The Visa Box Privacy Policy

Last Updated: June 16, 2025

Introduction: The Visa Box, LLC ("The Visa Box," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains what personal information we collect through our website (the "Site"), platform, and services (collectively, the "Services"), how we use and share that information, and your rights and choices regarding your information. This policy applies to all users of The Visa Box Site and Services worldwide, including users who access our platform from outside the United States. By using our Site or Services, you agree to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with our practices, please do not use the Site or Services.

This Privacy Policy is incorporated into and subject to our Terms of Use ("Terms"). Capitalized terms that are not defined in this Privacy Policy have the meanings given to them in the Terms of Use.

Please note: Our Site and Services are intended for adults (18+). We do not knowingly offer accounts or collect personal data from children under 13 years of age (or under 16 in certain jurisdictions) without parental consent, except as necessary when a parent or guardian provides a minor's information as part of an immigration application. See "Children's Privacy" below for more details.

1. Information We Collect

We collect various types of information from and about our users to provide and improve The Visa Box Site and Services. This includes information that you provide directly, information we collect automatically (e.g., through cookies and similar technologies), and information from third parties (such as payment processors or attorneys if you use premium services).

1.1 Information You Provide to Us

You may provide Personal Information directly to The Visa Box when you use our Site or Services, such as when you create an account, fill out immigration form questionnaires, upload documents, or contact us for support. "Personal Information" means any information that identifies, relates to, describes, or can reasonably be linked to an identifiable individual. The types of Personal Information you may provide include:

Account Registration Information: When you create an account, we may collect your name, email address, phone number, mailing address, and a password. If you sign up using a third-party account (if we offer that option, such as Google or Facebook), we may receive basic profile information from that provider (like your name and email).
Identification and Contact Details: We collect information that is typically required on immigration forms. This includes, for example, your full name, date of birth, country of birth, nationality, gender, marital status, phone number, and physical address. We may also collect government-issued identification numbers such as your Social Security Number (SSN) or Alien Registration Number, passport number, or driver's license number, when needed for certain forms.
Immigration Application Data: In order to populate immigration forms, we will ask for a wide range of information about you (and possibly about your family members or petitioners/beneficiaries, if applicable). Depending on the type of application, this may include: your current immigration status, employment history, educational background, family relationships (e.g., name of spouse or children), sensitive personal information such as your race or ethnic origin (sometimes requested on government forms), language proficiency, health or vaccination information (for certain visa types), criminal or offense history (if required for eligibility questions), and any other details required by U.S. immigration authorities. If you are preparing a petition for someone else (such as a family member), we will collect similar information about that person as needed.
Free-Form Inputs and Explanations: The platform may allow you to enter additional information or explanations in free text fields (for example, describing circumstances of a past incident, or additional details to supplement a form answer). We collect whatever information you choose to provide in these fields, which could include sensitive or special categories of data if you volunteer it.
Uploaded Documents: The Visa Box may allow or require you to upload supporting documents for your application (for instance, a scan of your passport, a marriage certificate, financial statements, or photos). These documents may contain personal data, including sensitive data. We will collect and store the documents you upload to provide the Service to you (such as to allow an attorney to review them in the premium plan, or to remind you if something is missing).
Communications with Us: If you contact us with questions, feedback, or customer support requests (via email, chat, phone, or otherwise), we will collect the information you choose to share. This may include your contact information and a record of the correspondence. If we provide chat support, we will keep a transcript of the chat. If you call us, we might record the call (we will notify you if we do so as required by law) or log the call date, time, and issues discussed.
Payment Information: When you pay for our Services, you will provide payment information. This typically includes your credit or debit card number, expiration date, CVV code, and billing address, or details for other payment methods (like PayPal account or bank account for ACH). We do not store full credit card numbers or bank account numbers on our systems; this financial information is collected and processed by our third-party payment processor. We may retain non-sensitive details like the card type, expiration, and last four digits for reference, and records of the payment transactions (amount, date, status).
Attorney-Client Communications (Premium Plan): If you use our premium plan, you may communicate with an attorney through our platform or via contact methods we facilitate. Those communications may include personal information about your case. While such communications are intended to be private between you and your attorney (and protected by attorney-client privilege), they may be stored on our systems to ensure you and the attorney can access them. The Visa Box will treat such information as highly confidential and will only access it as necessary for security, technical support, or as permitted by you or your attorney. We will never use privileged communications for any purpose other than providing the Service.

Important: You are responsible for ensuring the Personal Information you provide is accurate, truthful, and up-to-date. Inaccurate or incomplete information may affect our ability to provide the Services or could result in issues with your immigration forms. Providing false, inaccurate, misleading, or deceptive information, or failing to disclose information requested by The Visa Box or required to be included or disclosed on a USCIS or other government form, may lead to the denial of your application by the relevant government agency. The Visa Box shall bear no liability to you for any consequences arising from such actions. Please do not provide more personal data than is asked for; avoid including sensitive personal information in communications or uploads unless it is necessary for your immigration application.

