Privacy policy

This policy explains what data MyVisaPrompts (operated by AnyImmi, headquartered in India) collects, why it’s collected, and the choices you have. It applies to both the consultant tier on myvisaprompts.com and the applicant tier on apply.myvisaprompts.com.

1. Who we are

MyVisaPrompts is operated by AnyImmi. For privacy questions or data-subject requests reach us at hello@anyimmi.com.

2. What we collect

• Account identifiers — your email address (for magic-link / password sign-in) and, if you sign up by mobile, your phone number. If you sign in with Google, we receive your basic Google profile (email + name only).
• Payment metadata — the payment ID, amount, currency, market, and timestamp returned by Razorpay (India) or Stripe (rest of world). We never see, store, or transmit your full card number, CVV, UPI PIN, or bank credentials — those are handled directly by Razorpay (PCI-DSS Level 1 certified) or Stripe (PCI-DSS Level 1 certified).
• Workspace data — bookmarks, notes, variable-vault entries, and usage history that you yourself create inside the signed-in dashboard. Stored under your account and visible only to you.
• Approximate location — we read the CF-IPCountry header set by Cloudflare to show you local-currency pricing. We don’t store your IP address with your account record.
• Technical logs — standard request logs (URL, timestamp, status code) for security and abuse detection. Retained for 30 days.

2a. Google sign-in — what we ask for, and why

If you choose “Sign in with Google”, our app (“MyVisaPrompts by AnyImmi”) requests three OAuth scopes from your Google account. We list them here exactly as they appear on the Google consent screen, with the single, specific purpose each scope serves:

• openid — used only to obtain a stable, per-user identifier (the Google account’s subject ID) so we can recognise the same account on return visits and link it to your MyVisaPrompts entitlement record. We do not use this ID for advertising or for any third-party identity service.
• email — used only to (1) send your payment receipt and welcome credentials, (2) deliver transactional messages such as password reset and prompt-update notifications, and (3) tie your entitlement to a recoverable address so you don’t lose access if you change devices. We do not share your email with advertisers or resell it to any third party.
• profile — used only to read your first name and (optionally) your Google profile picture, so we can address you by name in welcome / receipt / password-reset emails and on your account page. We do not read or store any other field returned by this scope (locale, gender, dates, etc.).

We do not request — and our app cannot access — any sensitive or restricted Google scopes. Specifically: no Gmail, no Drive, no Calendar, no Contacts, no Photos, no YouTube, no Google Fit, no Cloud Platform, no Workspace admin scopes. The three basic scopes above are the only ones the consent screen will ever show you, and they are the only ones our server is configured to receive.

Data received from Google scopes is stored on Supabase Postgres (see Section 5) under your account row, used only for the purposes above, and deleted when you delete your account (see Section 7 — Deletion). We do not export Google-scope data to advertising platforms, marketing tools, or any third party. Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

You can revoke MyVisaPrompts’ access to your Google account at any time at myaccount.google.com/permissions. Revoking access does not delete your MyVisaPrompts account or entitlement — to do that, email hello@anyimmi.com (see Section 7).

3. What we DON’T collect (paste-only flow)

For the classic paste-into-your-own-ChatGPT/Claude flow, we do not see, store, or transmit the content of your client work or any visa filings. The vault is prompt-and-paste: when you copy a prompt into ChatGPT, Claude, or another LLM, the conversation happens in your AI account, not ours. We never proxy or log it. We also do not place advertising / third-party tracking cookies, do not fingerprint your device, and do not sell or rent your data to anyone ever.

The exception is the optional server-side “Generate” feature, covered separately in §3a below. It is opt-in per device and per account; if you never click “Generate” you never send any intake content to our servers.

3a. Server-side AI Generation (opt-in)

If you click the “Generate” button on a prompt (instead of copy-paste), MyVisaPrompts sends the intake answers you typed plus the prompt body to one of two third-party AI providers, gets a draft back, and stores that draft on your account so you can re-open it. This section explains exactly what flows where.

What gets sent

• Intake answers — every field you fill in the intake form for that generation (e.g. country, refusal ground, client’s study background).
• Prompt body — the master prompt text from the vault, including the master-prompt wrapper.
• Model parameters — temperature, max-tokens, and the model name (e.g. gemini-2.5-pro, claude-sonnet-4-5).

We do not send your name, email, payment ID, IP, or any account identifier to the AI provider. The request is unattributed at the provider level — they see prompt + intake, not “Garry from Kotkapura.”

Who processes it

• Google Gemini — Google Cloud, processed under the Google Cloud Data Processing Addendum. We call Gemini through the Google AI / Vertex API with the training opt-out flag (disableTraining: true on the paid tier) set on every request.
• Anthropic Claude — Anthropic PBC, processed under the Anthropic Commercial Terms / DPA. Anthropic’s API does not train on customer inputs or outputs by default — see the Anthropic Acceptable Use Policy and the Anthropic Privacy Center.

Which provider runs your generation depends on which model you select in the dropdown before clicking Generate. Both providers operate primarily from United States data centres (with some regional routing). See §6 (international transfers).

Training opt-out

Neither provider trains foundation models on your generation inputs or outputs:

• Gemini — we send disableTraining: true on every paid-tier API call. Google’s Generative AI Terms for paid services confirm inputs and outputs are not used to improve or train Google’s models.
• Claude — per Anthropic’s Commercial Terms §B.3, API inputs and outputs are not used to train Anthropic models unless you explicitly opt in (which we have not).

Retention

• Default 90 days. Generated drafts are stored on Supabase Postgres under your account row so you can re-open them from /account/generations. After 90 days they are deleted by a nightly job.
• User-deletable any time. You can delete an individual generation from /account/generations, or change your retention window (0 days = delete immediately on close, 7, 30, 90) from /account/settings.
• Provider-side retention. Both Google and Anthropic retain API request payloads for up to 30 days for abuse-detection (zero-retention agreements available on enterprise tiers — we will publish here if and when we enable them).

