Privacy Policy
Website: visain.in Operated by: TravelRox ("we", "us", "our") Last updated: 20 March 2026 Effective date: 20 March 2026
1. Introduction
Welcome to VisaIn (visain.in). We are a visa application assistance platform operated by TravelRox. We help travelers apply for Indian e-Visas by collecting necessary information, processing payments, and submitting applications on their behalf.
This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and your rights regarding your data. By using our website and services, you agree to the practices described in this policy.
If you have questions about this policy or your data, contact us at [email protected].
2. Data Controller
TravelRox is the data controller responsible for your personal data processed through visain.in.
Contact for privacy matters:
- Email: [email protected]
- Website: visain.in
3. What Personal Data We Collect
3.1 Information You Provide Directly
When you use our visa application service, we collect the following categories of personal data:
Primary Contact Information:
- Full name (first name and last name)
- Email address
- Phone number
- WhatsApp number (optional)
Traveler Information (for each traveler in your application):
- Full name as it appears on passport
- Date of birth
- Nationality
- Passport number
- Any additional information required by the visa application form (such as address, occupation, travel history, and purpose of visit)
Minor Applicant Information: If you are applying on behalf of a minor (person under 18 years of age), we collect the same traveler information for the minor. By submitting an application for a minor, you confirm that you are the parent or legal guardian of that minor and have the authority to provide their personal data and consent to its processing.
Supporting Documents:
- Passport scan or photograph
- Passport-sized photograph
- Proof of financial means
- Invitation letters
- Any other documents required for the specific visa type
Payment Information:
- We do not directly collect or store your credit card or debit card numbers. All payment processing is handled by our third-party payment processor, Stripe. We receive and store:
- A unique customer identifier from Stripe
- Transaction reference numbers
- Payment amount and currency
- Payment status (successful, failed, refunded)
3.2 Information Collected Automatically
When you visit our website, we automatically collect:
Technical Data:
- IP address (collected at the time of checkout for consent verification)
- Browser type and version (user agent string)
- Device type
- Pages visited and time spent on each page
- Referring website
Cookies and Similar Technologies:
- Session cookies for website functionality
- Language preference cookies
- Analytics cookies (see Section 7 for details)
3.3 Information from Third Parties
We may receive the following data from our service providers:
- Payment confirmation and transaction status from Stripe
- Email delivery status (delivered, bounced, opened) from our email service provider
4. How We Use Your Personal Data
We process your personal data for the following purposes:
| Purpose | Data used | Legal basis |
|---|---|---|
| Processing your visa application | Name, DOB, passport number, nationality, supporting documents, contact details | Performance of contract |
| Processing payments | Payment transaction data, email, order details | Performance of contract |
| Communicating with you about your application status, required actions, and updates | Email address, phone number, name | Performance of contract |
| Sending transactional emails such as payment confirmations, application updates, and visa delivery | Email address, name, application details | Performance of contract |
| Verifying your identity when you check your application status (OTP verification) | Email address, visa reference number | Legitimate interest (security) |
| Preventing fraud and abuse including rate limiting, account lockout, and duplicate detection | IP address, email, phone number | Legitimate interest (security) |
| Recording consent for terms of service and privacy policy acceptance at checkout | IP address, user agent, timestamp | Legal obligation |
| Maintaining audit trails of administrative actions on your application | Application data, admin action logs | Legitimate interest (accountability) |
| Improving our services through analytics and website performance monitoring | Anonymised usage data, page views, device info | Consent (via cookie consent banner) |
| Advertising and remarketing (if you consent to marketing cookies) | Anonymised identifiers, conversion events | Consent |
We do not use your personal data for automated decision-making or profiling that produces legal effects concerning you. All visa application decisions are made by the relevant government authorities, not by our platform.
5. How We Store and Protect Your Data
5.1 Data Storage
Your personal data is stored on secure cloud infrastructure. Supporting documents (passport scans, photographs, etc.) are stored in encrypted cloud storage with access controlled through time-limited signed URLs that expire within minutes.