1.2 Information We Collect Automatically

When you access or use The Visa Box Site and/or Services, we and our third-party analytics or advertising partners may automatically collect certain information about your device and usage of the Site and/or Services. This Usage Data helps us understand how our platform is used and improve it, and may include:

Device and Connection Information: We collect details about the device you use to access our Site and/or Services, such as your device's IP address (Internet Protocol address), device identifiers (e.g., MAC address or mobile ID), browser type and version, operating system, language preference, and your device model. We also note the type of Internet connection (e.g., Wi-Fi, cellular) and ISP or carrier.
Usage and Activity Information: We log information about your activity on our site or app, including the pages or screens you view, the dates/times of your visits, the links, buttons or features you click on, the forms you start or complete, your progress within a form, search queries you enter, and referral URLs (i.e., the page that led you to our site). We also track when and for how long you use the Site and/or Services, and other interaction information (such as errors encountered, performance metrics, and debugging information for troubleshooting).
Cookies and Similar Technologies: We use cookies, web beacons, and similar tracking technologies (explained in more detail in Section 2.3 below) to collect data about your interactions with our Site and/or Services. This can include your cookie identifiers, preferences, and other behavioral data. For example, we may use cookies to remember your login session so you don't have to re-enter your password on every page, and to track your navigation flow for analytics purposes.
Location Information: We may derive an approximate geographic location from your IP address (such as city and country). This is typically not precise and only gives general location. We do not request or track your GPS-based location through our Site and/or Services, but if you manually provide an address or location as part of your application, we will collect that as part of the provided info.

This automatically collected data, by itself, generally does not directly identify you by name or contact info. However, it may be linked or associated with other personal data that does identify you (such as when it's tied to your account), thereby making it personal information. We treat combined information as Personal Information. We collect Usage Data to maintain the security of the platform (e.g., detecting unusual logins), to analyze and improve our Site and Services (e.g., see which pages are confusing or slow), and to personalize your experience (e.g., remembering your preferences).

1.3 Cookies and Tracking Technologies

Cookies are small text files that websites send to your device to uniquely identify your browser or to store data or settings in your browser. The Visa Box uses cookies and similar tracking technologies to provide, customize, evaluate, and improve our Site and Services.

We may use the following types of cookies or trackers:

Essential Cookies: These are necessary for our website to function properly. For example, they allow you to log in, stay logged in as you navigate between pages, and ensure forms function as intended. Without these cookies, certain services you request (like accessing secure account areas or processing a payment) wouldn't be possible. Because they are necessary, these cookies are always on when you visit our site and cannot be turned off via our cookie banner (though you can block them in your browser settings, but that may break functionality).
Preference Cookies: These enable the site to remember choices you have made in the past, such as your selected language (e.g., Korean or English interface), or other settings so that we can present the site tailored to you.
Analytics Cookies: We use analytics tools (like Google Analytics) that set cookies to collect information about how users use our site. This information (such as pages visited, time spent, interactions) helps us understand user behavior and improve the platform. The data collected is generally aggregated and not intended to identify individual users. Google Analytics may collect information like your IP address; however, we have configured it in a way (where possible) to anonymize IP addresses. You can learn more about how Google uses data from sites or apps that use its services and how to opt-out at Google's site for privacy/analytics (https://policies.google.com/technologies/partner-sites).
Advertising Cookies: Currently, The Visa Box does not serve third-party ads on our site, so we do not directly use advertising cookies or pixels for third-party marketing. However, we may in the future engage in advertising campaigns on platforms like Google or social media, and those platforms might use cookies to measure ad effectiveness or to show our ads to relevant audiences. If that occurs, we will update this policy and provide appropriate disclosures and optout options. For now, any "advertising" related tracking would be limited to our own marketing efforts (e.g., a cookie to track conversions if we run an ad).
Third-Party Cookies/Plugins: Some features might incorporate content or scripts from thirdparty services (for example, a video player from YouTube, a chat widget, or a social media "share" button). These third parties may set their own cookies or similar tracking tech when you interact with those features. We do not control these cookies; they are governed by the privacy policies of the third parties.

Your Choices for Cookies: When you first visit our site, you might see a cookie notice or banner (if required by law in your region) allowing you to accept or adjust non-essential cookies. Even if not, you can usually control cookies through your browser settings. Most web browsers automatically accept cookies, but you can modify your browser setting to decline cookies or alert you when cookies are being sent. Check your browser's help documentation for instructions on how to delete or disable cookies. Please note: if you disable certain cookies, some parts of the Site or Services might not work properly (for instance, you might not be able to log in or your preferences might not be saved). We may also use other tracking technologies like web beacons (tiny graphics with a unique identifier, used to track email open rates or site usage), pixels, or local storage (which is similar to cookies, but stored on your device). These help us with analytics and understanding usage patterns. In this Policy, when we refer to "cookies," we also include these similar technologies.