Your right to opt out

Generation is fully optional. You can:

• Never click Generate — keep using the paste-into-your-own-ChatGPT flow; nothing flows through our servers.
• Set retention to 0 at /account/settings — drafts are deleted as soon as you close them.
• Withdraw consent by deleting the ai_optin_accepted_at flag from your account (or by deleting the account entirely — see §7).

Cross-border transfer note (EU / UK / India)

Generation requests are transmitted to the United States, where Google Cloud and Anthropic both process. For EU / UK / EEA users this is a transfer outside your jurisdiction — Google relies on the EU-US Data Privacy Framework and SCCs; Anthropic uses SCCs. For India (DPDP Act 2023) users, the US is currently a notified country for permitted cross-border processing. For applicants in other jurisdictions (e.g. UAE, Singapore), please review your local cross-border data-transfer rules before opting in. If you do not want your intake answers leaving your jurisdiction, do not opt in to server-side generation — the paste-into-your-own-LLM flow keeps everything in your AI vendor’s relationship with you.

4. Why we collect it (legal basis)

• Contract performance — we need your email to grant entitlements after payment and to email you the welcome / password reset. Without it the product cannot work for you.
• Legal obligation — invoices and payment records are kept to satisfy Indian GST law and equivalent overseas tax reporting (Stripe Tax handles international VAT / GST collection).
• Legitimate interest — security logs, abuse detection, and basic product analytics (event counts, not individual session replays).
• Consent — for optional marketing emails. You can opt out from any email’s footer at any time.

5. Where data lives

• Account + workspace data — Supabase Postgres (Singapore region). Encrypted at rest. Row-level security limits reads to the authenticated user only.
• Payment records — Razorpay (India) for INR payments; Stripe Inc. (United States, with EU data processed in the EU) for all other currencies. Both are independently certified PCI-DSS Level 1.
• Transactional email — Resend Inc. (United States) with TLS in transit.
• Edge / CDN — Cloudflare. Used only to terminate TLS, serve static assets, and add the country header for pricing — no request-body logging.

6. International transfers

If you’re in the EU/UK/EEA, your data is transferred to India, Singapore, and the United States under the European Commission’s Standard Contractual Clauses (2021/914) signed with each of our processors. India is not on the European Commission’s adequacy list as of 2026; the SCCs are our transfer mechanism. We’re happy to share the executed copies on request.

7. Your rights

Depending on where you live, you have some or all of the following rights over your data — and we honour all of them globally regardless of which framework applies:

• Access — download everything we hold about you. Signed-in users can hit GET /api/me/dsar for an immediate JSON export.
• Correction — fix wrong data (e.g. an email-address typo).
• Deletion — erase your account and associated records. Note: payment records required by tax law are retained (in irreversibly-anonymised form) for the statutory minimum.
• Portability — receive your data in a structured, machine-readable format (JSON).
• Objection — opt out of any optional processing (analytics, marketing email).
• Complaint — lodge a complaint with your supervisory authority (e.g. India’s Data Protection Board under the DPDP Act 2023; your EU member-state DPA; the UK ICO; the California Privacy Protection Agency for CCPA).

To exercise any of these rights, email hello@anyimmi.com with the subject “Privacy request”. We respond within 30 days (most requests are processed within 7).

8. Data retention

• Account + entitlements — for as long as your account exists. Lifetime access means the entitlement record persists until you ask us to delete it.
• Invoices / payment records — 8 years in India (CGST §36), or the local statutory minimum (typically 6-10 years).
• Security logs — 30 days, then permanently deleted.
• Marketing-consent records — until you withdraw consent + 12 months of legal-defence buffer.

9. Cookies

We use a small set of strictly-functional cookies and one analytics-grouped cookie:

• sb-*-auth-token — first-party Supabase auth session. Strictly necessary; cannot be disabled without breaking sign-in.
• mvp-market, mvp-audience — first-party, ~1 year, remembers your detected market + consultant/applicant choice for pricing. No personal data.
• mvp-cookie-consent — first-party, records that you dismissed the cookie banner.
• aip-ref — first-party, 90 days. Captures a referral code from ?ref= so the referrer gets credited when you buy. No personal data; can be cleared from browser settings.

No third-party advertising cookies. No fingerprinting. No cross-site tracking pixels.

10. Children

The consultant tier is sold to licensed professionals. The applicant tier is sold to visa applicants — most of whom are adults filing their own paperwork. We do not knowingly collect data from anyone under 16. If you believe a child has signed up, email us and we’ll delete the account.

11. Security

Database access is restricted by Supabase Row-Level Security so one authenticated user cannot read another’s records. Data is encrypted at rest by the host (Supabase / Razorpay / Stripe) and in transit via TLS 1.2+ everywhere. Service-role database keys never leave our server. We don’t handle raw card data — Razorpay and Stripe collect it directly on their own infrastructure.

12. Breach notification

In the unlikely event of a personal-data breach that’s likely to result in a risk to your rights, we’ll notify our supervisory authority within 72 hours and you directly without undue delay, in line with Article 33 GDPR and §8 of the DPDP Act 2023.

13. Changes to this policy

We may update this policy from time to time. Material changes (e.g. a new processor, a new data category) will be notified by email to the address on file at least 14 days before they take effect. The “last updated” date at the top of the page always reflects the most recent revision.

14. Contact

Privacy questions, data-subject requests, breach reports — all to hello@anyimmi.com. Mention “Privacy” in the subject and we’ll route it to the right person within 24 hours on business days.

See also: Terms of service · Refund policy