLS): Our database utilizes strict, mathematically proven Supabase Row-Level Security policies. This means the database itself is architecturally configured so that one user’s authenticated session is completely incapable of querying, viewing, or modifying another user’s data at the root SQL level.
  • Smart Debouncing & Data Integrity: To prevent catastrophic data loss or database race conditions during rapid typing in the Layout Builder, we utilize queue-protection logic and 1-second debouncing to ensure your textual narratives sync securely and sequentially to the cloud.
  • Internal Access Controls: Visa Album operates on a "Zero Trust" and "Principle of Least Privilege" internal framework. Our customer support personnel and developers do not have direct, unlogged access to your raw database rows or private media buckets. Any required maintenance access is heavily restricted, logged, and requires multi-factor authentication (MFA) from authorized, EU-based personnel only.

8. DATA RETENTION, DORMANCY, AUTOMATED PURGING, AND BACKUPS

We fundamentally do not believe in keeping your data forever, nor do we wish to incur the cloud costs of storing stale evidence. We adhere to strict, automated, and uncompromising retention lifecycles to enforce data minimization:

  • Active Status: Your data, high-resolution media, layout configurations, and PDFs are kept fully accessible for the exact duration of your purchased Pass (e.g., 14, 84, or 365 days).
  • Dormancy Period (90 Days): When a Pass expires, your account enters a "Dormant" state. You will lose the ability to edit or export high-resolution PDFs. However, we hold your encrypted data securely for an additional ninety (90) days as a courtesy. This critical safety buffer allows you to easily renew your pass and immediately access your files if you unexpectedly receive a "Request for Evidence" (RFE) from an embassy requiring additional documents or minor corrections.
  • The Final Purge (Day 91): On the 91st day of dormancy, our automated backend cron jobs trigger a permanent, irreversible digital wipe. All uploaded images, trip logs, layout configurations, captions, and generated PDFs are permanently deleted from our primary storage buckets and active PostgreSQL databases. We absolutely do not keep hidden "ghost copies" for marketing or alternative uses.
  • Disaster Recovery Backups: To protect against catastrophic server failure, our sub-processors maintain encrypted, rolling database backups. These backups are not easily accessible and are utilized strictly for disaster recovery. When your data is purged from the active database on Day 91, it will naturally age out and be permanently overwritten in the disaster recovery backups within an additional 30 days.
  • Surgical Deletion ("Reset Data"): You maintain autonomy over your timeline. You may use the "Reset Data" tool in your dashboard at any time to immediately and surgically delete billing metadata, trip logs, or entire media libraries without waiting for the automated 90-day cycle to conclude.
  • Legal & Tax Exceptions: Per the strict requirements of the Hungarian Act C of 2000 on Accounting, we are legally and unavoidably obligated to retain basic billing data (invoices containing your name, billing address, and transaction amount) for eight (8) years. This legal exception does NOT apply to your photos, chat logs, or relationship narrative—it applies exclusively to the sterile financial record of the Stripe transaction.

9. TRACKING, COOKIES, AND AFFILIATE OPT-OUTS

We utilize a strict, user-empowered "Consent-First" cookie policy. You maintain complete, granular control over non-essential tracking mechanisms.

  • Strictly Necessary (Always Active): These are session tokens, CSRF (Cross-Site Request Forgery) protection tokens, and Supabase authentication cookies required to keep you securely logged in and route your data to the correct, encrypted database rows. The site fundamentally cannot function securely without these, and they cannot be disabled.
  • Analytical (Optional): If you explicitly consent, we may use privacy-focused analytics (e.g., Google Analytics 4 with mandatory IP Anonymization enabled) to understand which A4 layouts are most popular, identify friction points in the UI, and monitor software crash reports. This data is strictly aggregated and does not identify you personally or track your behavior across other websites.
  • Marketing (Optional): We may occasionally utilize tracking pixels (e.g., Meta Pixel, Google Ads) to optimize our advertising campaigns and reach other couples navigating the stressful visa process. These tracking mechanisms are strictly deactivated by default. They are only fired if you take the affirmative action to click "Accept All" on our initial cookie banner. You may revoke this consent at any time via your browser settings or our dashboard footer. We respect "Do Not Track" (DNT) and Global Privacy Control (GPC) signals transmitted by modern browsers.

