Privacy Policy

Last updated: 4 March 2026

1. Introduction

VisaFlow ("we", "us", "our") is committed to protecting your privacy and the privacy of your clients. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth).

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Your name and business name
  • Email address and phone number
  • MARA registration number (for migration agents)
  • ABN/ACN
  • Billing address and payment information

2.2 Client Data

As part of providing the Service, you may upload personal information about your clients, including:

  • Names, dates of birth, and contact details
  • Passport and identification documents
  • Employment and education history
  • Health and character information as required for visa applications
  • Immigration history and visa application details

Important: You are the data controller for your client data. We process this data on your behalf as a data processor. You are responsible for ensuring you have appropriate consent and legal basis to collect and store client information.

2.3 Usage Data

We automatically collect information about how you use the Service, including:

  • Log data (IP address, browser type, pages visited)
  • Device information
  • Feature usage patterns
  • Error reports and performance data

3. How We Use Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process payments and send billing-related communications
  • Send service notifications and updates
  • Respond to your inquiries and provide customer support
  • Analyze usage patterns to improve user experience
  • Detect, prevent, and address security issues
  • Comply with legal obligations

4. Data Storage and Security

We take the security of your data seriously and implement appropriate technical and organizational measures:

  • Location: All data is stored on servers located in Australia
  • Encryption: Data is encrypted at rest and in transit using industry-standard protocols
  • Access Control: We implement role-based access controls and audit logging
  • Backups: Regular backups are performed and stored securely
  • Monitoring: We monitor for security threats and suspicious activity

While we implement reasonable security measures, no system is completely secure. You are responsible for maintaining the security of your account credentials.

5. Disclosure of Information

We may share your information in the following circumstances:

  • Service Providers: With third-party vendors who assist in providing the Service (e.g., payment processors, cloud hosting providers)
  • Legal Requirements: When required by law, subpoena, or government request
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you have given explicit consent

We do not sell your personal information to third parties.

6. Third-Party Services

The Service integrates with third-party services that have their own privacy policies:

  • Stripe: For payment processing
  • Supabase: For database and authentication services
  • Resend: For email delivery
  • Mindee: For document OCR processing

We encourage you to review the privacy policies of these services.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. After account termination:

  • You may request a data export within 30 days
  • Account data is deleted within 90 days of termination
  • Backup copies may be retained for up to 12 months
  • Some data may be retained longer for legal or compliance purposes

8. Your Rights

Under Australian privacy law, you have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal requirements)
  • Data Portability: Request an export of your data in a machine-readable format
  • Complaint: Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

To exercise these rights, contact us at naveen@quantrex.com.au.

9. Cookies and Tracking

We use cookies and similar technologies to:

  • Maintain your session and authentication state
  • Remember your preferences
  • Analyze usage patterns and improve the Service

You can control cookies through your browser settings, but some features may not function properly if cookies are disabled.

10. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last updated" date at the top indicates when the policy was last revised.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact:

Naveen Gugulothu
VisaFlow
Email: naveen@quantrex.com.au
Phone: 0466 300 421
Address: Sydney, NSW, Australia

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.