Privacy Policy

Veesa ("Veesa", "we", "us", "our") is committed to protecting your privacy and safeguarding your personal data. This Privacy Policy outlines how we collect, use, store, and share your personal information when you use the Veesa mobile application and website.

Veesa is a UK visa and immigration companion app designed to help immigrants navigate life in the United Kingdom. We process your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using our services, you acknowledge our collection, use, and retention of your personal information as described in this Policy. If you do not agree with these terms, please do not use our services.

Veesa is the data controller responsible for your personal data. If you have any questions about this Policy or how we handle your data, please contact us at privacy@veesa.org.

We collect only the minimum information necessary to provide our services:

Information you provide directly:

• Email address (via Google or Apple Sign-In)
• First name or display name (for personalisation only)
• Visa type (e.g. Skilled Worker, Student)
• Visa start and expiry dates
• Nationality
• Employment status and industry

Information collected automatically:

• Device type and operating system
• App usage analytics (anonymised)

Payment information:

• Payments are processed securely by Stripe. We do not store your card number, CVV, or full payment details. We retain only a Stripe customer ID and transaction records for accounting purposes.

We are committed to collecting only non-identifiable data. We will never ask for or collect:

• Your legal name or full name
• BRP (Biometric Residence Permit) number
• Passport number or details
• Share code or right to work code
• National Insurance number
• Home address or precise location data

We use your personal data for the following purposes:

• To provide and maintain the Veesa app and its features
• To personalise your experience (e.g. visa countdown, relevant pathways)
• To process payments for premium features (e.g. vehicle checks)
• To send you visa expiry reminders and important immigration updates
• To improve our services based on anonymised usage patterns
• To comply with legal obligations

Under UK GDPR, we process your personal data on the following legal bases:

• Consent: You provide your data voluntarily during registration and onboarding.
• Contract: Processing is necessary to provide you with our services.
• Legitimate interest: To improve our services and ensure platform security.
• Legal obligation: To comply with applicable UK laws and regulations.

We share data with the following third-party services, each governed by its own privacy policy:

• Firebase (Google): Authentication services (Google Sign-In).
• Apple: Authentication services (Sign in with Apple). Apple may provide a private relay email address.
• Convex: Our backend database provider, hosted securely in the cloud.
• Stripe: Payment processing for premium features. Stripe handles all card data in compliance with PCI DSS.
• DVLA / GOV.UK APIs: Vehicle and sponsor data queries. We do not share your personal data with these services.

We do not sell your personal data to any third party.

Your data is stored securely on Convex's cloud infrastructure. We implement appropriate technical and organisational measures including:

• Encrypted data transmission (HTTPS/TLS)
• Secure authentication via OAuth 2.0 (Google and Apple)
• No storage of sensitive credentials on your device
• Regular security reviews of our codebase and infrastructure

We retain your personal data for as long as your account is active or as needed to provide you with our services. If you delete your account:

• Your user profile and associated data will be permanently deleted from our database.
• For Apple Sign-In users, we revoke the authentication token so Veesa is removed from your Apple ID settings.
• Payment records may be retained for up to 7 years for accounting and legal compliance.
• Anonymised, aggregated data may be retained for analytics purposes.

Under UK GDPR, you have the following rights:

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Request correction of inaccurate or incomplete data.
• Right to erasure: Request deletion of your personal data.
• Right to restrict processing: Request that we limit how we use your data.
• Right to data portability: Request your data in a structured, machine-readable format.
• Right to object: Object to processing based on legitimate interest.
• Right to withdraw consent: Withdraw your consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal.

To exercise any of these rights, contact us at privacy@veesa.org. We will respond within 30 days.

Veesa is not intended for use by children under the age of 16. We do not knowingly collect personal data from children.

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. Continued use of Veesa after changes constitutes acceptance of the updated Policy.

For questions or complaints about this Privacy Policy, contact us at:

Email: privacy@veesa.org

You also have the right to lodge a complaint with the ICO at ico.org.uk.