GDPR & CCPA Compliant

Privacy Policy

Effective: October 28, 2025·Last updated: October 28, 2025·Jurisdiction: Delaware, USA

At SwiftPass, your privacy is paramount. This policy explains how we collect, use, protect, and share your personal information when you use our visa application services. We are committed to full transparency.

GDPR Compliant
CCPA Compliant
SOC 2 Type II
ISO 27001
PCI DSS Level 1
256-bit Encryption

Section 01

Information We Collect

Personal Information

To process your visa application, we collect:

  • Full name, date of birth, nationality, and passport details
  • Contact information — email address, phone number, and mailing address
  • Travel details — destination country, travel dates, and purpose of visit
  • Financial information for payment processing only (never stored in full on our servers)
  • Supporting documents — passport scans, photographs, proof of accommodation, financial statements, and any other embassy-required documents

Automatically Collected Usage Data

When you visit our platform, we automatically collect:

  • IP address and approximate geolocation (used solely for currency and language preferences)
  • Browser type, device model, and operating system
  • Pages visited, time on page, and navigation patterns
  • Referral source and search terms that led you to our platform
  • Cookies and similar tracking technologies (see Section 07)

Section 02

How We Use Your Data

We process your personal information under the legal bases of contractual necessity, legitimate interest, and consent (where applicable). Specifically, we use your data to:

Process Your Visa Application

Submit your documents and application to the relevant embassy, consulate, or visa processing authority on your behalf.

Communicate Application Status

Send transactional emails and notifications about your application progress, document requests, and important deadlines.

Improve Our Service

Analyze aggregated usage patterns to identify friction points, enhance UX, and improve success rates.

Fraud Prevention

Detect and prevent fraudulent transactions, identity theft, and abuse of our platform.

Legal Compliance

Meet applicable regulatory requirements and respond to lawful government or legal requests.

Marketing (with explicit consent)

Send promotional emails about visa tips, destination guides, and SwiftPass updates. You may opt out at any time via the unsubscribe link.

Section 03

How We Share Your Information

We do not sell, rent, or broker your personal data to third parties. Period.

Government & Immigration Authorities

Your visa application and supporting documents are submitted to the relevant embassy, consulate, or immigration authority. This is the core service you purchase and is required to process your visa.

Trusted Service Providers

We work with carefully vetted third-party partners. Each partner is contractually bound to strict data protection standards and undergoes regular security audits:

Payment Processing — DPO Pay, M-Pesa, Stripe & PayPal

PCI DSS Level 1 compliant processors. We never store your full card details. All payment data is end-to-end encrypted and tokenized before transmission.

Cloud Infrastructure — Supabase (AWS)

SOC 2 Type II and ISO 27001 certified hosting with 256-bit AES encryption at rest and in transit. Primary data centers in the United States with geo-redundant backups.

Transactional Email — SendGrid (Twilio)

Delivers application status updates, confirmations, and support replies. All messages are transmitted over TLS with encryption at rest.

Analytics — Google Analytics (anonymized)

IP addresses are masked. No personal identifiers are transmitted. You may opt out via browser extension or our cookie settings panel.

Legal Requirements

We may disclose your information if required by law, valid court order, regulatory authority, or to protect the rights, property, or safety of SwiftPass, our users, or the public. We will notify you of such disclosure where legally permitted.

Section 04

Security Measures

We implement multiple overlapping security layers to protect your sensitive data:

256-bit AES Encryption

Military-grade encryption for all data at rest and in transit — the same standard used by banks, government agencies, and the US Department of Defense.

SOC 2 Type II Certified

Independently audited security controls covering security, availability, processing integrity, confidentiality, and privacy. Audits conducted annually by third-party firms.

GDPR & CCPA Compliant

Full compliance with EU General Data Protection Regulation and California Consumer Privacy Act. We maintain a formal data register and appoint a Data Protection Officer.

Quarterly Penetration Testing

Independent cybersecurity firms conduct quarterly penetration tests and vulnerability assessments. Critical findings are remediated within 24 hours.

Role-Based Access Control

Strict need-to-know access policies ensure only authorized personnel can view sensitive application data. All access events are logged, monitored, and audited.

ISO 27001 Certified Data Centers

Physical data centers with biometric access, redundant power, environmental controls, 24/7 on-site security, and automated geo-redundant backups.

While we implement industry-leading security practices, no method of transmission over the internet is 100% secure. We continuously monitor and update our security measures and will notify you promptly in the event of a breach affecting your data.

Section 05

Your Privacy Rights

Depending on your location, you may have the following rights over your personal data. To exercise any right, contact us at privacy@swiftpassimmigration.com. We will respond within 30 days.

Right of Access

Request a copy of all personal data we hold about you.

Right to Rectification

Correct inaccurate or incomplete personal data.

Right to Erasure

Request deletion of your data, subject to legal retention obligations.

Right to Portability

Receive your data in a structured, machine-readable format.

Right to Object

Opt out of certain types of data processing, including marketing.

Right to Restrict

Request that we limit how we use your personal data.

Right to Withdraw Consent

Revoke consent for any optional data collection at any time.

Right to Lodge a Complaint

File a complaint with your local data protection supervisory authority.

Section 06

Data Retention

We retain your personal information only as long as necessary to fulfill the purposes described in this policy, or as required by law:

Active applications

Duration of processing + 90 days

Extended if appeal or dispute is open

Completed applications

Up to 7 years

Required for legal, tax, and regulatory compliance

Account & profile data

Until you request deletion

Subject to legal retention minimums

Payment records

7 years

Required under financial regulations

Marketing data

Until you unsubscribe

Promptly honored within 10 business days

Security logs

12 months

For fraud detection and incident response

Section 07

Cookies & Tracking Technologies

We use cookies and similar technologies to operate our platform, remember your preferences, and improve your experience.

Required

Essential Cookies

Necessary for platform functionality — authentication, security tokens, session management. Cannot be disabled without breaking core features.

Optional

Functional Cookies

Remember your preferences such as language, currency, and application progress. Enhance your experience on return visits.

Optional

Performance Cookies

Help us understand how users navigate the platform so we can identify friction points and improve conversion rates.

Optional

Analytics Cookies

Google Analytics (IP anonymized). Provides aggregate traffic insights. Personal identifiers are removed before data is sent to Google.

Section 08

International Data Transfers

SwiftPass is operated from the United States. If you are located in the European Economic Area (EEA), United Kingdom, or other jurisdictions with data protection laws, your information may be transferred to and processed in countries that provide different levels of data protection than your home country.

Section 09

Data Breach Policy

In the unlikely event of a data breach affecting your personal information, we commit to:

1

Immediate Containment

Isolate affected systems and halt any ongoing unauthorized access within hours of detection.

2

Prompt Notification (within 72 hours)

Notify affected users and relevant data protection authorities within 72 hours of discovery, as required by GDPR Article 33.

3

Transparent Communication

Clearly explain what data was affected, the potential risks, and the specific circumstances of the breach.

4

Remediation Actions

Detail the immediate and long-term steps taken to contain, remediate, and prevent recurrence.

Section 10

Children's Privacy

SwiftPass is not intended for individuals under 13 years of age (or under 16 in the European Union). We do not knowingly collect personal information from children.

Section 11

Policy Changes

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors.

Section 12

Contact Us

For questions, data requests, or concerns about this Privacy Policy:

SwiftPass Global LLC

Registered Office

131 Continental Dr Suite 305, Newark, DE 19702, USA

Related Legal Documents

Terms of Service

User rights, obligations, and service limits

Refund Policy

Eligibility conditions and refund process

Contact Us

Reach our support and legal teams