2. How We Use Your Information

The Visa Box uses the collected information for various business and operational purposes. We will use your Personal Information only as described in this Privacy Policy or as disclosed to you at the time of collection (for example, via a just-in-time notice for a specific feature), and only for purposes that are compatible with those disclosed purposes. The primary purposes for which we use information include:

2.1 To Provide and Operate Our Services: We use the information you provide to create your account, to authenticate you when you log in, and to allow you to use our platform features. We process your immigration application data to generate completed forms and supporting documents based on your answers. For premium plan users, we use your info to facilitate attorney review and communications. We use contact details to send you service-related communications (like confirmation emails, alerts about your application status, or technical notices). If you schedule any appointments or calls through the platform, we use data to arrange those.
2.2 To Process Transactions and Payments: We use your payment information to process your Service Fee payments and any refunds (if applicable). This involves transmitting your payment details to our payment processor and receiving confirmation of payment. We also use contact info to send purchase receipts or invoices. If you are on a payment plan or subscription (if offered), we use saved payment details to charge recurring payments with your authorization.
2.3 To Communicate with You: We may send various communications, such as:
- Service and Support Messages: These include welcome emails, password reset emails, verification codes, announcements of new features relevant to your use, and responses to your inquiries. If something about the Site or Service changes (like an update to this Privacy Policy or Terms, or a known technical issue, or a security alert), we may notify you via email or in-app notification.
- Guidance and Reminder Messages: As part of our service, we might send you reminders (for example, "You started a form but haven't completed it" or "Your draft application is ready for review" or "Don't forget to upload your signed documents"). We might also send tips or general guidance related to the immigration process you're engaged in (these are meant to be helpful and related to the service you're using).
- Marketing and Promotional Content: If you have signed up for our newsletter or agreed to receive marketing communications, we may send you emails about new services, special offers, surveys, or other promotions. You can always opt-out of these as described below under Your Choices. (We do not spam; frequency of such communications is limited.)
2.4 To Provide Customer Support: We use information (which may include your communications with us and your user data) to assist you when you contact customer support. For instance, if you email us about a technical problem, we will use your provided info and possibly review your recent activity or error logs to troubleshoot the issue. If you ask for guidance on a form question, we might look at your saved answers (with your permission) to better assist. We may also use your feedback or support interactions to improve our support processes (for example, training our team or updating FAQs).
2.5 To Improve and Develop Our Site and Services: We use the Usage Data and analytics information to understand how our platform is used and where we can make improvements. This can include:
- Analyzing which parts of the application flow cause users confusion or drop-off, so we can refine the user interface or instructions.
- Tracking load times and error occurrences to improve site stability and performance.
- Conducting A/B testing or user experience research (which might involve using aggregated or anonymized data to test new features or layouts).
- Developing new services or features: e.g., using insight from user requests or behavior to create a feature like multi-language support (since we know many users may prefer guidance in Korean, Chinese, Tagalog, etc. as planned).
2.6 To Maintain Security and Prevent Fraud: We use data to keep our Site, Services and users safe. For example:
- Monitoring login locations and activity to detect suspicious logins or potential account compromise. If something seems off (like a login from a new country or many failed attempts), we might flag it or prompt extra verification.
- Using cookies and device identifiers to implement security features (e.g., to prevent cross-site request forgery or to throttle repeated malicious requests).
- Checking payment transactions for fraud indicators. Our payment processors might also screen for fraud, and we use their feedback.
- Detecting misuse of the platform or violations of our Terms (for instance, automated scraping or bots, or users inputting obviously false info repeatedly). We may use automated tools to block certain activities (like rapid form submissions that indicate a bot).
- If necessary, we will use information to investigate potential violations of law or our Terms, and to cooperate with law enforcement or regulatory requests (within the bounds of law and privacy).
2.7 For Legal Compliance: We may need to use your information to comply with applicable laws, regulations, legal processes or enforceable governmental requests. For example:
- Keeping records as required by immigration law or bar association regulations (if we partner with attorneys, they have record-keeping obligations).
- Handling data subject rights requests (as discussed later, like if you ask for a copy of your data or deletion, we use your data to fulfill that request).
- Disclosing information to government authorities if we receive a lawful subpoena or court order, or to report certain activities as required by law (though we aim to notify you when permitted).
2.8 To Personalize Your Experience: We might use data to tailor the Site and Services to you. For instance, if we know your preferred language is Korean, we show you content in Korean where possible by default. If you visited certain help articles, we might highlight related FAQs next time. We do not engage in extensive profiling or automated decision-making that produces legal or similarly significant effects without human involvement (the main "automated decision-making" we do is automatically formatting your answers into a form, which you then review).
2.9 Marketing and Advertising: As of now, The Visa Box's marketing efforts are limited. We might use your email to send promotional messages as described above (with opt-out available). We might also use certain data to create "lookalike" audiences or retargeting campaigns on advertising platforms - for example, using a hashed version of your email to find similar audiences on Facebook or Google, or to exclude existing users from seeing irrelevant ads. If we do this, we do not share your actual personal info with advertisers, and we comply with platform policies (and applicable law like CCPA's rules on "sharing" for cross-context behavioral ads, see below). You have choices as described below if you don't want to be included in such uses.
2.10 Other Purposes with Consent: If we want to use your information for a purpose not described in this Policy, we will seek your consent. For example, if we ever wanted to use a customer testimonial including personal info, or share your contact with a third-party partner for their marketing, we would ask you first. If you agree, you can later revoke your consent at any time.

We will not use your Personal Information in a way that is incompatible with the purposes for which it was collected without notifying you and obtaining your consent, as required by law.