10. YOUR GDPR RIGHTS AND EXACTLY HOW TO EXERCISE THEM

As a data subject protected under European law, you hold absolute, legally enforceable power over your digital footprint. You may contact us at any time, free of charge, to exercise the following fundamental rights:

  • Right to Access (Subject Access Request): You may request a comprehensive, readable export of the profile data, metadata, and logic we hold concerning your account.
  • Right to Erasure ("Right to be Forgotten"): You can use the "Reset Data" or "Delete Account" buttons deeply integrated into your dashboard for instant, self-service, irreversible deletion of your evidence. Alternatively, you can email us to manually execute a total, platform-wide account closure and data purge.
  • Right to Rectification: You can directly correct any inaccurate account details, spelling errors, or outdated addresses directly within your dashboard settings.
  • Right to Restriction & Objection: You may request that we temporarily halt processing your data if you contest its accuracy, or you may object entirely to our processing based on legitimate interests.
  • Right to Data Portability: You may request your structured trip logs and captions in a common, machine-readable format (such as JSON or CSV) to easily, securely move your data to another service provider or hand it off to your legal counsel.

Limitations to Your Rights: Please note that rights are not absolute. For example, we cannot fulfill a "Right to Erasure" request for a Szamlazz.hu financial invoice, as Hungarian tax law (requiring 8-year retention) supersedes the GDPR erasure request in that specific, limited context.

How to Execute Your Rights (Step-by-Step):

  1. Email your formal request to support@visaalbum.com.
  2. To prevent social engineering attacks and unauthorized access, we will verify your identity by sending a secure Magic Link to the email address originally registered to the account. We will not process requests originating from unverified third-party emails.
  3. Once verified, our Data Protection team will process and fulfill your request without undue delay, and in all cases within the statutory deadline of 30 days.

11. CHILDREN’S PRIVACY AND MINORS

Our Service is strictly and exclusively designed for adult individuals and couples navigating complex legal immigration processes. You must be at least eighteen (18) years of age, or possess the legal capacity in your jurisdiction to form a binding contract and consent to the processing of Special Category Data, to use the platform.

We do not knowingly collect, solicit, or process personal data from minors under any circumstances. If we discover, through routine audits or user reports, that a user under the age of 18 has provided personal data to our platform without verifiable parental consent, we will immediately and permanently terminate the account and purge all associated media, text, and logs from our servers without prior notice.

12. DATA BREACH INCIDENT RESPONSE & NOTIFICATION PROTOCOL

While our security architecture is formidable, no system is entirely impervious to determined, state-sponsored, or novel cyber threats. In the highly unlikely event of a severe data breach that compromises our encrypted databases and poses a high risk to your rights, freedoms, or emotional well-being (e.g., the unauthorized, unencrypted exposure of Special Category Data or intimate photos), we are legally committed and prepared to execute our stringent incident response plan.

Our Protocol Includes:

  • Containment & Eradication: Immediate isolation of the affected servers, revoking of compromised API keys, and patching of the exploited vulnerability.
  • Regulatory Notification: We will formally notify the Hungarian National Authority (NAIH) within exactly 72 hours of discovering the nature and scope of the breach.
  • User Notification: We will notify all affected users directly via their registered email addresses without undue delay. This transparent notification will provide a clear, plain-language explanation of the breach, the exact categories of data involved, the immediate mitigation steps we have taken, and the specific actions you should take to protect yourself.

13. COMPLAINTS, SUPERVISION, AND LEGAL RECOURSE

We strive for absolute excellence, unwavering transparency, and strict legal compliance in our privacy practices. However, if you feel we have failed to uphold our commitments, mishandled your Special Category Data, or otherwise violated your fundamental data rights, you have the absolute right to seek legal counsel and lodge a formal, legally binding complaint with our lead supervisory authority:

Hungarian National Authority for Data Protection and Freedom of Information (NAIH) Address: 1055 Budapest, Falk Miksa utca 9-11., Hungary Mailing Address: 1363 Budapest, Pf.: 9. Website: www.naih.hu Email: ugyfelszolgalat@naih.hu Phone: +36 (1) 391-1400

14. MODIFICATIONS, VERSIONING, AND UPDATES TO THIS POLICY

As we continually upgrade our software architecture, forge new third-party integrations (such as introducing localized embassy layout templates or entirely new AI providers), or respond to shifting global privacy legislation, we may periodically need to update this Privacy Policy.

Any material changes that significantly affect your rights, alter the retention periods, or change the way we process Special Category Data will be communicated to you via a prominent, unmissable notice on your active dashboard and via a direct email alert at least thirty (30) days before the changes take legal effect. We maintain a strict versioning history of this document. Your continued use of the Service following the effective date of the updated policy constitutes your explicit acknowledgment, understanding, and acceptance of the new terms.