5.2 Security Measures
We implement the following security measures to protect your data:
- Encryption in transit: All data transmitted between your browser and our servers is encrypted using HTTPS/TLS
- Password security: Administrative accounts are protected with industry-standard bcrypt hashing with high cost factors
- Session security: HTTP-only, secure, and SameSite cookies prevent unauthorised session access
- Access control: Role-based access control (RBAC) ensures only authorised personnel can access your data
- Multi-tenant isolation: Your data is isolated from other websites operating on our platform
- Account lockout: Automatic lockout after repeated failed login attempts
- Rate limiting: API rate limiting prevents abuse and brute-force attacks
- Payment security: We never store your card details; all payment data is handled by PCI DSS-compliant Stripe
- Webhook verification: All incoming data from payment and email providers is cryptographically verified
- Document access: Uploaded documents are accessible only through temporary signed URLs, not permanent links
- Audit logging: All administrative actions are logged in an append-only audit trail
5.3 Data Breach Notification
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay, in accordance with applicable law.
6. Third-Party Service Providers
We share your personal data with the following trusted third-party processors, each operating under a Data Processing Agreement (DPA):
6.1 Stripe, Inc. (Payment Processing)
- Headquarters: United States
- Data shared: Email address, order amount, currency, transaction metadata (application ID, visa ID)
- Purpose: To process your payment securely
- Their privacy policy: https://stripe.com/privacy
- Note: Stripe is PCI DSS Level 1 certified. Your card details are processed entirely by Stripe and never touch our servers.
6.2 Twilio SendGrid (Email Delivery)
- Headquarters: United States
- Data shared: Email address, email content (application status updates, payment confirmations, OTP codes)
- Purpose: To deliver transactional emails about your application
- Their privacy policy: https://www.twilio.com/legal/privacy
- Email tracking: SendGrid may track email delivery status, opens, and clicks to ensure reliable delivery.
6.3 DigitalOcean, LLC (Document Storage)
- Headquarters: United States
- Data shared: Uploaded documents (passport scans, photographs, supporting documents)
- Purpose: To securely store your application documents in cloud storage
- Their privacy policy: https://www.digitalocean.com/legal/privacy-policy
- Access control: Documents are stored with private access and are only accessible through time-limited signed URLs.
6.4 Google (Analytics and Tag Management)
- Services used: Google Analytics 4, Google Tag Manager
- Data shared: Anonymised usage data, page views, device information, conversion events
- Purpose: To understand how visitors use our website and improve our services
- Their privacy policy: https://policies.google.com/privacy
- Opt-out: You can opt out of Google Analytics by declining analytics cookies via our cookie consent banner, or by installing the Google Analytics Opt-out Browser Add-on.
6.5 Meta Platforms, Inc. (Advertising)
- Service used: Meta Pixel (Facebook Pixel)
- Data shared: Anonymised page view events, conversion events (e.g., completed applications)
- Purpose: To measure the effectiveness of our advertising campaigns
- Their privacy policy: https://www.facebook.com/privacy/policy
- Opt-out: You can opt out by declining marketing cookies via our cookie consent banner, or through your Facebook Ad Settings.
6.6 Government Authorities
- Data shared: All information required for your visa application (name, passport details, date of birth, nationality, supporting documents, and any other information required by the visa form)
- Purpose: To submit your visa application to the relevant Indian government authorities for processing
- Note: Once submitted, the processing of your data by government authorities is governed by their own privacy policies and applicable laws.
We do not sell your personal data to any third party.
7. Cookies and Tracking Technologies
7.1 Cookies We Use
| Cookie | Type | Purpose | Duration |
|---|---|---|---|
| Session cookie | Strictly necessary | Maintains your session while using the website | Session (expires when browser closes or after inactivity) |
| Language preference | Strictly necessary | Remembers your selected language | Session |
| Cookie consent | Strictly necessary | Stores your cookie consent preferences | 12 months |
| Google Analytics | Analytics (requires consent) | Tracks website usage patterns anonymously | Up to 2 years |
| Meta Pixel | Marketing (requires consent) | Tracks conversions for advertising purposes | Up to 90 days |
7.2 Cookie Consent
When you first visit our website, you will see a cookie consent banner. You can choose to:
- Accept all cookies — enables analytics and marketing cookies
- Accept only necessary cookies — only functional cookies are set
- Manage preferences — choose which categories to enable
You can change your cookie preferences at any time through the cookie settings link in the website footer.