3. How We Share Your Information

The Visa Box understands the importance of your personal information and we do not sell your personal data to third parties for money. However, we do share certain categories of information with third parties under specific circumstances, primarily to operate our business and Services. Here are the types of entities and reasons your information might be shared:

3.1 Service Providers ("Processors"): We use third-party companies and individuals to perform services on our behalf, and we may share your information with them as needed for them to perform their tasks. These service providers are bound by contractual obligations to keep personal information confidential and to use it only for providing services to us. Examples include:
- Cloud Hosting and Storage: We use secure cloud infrastructure providers (such as Amazon Web Services) to host our application and store data (including your personal information and uploaded documents) on servers in the United States. They technically have access to data for storage and backup, but they do not use your data for any other purpose.
- Payment Processors: As mentioned, we use third-party payment gateways (e.g., Stripe, PayPal, or similar) to handle payment transactions. They will receive your payment card details and personal identifiers needed to process the payment. They might also have anti-fraud algorithms that use data (like your IP or device info) to detect fraud. We share the necessary billing info with them and receive confirmation or failure details in return.
- Email and Communication Tools: We may use email service providers (like SendGrid, Mailchimp, or similar) to send out emails for us. If we send SMS, we might use an SMS gateway (like Twilio). These providers will process your contact info and message content as needed to deliver communications.
- Analytics and Performance Tools: We share certain Usage Data with analytics providers such as Google Analytics (see Cookies section). This helps us measure traffic and usage patterns. Google Analytics may receive information like your IP (anonymized if we configured it so), and events on our site. They aggregate this info to give us insights. Similarly, if we use error tracking or logging services (like Sentry, Datadog, etc.), they might get some data when an error occurs, to help us debug.
- Translation or OCR Services: If our platform uses any third-party translation APIs (e.g., Google Translate) or optical character recognition (OCR) services to convert uploaded documents, then any text needing translation or recognition might be sent to those services. We would do this securely and only to provide you the translation or data extraction functionality. (We will disclose in the app if real-time translation is being done by a third-party API.)
- Customer Support Tools: If we utilize a support ticketing system or CRM (customer relationship management) software to manage support inquiries, the info you provide in support requests (name, email, issue details) might be stored in that system (e.g., Zendesk, Freshdesk). These are used only to manage and respond to your inquiries.
3.2 Partner Attorneys and Law Firms: If you use the premium plan or any service that involves legal review or attorney consultation, we will share your relevant Personal Information and case details with the attorney or law firm assigned to your case. This is necessary for them to provide you with legal advice and to review/prepare your application. We limit what is shared to what is needed for the service (generally, everything you provided that is relevant to your immigration petition, and any supporting documents). The attorney is bound by professional ethical obligations to keep your information confidential. Additionally, we will likely have a business associate or referral agreement with them to ensure they use your info solely for your case. They will treat your data as attorney-client privileged wherever applicable. Keep in mind that once transferred to the attorney, your information is also governed by their privacy practices (though those should align with legal confidentiality). If you do not use a premium plan, no personal data is shared with any attorney by us (unless you separately request it or as required legally).
3.3 Authorized Third Parties at Your Direction: We will share your information with third parties if you specifically request or authorize it. For instance:
- If our platform offers an option to connect with an immigration non-profit or translator upon your request, we would send your contact or relevant info to them only with your permission.
- If you ask us to share case information with a family member, representative, or another person (perhaps you want your spouse to also have access), we would do so with explicit consent and appropriate verification.
- In future, if we integrate with government systems for e-filing (for example, if USCIS allows direct electronic submission via our platform and you choose to use that), we would transmit your data to the government system as instructed by you.
3.4 Government and Legal Disclosures: We may disclose information about you if required to do so by law or in a good-faith belief that such disclosure is necessary to:
- Comply with applicable laws, regulations, legal process (like a subpoena, warrant, or court order), or enforceable governmental request.
- Respond to claims or assertions that content you have provided violates the rights of third parties (for example, if there's an allegation that you submitted false information on a form and a law enforcement inquiry ensues).
- Protect the rights, property, or safety of The Visa Box, our users, our employees, or the public. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction.

We will attempt to notify you of any governmental demand for your information (for example, a law enforcement request) before we comply, if we are legally permitted to do so and if time allows, so that you can seek legal remedies. However, in some cases we may be prohibited from notifying you, or it may not be feasible.

