Privacy Policy

Veesa ("Veesa", "we", "us", "our") is committed to protecting your privacy and safeguarding your personal data. This Privacy Policy outlines how we collect, use, store, and share your personal information when you use the Veesa mobile application, website, and the Veesa browser extension.

Veesa is a UK visa and immigration companion app designed to help immigrants navigate life in the United Kingdom. We process your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using our services, you acknowledge our collection, use, and retention of your personal information as described in this Policy. If you do not agree with these terms, please do not use our services.

Veesa is the data controller responsible for your personal data. If you have any questions about this Policy or how we handle your data, please contact us at info@veesa.org.

We collect only the minimum information necessary to provide our services:

Information you provide directly:

• Email address (via Google or Apple Sign-In)
• First name or display name (for personalisation only)
• Visa type (e.g. Skilled Worker, Student)
• Visa start and expiry dates
• Nationality
• Employment status and industry

Information collected automatically:

• Device type and operating system
• App usage analytics (anonymised)

Payment information:

• Payments are processed securely by Stripe. We do not store your card number, CVV, or full payment details. We retain only a Stripe customer ID and transaction records for accounting purposes.

We are committed to collecting only non-identifiable data. We will never ask for or collect:

• Your legal name or full name
• BRP (Biometric Residence Permit) number
• Passport number or details
• Share code or right to work code
• National Insurance number
• Home address or precise location data

We use your personal data for the following purposes:

• To provide and maintain the Veesa app and its features
• To personalise your experience (e.g. visa countdown, relevant pathways)
• To process payments for premium features (e.g. vehicle checks)
• To send you visa expiry reminders and important immigration updates
• To improve our services based on anonymised usage patterns
• To comply with legal obligations

The Veesa browser extension ("Extension") helps UK Skilled Worker visa applicants verify employer sponsor licence, salary thresholds, and SOC eligibility on any job page they visit. It uses additional data flows specific to its function:

What the Extension processes:

• The active tab's URL and visible text.When the Extension's heuristic detector decides you are on a single-job-detail page, it reads the URL and the page's visible text (up to 20,000 characters). It does not read pages you have not visited.
• Email addressfor account creation and a long-lived authentication token stored locally and on Veesa's servers.
• Application activity you create yourself: stage changes (Saved / Applied / Interviewing / Offered / Rejected) and notes per job, surfaced in your Veesa dashboard.

Where the data goes:

• The page URL and visible text are sent to OpenAI (model: gpt-4o-mini) for one-shot structured extraction of employer name, job title, salary, and occupation code. OpenAI is contractually committed not to retain or train on this data via the API.
• Extraction results, your application stage, and your notes are stored in Veesa's Convex database and are visible only to you.
• The Extension never sends data from pages it has not detected as job pages, never reads pages in inactive tabs, and never sells data to third parties.

Caching:

• Recent results are cached locally (in your browser's extension storage) and on Veesa's servers for up to 7 days for verified results, 1 hour for ambiguous results, so revisits are instant and we do not bill the same check twice.

Free vs Premium:

• Free tier: 5 sponsor checks per day. Premium: unlimited, billed monthly via Stripe. Subscription status is tied to your account email, not to the device.

The Veesa mobile app requests the following device permissions only when the relevant feature is used. You can revoke any permission from your device's system settings at any time. Denying a permission disables only the feature that needs it; the rest of the app continues to work.

• Camera: Used only during live video consultations with immigration lawyers via the Veesa marketplace. Your camera feed is streamed directly between you and the lawyer through our video provider, Agora, and is not recorded by Veesa.
• Microphone: Used only during live video and voice consultations with lawyers. Audio is streamed peer-to-peer via Agora and is not recorded by Veesa.
• Notifications: Used to deliver visa expiry reminders, UKVI news alerts, booking confirmations, and chat messages. You can disable any notification category from inside the app.
• Biometrics (Face ID / Touch ID / fingerprint): Optional; used only if you turn on biometric app-lock in the security settings. Biometric data never leaves your device.
• Photo library / files: Used only when you choose to download a vehicle-check PDF or upload an attachment. We do not browse your library in the background.

Under UK GDPR, we process your personal data on the following legal bases:

• Consent: You provide your data voluntarily during registration and onboarding.
• Contract: Processing is necessary to provide you with our services.
• Legitimate interest: To improve our services and ensure platform security.
• Legal obligation: To comply with applicable UK laws and regulations.

We share data with the following third-party services, each governed by its own privacy policy:

• Firebase (Google): Authentication services (Google Sign-In).
• Apple: Authentication services (Sign in with Apple). Apple may provide a private relay email address.
• Convex: Our backend database provider, hosted securely in the cloud.
• Stripe: Payment processing for premium features. Stripe handles all card data in compliance with PCI DSS.
• DVLA / GOV.UK APIs: Vehicle and sponsor data queries. We do not share your personal data with these services.
• OpenAI: Vision and language models used by the Veesa browser extension to extract structured data (employer, role, salary, SOC code) from job pages you visit. Calls are made via the OpenAI API; OpenAI does not retain or train on data submitted via the API.
• Companies House API: UK company-information queries used by the extension to corroborate a sponsor licence with a registered legal entity.
• Resend: Transactional email delivery (sign-in codes, payment receipts, weekly news digests).

We do not sell your personal data to any third party.

Your data is stored securely on Convex's cloud infrastructure. We implement appropriate technical and organisational measures including:

• Encrypted data transmission (HTTPS/TLS)
• Secure authentication via OAuth 2.0 (Google and Apple)
• No storage of sensitive credentials on your device
• Regular security reviews of our codebase and infrastructure

We retain your personal data for as long as your account is active or as needed to provide you with our services. If you delete your account:

• Your user profile and associated data will be permanently deleted from our database.
• For Apple Sign-In users, we revoke the authentication token so Veesa is removed from your Apple ID settings.
• Payment records may be retained for up to 7 years for accounting and legal compliance.
• Anonymised, aggregated data may be retained for analytics purposes.

Under UK GDPR, you have the following rights:

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Request correction of inaccurate or incomplete data.
• Right to erasure: Request deletion of your personal data.
• Right to restrict processing: Request that we limit how we use your data.
• Right to data portability: Request your data in a structured, machine-readable format.
• Right to object: Object to processing based on legitimate interest.
• Right to withdraw consent: Withdraw your consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal.

To exercise any of these rights, contact us at info@veesa.org. We will respond within 30 days.

Veesa is not intended for use by children under the age of 16. We do not knowingly collect personal data from children.

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. Continued use of Veesa after changes constitutes acceptance of the updated Policy.

For questions or complaints about this Privacy Policy, contact us at:

Email: info@veesa.org