Analytics and marketing cookies are only activated after you provide consent, in compliance with applicable privacy regulations.
7.3 How to Disable Cookies
You can disable cookies through your browser settings. Please note that disabling strictly necessary cookies may affect website functionality. For more information on managing cookies, visit https://www.allaboutcookies.org.
8. International Data Transfers
Our service providers (Stripe, Twilio SendGrid, DigitalOcean, Google, and Meta) are headquartered in the United States. When your data is transferred to these providers, it may be processed outside of India.
These transfers are protected by:
- Standard Contractual Clauses (SCCs) approved by relevant data protection authorities
- Data Processing Agreements with each provider
- Appropriate security measures implemented by each provider (encryption, access controls, certifications)
Where required by the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023 (DPDP Act), we ensure that adequate protections are in place for any cross-border transfer of personal data.
9. Data Retention
We retain your personal data for the following periods:
| Data category | Retention period | Reason |
|---|---|---|
| Application data (name, passport, DOB, form answers) | Duration of the visa validity period plus 3 years, or until you request deletion | Legal and contractual obligation; to support reapplication and dispute resolution |
| Supporting documents (passport scans, photos) | Same as application data | Required for application processing and potential government inquiries |
| Payment records (transaction IDs, amounts) | 7 years from transaction date | Tax and accounting obligations |
| Email communication logs | 2 years from date of sending | Customer support and dispute resolution |
| Audit logs (administrative actions) | 7 years | Regulatory compliance and accountability |
| Analytics data | As per Google/Meta retention settings (up to 26 months) | Website improvement |
| Consent records (IP, timestamp, accepted terms) | 7 years | Proof of consent for legal compliance |
| Draft applications (not submitted) | Automatically deleted after the configured expiry period (typically 30 days) | No ongoing purpose |
After the retention period expires, your data will be securely deleted or anonymised.
10. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
10.1 Rights Under Indian Law (DPDP Act, 2023)
- Right to access — You may request confirmation of whether we process your data and obtain a summary of it.
- Right to correction — You may request that we correct inaccurate or incomplete personal data.
- Right to erasure — You may request deletion of your personal data, subject to legal retention requirements.
- Right to grievance redressal — You have the right to have your grievances addressed by our designated grievance officer.
- Right to nominate — You may nominate another person to exercise your data rights in case of your death or incapacity.
10.2 Rights Under GDPR (for EU/EEA residents)
If you are located in the European Economic Area, you additionally have the right to:
- Data portability — Receive your data in a structured, commonly used, machine-readable format
- Restriction of processing — Request that we limit how we use your data
- Object to processing — Object to processing based on legitimate interest
- Withdraw consent — Withdraw consent at any time for consent-based processing (this does not affect the lawfulness of processing before withdrawal)
- Lodge a complaint — File a complaint with your local data protection supervisory authority
10.3 How to Exercise Your Rights
To exercise any of these rights, contact us at:
- Email: [email protected]
- Subject line: "Data Privacy Request — [Your Name]"
We will respond to your request within 30 days. We may need to verify your identity before processing your request, which may require you to provide your visa reference number and the email address used in your application.
11. Children's Privacy
Our visa application services may be used by parents or legal guardians to apply for visas on behalf of minors (persons under 18 years of age).
- We do not knowingly collect personal data directly from children. All applications for minors must be submitted by a parent or legal guardian.
- By submitting an application for a minor, you confirm that you are the parent or legal guardian and consent to the processing of the minor's personal data as described in this policy.
- The personal data of minors is subject to the same security measures and retention policies as adult applicant data.
- Parents and legal guardians may exercise data rights on behalf of the minor by contacting us at [email protected].
If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that data promptly.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last updated" date at the top of this page
- Post the revised policy on this page
- For significant changes, notify you by email (if we have your email address) or through a prominent notice on our website
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.
13. Grievance Officer
In accordance with the Information Technology Act, 2000 and the rules made thereunder, the contact details of the Grievance Officer are:
Email: [email protected] Response time: We will acknowledge your grievance within 24 hours and resolve it within 30 days from the date of receipt.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Email: [email protected]
- Website: https://visain.in
This Privacy Policy was last updated on 20 March 2026.