3.5 Business Transfers: If The Visa Box is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information may be transferred as part of that transaction. For example, if another company acquires The Visa Box or its assets, personal data held by The Visa Box may be one of the assets transferred to the buyer. We will ensure that any such successor entity either continues to use your information in accordance with this Privacy Policy or provides notice of changes. Similarly, if we go through bankruptcy or insolvency, we may not be able to control how data is handled, but we will aim for any transfers to honor the promises made in this policy.
3.6 Affiliates: We may share your information with our current or future affiliates (for instance, if we establish subsidiaries, joint ventures, or other companies under common control). In such cases, those affiliates will honor the commitments in this Privacy Policy. For example, if The Visa Box later creates an affiliated company in another country to help process data or provide local support, we would share data with that affiliate as needed to run the service, under similar data protection standards.
3.7 Aggregated or De-Identified Data: We may share data that has been aggregated or deidentified such that it can no longer reasonably be used to identify an individual. For instance, we might publish or share statistics like "X% of our users applied for H1-B visas" or "The average time to complete Form I-130 on our platform is Y hours" or share generalized trends with researchers or policy advocates. This information will not contain personal identifiers or anything that can tie the data back to you. It is used for industry analysis, demographic profiling, marketing, or other purposes.
3.8 Third-Party Analytics and Advertising Partners: As discussed, we allow certain third parties to set cookies or use other tracking tech on our site for analytics (e.g., Google Analytics). They may receive information about your device and usage (as explained above). Additionally, if we engage in any advertising partnerships (like Google Ads or Facebook Pixel for retargeting), some of your data (like cookie identifiers or hashed email) might be shared for the purpose of serving our ads or measuring their effectiveness. We do not share your sensitive personal data for advertising. Any such sharing is typically covered by the term "share" under some privacy laws like the California Consumer Privacy Act (see below), and we would give you the right to opt-out of it. Currently, our use of these is limited, but we disclose this possibility for transparency.

We do not sell your personal information to data brokers or unrelated third parties for their own marketing. We do not share your information with third parties for them to contact you for their own purposes, unless you have given consent (e.g., you check a box saying "I would like to be contacted by [Partner Org] for additional services").

4. Children's Privacy

No Use by Minors: Our Site and Services are not directed to children under the age of 13, nor do we knowingly collect personal information from children under 13. If you are under 13, please do not attempt to register for an account or send any personal information about yourself to us. If we learn that we have inadvertently collected personal information from a child under 13 without appropriate consent, we will delete that information as quickly as possible.

Minors 13-17: As stated in our Terms, individuals under 18 are not supposed to use the Site or Services on their own. We do understand, however, that information about minors will sometimes be provided by their parents or legal guardians as part of an immigration application (for example, a parent might use The Visa Box to prepare a visa petition for their 10-year-old child, which would involve providing the child's personal data on the forms). In such cases, we treat the minor's information with the same security and privacy considerations as we do for adults, and we rely on the parent/guardian to have provided that information knowingly and with the appropriate authority.

If you are a parent or guardian using our Site and/or Services on behalf of a minor, by providing the minor's personal information you consent to our processing of that information as described in this Privacy Policy. We will not use a minor's data for any purpose not related to the service requested (we won't send marketing emails to a 10-year-old, for example, even if their email was provided).

Parental Rights: If you are a parent or guardian and you believe we might have collected personal information from your child (under 13) inappropriately or without your consent, please contact us immediately at atty@thevisabox.com. We will promptly investigate and, if applicable, remove the information and terminate the child's account.

5. International Users and Data Transfers

The Visa Box is based in the United States, and the majority of our data processing occurs in the U.S. By using our Site or Services from outside the U.S., you consent to the transfer and storage of your personal information in the United States and possibly in other countries (for example, if we use cloud providers or service providers based outside the U.S.). If you do not agree, please refrain from using our Site or Services. The data protection and privacy laws of the United States or those other countries may not be as comprehensive or protective as the laws in your country of residence.

However, we take steps to ensure that your privacy is protected consistent with this Policy wherever your data is processed:

Legal Basis for Transfer (EU/EEA/UK/Switzerland Users): If you are in the European Economic Area (EEA), United Kingdom, Switzerland, or another region with laws governing data collection and use that differ from U.S. law, please note that we rely on legal bases to transfer your personal information. These legal bases may include:
- Performance of a Contract: We transfer and process your data in the U.S. because it is necessary to provide you with the Services you requested (fulfilling our contract with you). For example, our servers (in the U.S.) must process your answers to generate forms.
- Your Consent: In some cases, we may ask for your explicit consent to transfer your data to the U.S. If you provide information to use our Site or Services, you are effectively consenting to the transfer, storage, and processing of your personal data in the U.S. as described in this Policy.
- Legitimate Interests: We may transfer data for our legitimate interests, such as routine business operations, administration of the Site and/or Services, etc., in a manner that doesn't outweigh your privacy rights.
- Other Safeguards: We may implement standard contractual clauses or rely on other lawful mechanisms for international data transfers as required by applicable law.
Service Providers in Other Countries: Some of our service providers might process data outside the U.S. (for example, an analytics provider might use servers in Europe or Asia, or customer support might be handled by a team in another country). When we engage providers outside the U.S., we ensure they commit to appropriate safeguards to protect your information. If they process EEA/UK user data, we will have EU standard contractual clauses or an equivalent legal transfer mechanism in place.
Philippines / Korea / Other Regions: If we expand Services targeted to specific countries (e.g., Korean language support might involve team members or servers in Korea) or if you access from those countries, note that your data could pass through or be stored in those regions as well. We will adhere to any country-specific requirements (for example, if Korean law requires consent for certain collection, we will obtain it).
Your Consent to Transfer: By using The Visa Box Site and/or Services, or by providing us with any information, you explicitly consent to the transfer and processing of your personal information in the United States and other jurisdictions as described. You understand that your data may be subject to lawful requests by courts or authorities in those jurisdictions, and we may be required to disclose data to them under local law.

If you have questions about our international data practices or need more information about transfer mechanisms, you can contact us (see Contact Us section below).

