Skip to main content
findmyvisa

Privacy

Privacy policy

How we handle your personal data under UK GDPR. The free tools never see your documents; the paid Schengen review service handles them securely and deletes them after your review.

Last updated

The short version

  • Free tools (bundler, compressor, checklist) run entirely in your browser. We never receive or see those documents.
  • The paid Schengen review service does receive the documents you choose to upload (e.g. passport, bank statements). They go directly to encrypted storage, are used only to review your application, and are deleted after your review (and in any case within 30 days).
  • Payments are handled by Stripe. We never see or store your card details.
  • Privacy-first analytics (Plausible and Vercel Web Analytics) — aggregate, cookieless, no advertising trackers.

Who we are (data controller)

findmyvisa.co.uk is operated by WayaNerd Ltd, a company registered in the United Kingdom, which is the data controller for the purposes of UK GDPR and the Data Protection Act 2018. Contact: hello@findmyvisa.co.uk.

The free tools — browser-only

When you use the bundler, compressor or checklist generator, your browser reads the file directly into memory (the Web File API) and processes it locally with pdf-lib / pdf.js. The result is built in your browser and saved to your device. At no point is that file content sent to our servers, a third-party API, or any cloud storage.You can verify this in your browser’s Network tab.

The paid Schengen review service

If you purchase a Schengen application review, we process the following so we can deliver the service you’ve paid for:

What we collect

  • Intake details you provide: your name, email, nationality, destination country, travel dates, and the tier purchased.
  • Documents you choose to upload for review — which may include your passport, UK BRP/visa, bank statements, travel itinerary, insurance, and employment or study evidence. These may contain personal and financial data, and potentially data that reveals special-category information.
  • Payment metadata from Stripe (a payment reference and your email) — never your card number.

Why (lawful basis)

  • Performance of a contract (UK GDPR Art. 6(1)(b)) — to provide the review you requested.
  • Your explicit consent for processing the contents of documents you upload, where those reveal sensitive information. You provide this by choosing to upload them for review, and you can withdraw it at any time by asking us to delete them.

How your documents are handled

  • They are uploaded directly from your browser to encrypted storage (Amazon S3, in the UK / London region) using a one-time, payment-verified link. The files do not pass through, and are not logged by, our website.
  • They are encrypted at rest (AWS KMS) and in transit (TLS), stored privately, and accessible only to our reviewer to carry out your review under strict, least-privilege access controls with audit logging.
  • They are deleted as soon as your review is complete, and automatically within 30 days regardless, by an enforced retention rule. We keep your order record (not the documents) only as long as needed for accounting and dispute resolution.

Payments

Payments are processed by Stripe. We never receive or store your card details. Stripe acts as an independent controller/processor for payment data under its own privacy policy. You pay us a single all-in amount, and we pay the consulate visa fee, the visa-centre service fee and your travel insurance on your behalf, as disbursements— we don’t add a margin to those pass-through costs.

Lodging your application (sharing with third parties)

To run your application for you, we share the personal data and documents you provide with the parties needed to lodge it — the relevant consulate or embassy, the visa application centre (VFS Global, TLScontact, BLS or GVC) and the travel-insurance provider. We share only what each needs for your application, on the basis of performing our contract with you and your explicit consent. We never sell your data or share it for advertising.

Newsletter / rule-change alerts

If you opt in to rule-change alerts, we store your email address with Brevo (our email provider) on the basis of your consent, and use it only to send those alerts. Every email includes a one-click unsubscribe, and you can ask us to delete you at any time.

Analytics

We use Plausible and Vercel Web Analytics — both privacy-first and cookieless. They record aggregate page views and event counts (page, anonymised country, browser, device). They do not fingerprint you or build an advertising profile, and we don’t use Google Analytics, advertising pixels, or third-party ad networks.

Who processes data for us (sub-processors)

  • Vercel — website hosting + analytics.
  • Amazon Web Services (AWS) — encrypted document storage and the orders database, in the UK (London) region.
  • Stripe — payment processing.
  • Brevo — newsletter email (if you opt in).

Each is contractually bound to protect your data. Documents for the paid review are stored in the UK. Some other providers (e.g. Stripe, Brevo, Vercel) may process limited data outside the UK under appropriate safeguards (UK adequacy regulations or Standard Contractual Clauses).

Your rights under UK GDPR

You have the right to:

  • Access a copy of the personal data we hold about you
  • Have inaccurate data corrected, or your data erased
  • Restrict or object to our processing
  • Data portability
  • Withdraw consent at any time (e.g. ask us to delete your uploaded documents)
  • Complain to the Information Commissioner’s Office (ICO)

Email hello@findmyvisa.co.uk and we’ll respond within one month.

Cookies

We use no advertising or tracking cookies. Our analytics are cookieless. See our cookies page for the current list.

Changes to this policy

Substantive changes will be reflected by an updated “Last updated” date above. If we begin processing a category of data not covered here, we will say so prominently.