6. Your Rights and Choices

You have certain rights and choices regarding your personal information. Depending on your location and subject to applicable law, your rights may include:

6.1 Access and Correction

Access Your Information: You have the right to request access to the personal information we hold about you. This includes asking for a copy of the data, and/or information about how we use it, who we share it with, and how long we keep it.
Correction (Rectification): We strive to keep your information accurate and up-to-date. If you notice that any of your personal data is incorrect or incomplete, you have the right to request that we correct or update it. Much of your basic account and profile data can be updated directly by you through your account settings (for instance, you can log in and change your contact info). For other corrections, you can contact us.

To exercise access or correction rights, please contact us at atty@thevisabox.com with the subject line "Data Access Request" or "Data Correction Request" (or similar wording). We will need to verify your identity (for example, by confirming control of your account email or other identification) before fulfilling such requests, to protect your privacy.

6.2 Deletion (Right to Erasure)

You may have the right to request that we delete your personal information. This is also known as the "right to be forgotten." You can request account deletion through your account settings if that feature is available, or by contacting us directly. Please note:

We will honor deletion requests for personal data that we are not obligated to retain. We will remove or anonymize your personal information from our active systems and backups within a reasonable time, in accordance with applicable laws.
We may retain certain minimal information as required by law or for legitimate business purposes permitted by law. For example, we might retain a record of transactions for financial reporting, or information necessary to comply with a legal obligation or resolve disputes. We will also keep information if needed to enforce our agreements or to complete any obligations to you (for instance, if you asked for a refund, we would keep data until that's resolved).
Removed data may persist in archival backups for a short period, but we have processes to eventually delete or anonymize it after a retention period.

If you request deletion of your data, understand that this is irreversible. If you later need the data (like a copy of your completed forms), we won't have it. We recommend downloading any important documents before deletion.

6.3 Portability

In certain jurisdictions (e.g., EU under GDPR), you have the right to data portability - meaning you can request a digital copy of personal data you provided to us in a commonly used, machine-readable format, and you can ask that we transmit it to another controller (where technically feasible). For example, you might want your account data in a JSON or CSV format. This generally applies to data we process by automated means based on your consent or a contract. If you need such data, contact us and we'll do our best to accommodate.

6.4 Withdraw Consent

Where we rely on your consent to process personal information, you have the right to withdraw your consent at any time. For instance, if you gave explicit consent for a use of data or to receive marketing emails, you can withdraw it. Withdrawing consent will not affect the lawfulness of any processing we already conducted based on your prior consent.

Marketing Communications: Every marketing email from us will include an "unsubscribe" link. You can click that to opt out of further marketing emails. Please note it might take a short time to process (you may receive one final email if it was already queued). You can also email us at atty@thevisabox.com to be removed from marketing lists.
Cookies/Tracking: For withdrawing consent to analytics or advertising cookies, you can adjust your preferences on our cookie banner (if provided) or use browser controls to clear cookies. You can also use tools like the Google Analytics Opt-Out Browser Add-on if you want to prevent Google Analytics from collecting data in your browser.
If you withdraw consent for a certain data processing that is necessary for the Service (for example, if you withdraw consent for us to use sensitive info needed for a form), we will inform you if that means we can't provide the Service.

6.5 Objection and Restriction

Right to Object: In some jurisdictions, you may have the right to object to our processing of your personal data if that processing is based on our legitimate interests or for direct marketing. For example, you can object to us using your data for marketing profiling - we would then stop unless we have compelling legitimate grounds not overridden by your interests or it's for legal claims. If you object to direct marketing processing, we will cease processing your data for those purposes.
Right to Restrict Processing: You have the right to request that we restrict processing of your personal information in certain circumstances - e.g., while we verify your data's accuracy after you contest it, or if the processing is unlawful but you prefer restriction over deletion. Restriction means we would store your data but not actively process it (other than keeping the restriction in place) until the issue is resolved.

6.6 California Privacy Rights

If you are a California resident, you have specific privacy rights under the California Consumer Privacy Act (CCPA) (as amended by the California Privacy Rights Act, effective 2023) and similar laws in other U.S. states. These may include:

Right to Know: You can request that we disclose what personal information we have collected about you in the past 12 months, including the categories of personal info, the sources, the purposes for collecting it, and the categories of third parties with whom we shared it. You can also request the specific pieces of personal information we collected about you (which is similar to the access right above).
Right to Delete: You can request deletion of your personal information (with similar limitations as described above).
Right to Correct: You can request that we correct inaccurate personal information we hold about you.
Right to Opt-Out of "Sale" or "Sharing": The CCPA broadly defines "sale" as disclosing or making available personal info to a third party for monetary or other valuable consideration, and "sharing" as disclosing for cross-context behavioral advertising. The Visa Box does not sell personal information for money. We also do not share personal information for targeted advertising in a way that involves your identifiable data being disclosed to third-party advertisers. If in the future we engage in any activity that could be deemed a "sale" or "sharing" under CCPA (for example, allowing an advertising network to collect certain info like cookies on our site to improve our marketing), we will provide a clear "Do Not Sell or Share My Personal Information" link or mechanism for you to opt out. Currently, to our knowledge, we have no arrangements that qualify as "selling" personal info.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights. This means we won't deny you services, charge you a different price, or provide a different quality of service just because you made a privacy rights request. However, please note that if the exercise of your rights (such as deletion) means we cannot provide a certain service (for example, we can't fill out forms without your personal data), that's a consequence of the request, not discrimination.
Shine the Light (California Civil Code § 1798.83): California's "Shine the Light" law allows users who are California residents to request certain information about our disclosure of personal info to third parties for their direct marketing purposes in the preceding calendar year. We do not share personal info with third parties for their own direct marketing, but if you want to make such an inquiry, you can reach out.

How to Exercise California/State Rights: To exercise any applicable privacy rights (Right to Know, Delete, etc.), please contact us by email at atty@thevisabox.com or via mail at the address in the Contact Us section. Please include your full name, contact information, and a detailed description of your request. We will take steps to verify your identity (such as confirming details we already have like your email or recent activity) before fulfilling requests. You may also designate an authorized agent to make a request on your behalf; we'll need proof of that agent's authority and verification of your identity.

Response Time: We will make reasonable efforts to respond to your request within the time period required by applicable law. If additional time is needed to complete our response, we will notify you within the legally prescribed timeframe, indicating that an extension is necessary and stating the reason for the delay.

Other U.S. States: If you are a resident of other states with privacy laws (such as Virginia, Colorado, Connecticut, Utah as of 2023, etc.), your rights will be substantially similar to those listed for California (e.g., access, deletion, correction, opt-out of certain data uses). We will endeavor to respect those rights similarly. Feel free to reach out with any specific state law references and we will comply as required.

6.7 European/International Rights

If you are in the EU, UK, or other regions with comprehensive privacy laws, your rights include those already mentioned (access, rectification, deletion, objection, restriction, portability, withdraw consent) and potentially:

Right to Object to Automated Decision-Making: We do not engage in solely automated decision-making, like profiling, that has legal or similarly significant effects on you. If we ever do, you would have the right to object or demand human review.
Right to Lodge a Complaint: If you believe we have infringed your data protection rights, you have the right to lodge a complaint with a supervisory authority (like a Data Protection Authority in the EU, or the ICO in the UK). We ask that you please try to resolve any issue with us first, as we are committed to respecting your rights.

We will honor all such rights to the extent required by applicable law and within the timeframes provided by law. Some rights may not apply universally (for example, GDPR rights apply to EU residents, CCPA rights to CA residents, etc.), but we aim to provide a baseline of privacy respect to all our users.

If you have any questions about your rights or how to exercise them, you can always reach out to us at atty@thevisabox.com.

7. Data Retention

How long do we keep your information? We retain personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

If you have an account with The Visa Box, we will retain your account information and the data associated with your immigration forms for as long as your account is active or as needed to provide you with our Services. This allows you to return to your saved application or access records of past applications.
If you choose to delete your account or if your account becomes inactive for an extended period, we may start the process of deleting or anonymizing your information. Prior to deleting an inactive account, we may attempt to contact you (if required or appropriate), but we are not obligated to do so. However, please note we may retain some information from deleted or inactive accounts to comply with legal obligations or for legitimate business purposes (like addressing fraud, resolving disputes, or enforcing agreements).
We retain transactional records (payments, invoices) and certain communications as needed for financial reporting, audits, and compliance (typically for at least the duration required by tax and accounting laws, e.g., 7 years in some jurisdictions).
We retain support communications and emails for a period of time to ensure we have a history of your interactions and can follow up appropriately, as well as to train and improve customer service.
For legal and compliance reasons: If we are obligated to retain certain data (such as records of consents, opt-out requests, or data necessary for a legal claim or defense), we will keep that data for the required period (which could be up to the statute of limitations duration).
When we no longer have a legitimate need or legal obligation to retain your personal information, we will securely delete or anonymize it. If deletion or anonymization is not feasible (for example, because your data is stored in backup archives), then we will securely store your personal info and isolate it from further processing until deletion is possible.
In terms of specific content: Uploaded documents you provide (like scans of passports) will typically be retained as long as your account exists, so you can reuse or download them for future forms. If you delete your account or specific documents, we will remove them from active systems promptly.
Case-Specific Retention (Unsubmitted Cases): For each application or petition, we generate a case file (each, a "Case"). For Cases that have not yet been completed and submitted to us, we retain the Case—and all associated information and uploaded materials (e.g., scans of your documents)—for up to thirty (30) days if the related service product is unpurchased, and for up to one (1) year if purchased, during periods of inactivity. Upon expiration of the applicable retention period, we may begin deleting or anonymizing the information in the Case. As a courtesy, we may provide notice before deleting an inactive Case; however, no notice is required. If a purchased Case is deleted due to extended inactivity, any amounts paid are forfeited and are not eligible for a refund.
Note that even after you've deleted your data or closed your account, search engines and other parties might retain copies of certain public information (if you ever shared something publicly through us, though our service doesn't really have public social content) or earlier communications, to the extent that's outside of our control.

8. Security Measures

The Visa Box takes the security of your personal information seriously. We implement a combination of administrative, technical, and physical security measures designed to protect your information from unauthorized access, disclosure, alteration, and destruction. Some of the security practices we follow include:

Encryption: We use industry-standard encryption protocols to protect data in transit. This means that when you enter personal information on our site (for example, filling out forms or making a payment), the data is encrypted using Transport Layer Security (TLS) (often indicated by the "https" in your browser's address bar). We also encrypt sensitive data at rest in our databases (especially highly sensitive fields like SSN or passport numbers, which may be encrypted or tokenized).
Access Controls: We restrict access to personal information to authorized employees, contractors, and service providers who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations. Staff access to user data is limited and monitored. For instance, our customer support may only access your data when you have a query that requires it, and even then, they might have only partial access (e.g., they might see your form answers but not your full credit card info, since we don't store that).
Authentication: Our systems require user authentication to access an account. We encourage you to use a strong, unique password for The Visa Box account. We also plan to offer two-factor authentication (2FA) as an additional security step at login. Internally, we use secure authentication and logging for admin access to systems.
Network and Application Security: We maintain firewalls and network monitoring to protect our external facing systems. We keep our software and infrastructure updated with security patches. We employ tools for intrusion detection and prevention. Our website is regularly tested for common vulnerabilities (like SQL injection, XSS, etc.). We may also engage third-party security experts to perform penetration testing or code reviews periodically.
Data Backups: We perform regular backups of critical data to ensure resilience. Backups are encrypted and stored securely. In case of a data incident, we can restore from these backups to minimize data loss.
Employee Training and Policies: We have internal policies regarding data protection and require our employees to adhere to high standards of confidentiality. Employees with access to personal data undergo privacy and security training. We also have incident response plans if a breach occurs.
Payment Security: Our payment processing adheres to PCI-DSS (Payment Card Industry Data Security Standard) through our payment processor. We do not store sensitive card data on our systems, as noted.
Physical Security: Our servers are in secure data centers which employ physical security controls (like guards, access badges, monitoring, etc.). While we primarily use cloud services, those cloud providers also have robust physical security measures for their data centers.

Despite all these measures, it's important to note that no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of your data. There is always some risk that your information could be misused by unauthorized third parties due to factors beyond our control (for example, zero-day exploits, or if you have a malware-infected device). Therefore, you should also take care with how you handle and disclose your personal information.

Account Security Advice: You are responsible for keeping your login credentials confidential. Do not share your password with anyone. Use a complex password and change it periodically. If you suspect any unauthorized access to your account, notify us immediately. Also, make sure you log out of your account when using a shared device and avoid using public computers for sensitive transactions.

Data Breach Procedures: In the event of a data breach that affects your personal information, The Visa Box will act promptly to mitigate the breach and comply with any notification obligations. This may involve notifying affected users and relevant regulatory bodies within the timeframes required by law, and providing information on steps users should take to protect themselves.

9. Third-Party Links and Services

Our Site and Services may contain links to websites or services that are operated by third parties (for example, a link to USCIS's website for additional resources, or a YouTube video explaining a visa process, etc.). This Privacy Policy does not apply to those third-party sites or services, and any information you provide or is collected by those third parties is subject to their own privacy policies, not ours.

For instance:

If you click a link on our site that takes you to an external blog or news article, any data you provide on that site is governed by that site's privacy practices.
If as part of our Site and/or Services we integrate a maps API (say Google Maps to help enter addresses) or a language translation widget, your interactions with those features may be governed by the third party providing them.

We encourage you to review the privacy policies of every third-party website or service that you visit or interact with.

The Visa Box is not responsible for the privacy practices or content of third-party websites. However, if you have an issue involving a third-party integration on our Site or Service (for example, you believe a third-party tool within our platform is improperly handling data), please let us know and we will investigate or help facilitate a resolution if we can.

10. Updates to this Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will update the "Last Updated" date at the top of this policy. If the changes are significant, we will provide a more prominent notice (such as on our website's homepage or via email notification).

Your continued use of The Visa Box Site and/or Services after the effective date of a revised Privacy Policy constitutes your acceptance of the updated terms. If you do not agree to the changes, you should stop using the Site and/or Services and, if necessary, delete your account or exercise your rights as described.

We encourage you to periodically review this Privacy Policy for the latest information on our privacy practices.

For any material changes, if required by law, we will seek your consent (for example, if a new use of data requires consent).

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or about how your personal information is handled, please contact us:

The Visa Box, LLC - Privacy Team
Attn: Privacy Officer
3435 Wilshire Blvd., Ste. 1035, Los Angeles, California 90010, USA
Email: atty@thevisabox.com

We will do our best to respond promptly to your inquiries. For security and privacy, we may ask you to verify your identity or request before disclosing or discussing personal data specifics.

If you need to contact our Data Protection Officer (if one is appointed) or an equivalent privacy representative, you can use the contact information above and address your inquiry to the Data Protection Officer.

Additional Contacts:

For DMCA/Copyright issues: info@thevisabox.com (Attn: DMCA Agent).
For legal notices or service of process, please mail to our physical business address (which will be provided upon request if not listed here) and email a copy to atty@thevisabox.com for expediency.

Thank you for entrusting The Visa Box with your immigration application process. We value your privacy and are committed to safeguarding your personal information as you use our Site and Services. If you have any questions about this policy or your privacy with us, do not hesitate to reach out. Safe travels on your immigration journey!