Privacy Policy

Last updated: 2026-05-12

This Privacy Policy explains what personal data Visavu collects, how we use it, and the rights you have over it. Visavu is operated as a public information service. Our default posture is to collect as little personal data as possible.

What we collect

We do not require an account to use the Service. We do not collect names, email addresses, phone numbers, payment details, government identifiers, or any visa-application data. We explicitly do not want — and ask that you do not submit — sensitive details such as passport numbers, financial-account information, or medical records.

1. Pages you visit (analytics)

We use Plausible Analytics to understand which pages and features are useful. Plausible is cookie-free, does not use cross-site identifiers, does not build personal profiles, and is fully GDPR / PECR / CCPA compliant by design. Data collected: URL visited, referrer, approximate country derived from IP (the IP itself is hashed and discarded), browser type, screen-size bucket, and time on page. Aggregated only — no individual session records are retained.

2. Preference cookies

If you change your displayed currency, language, or visit an admin route with a valid token, we may set a small first-party cookie to remember that preference across pages. See our Cookie Policy for the complete list and how to clear them.

3. Voluntary correspondence

If you contact us (via the contact page, by email, or by using a “Report incorrect info” link) we receive whatever you choose to send. We use that information solely to respond to your message and improve the accuracy of the Service. We do not add your address to a marketing list.

4. Server access logs

Our hosting provider (Vercel) records standard HTTP request logs for security and debugging — IP address, request URL, user-agent, response status, and timestamp. These logs are retained for a short period (typically 24-72 hours) and are not used for profiling.

What we do NOT do

  • We do not sell your data to anyone, ever.
  • We do not run third-party advertising or remarketing pixels.
  • We do not use Google Analytics, Facebook Pixel, or similar trackers.
  • We do not build profiles, lookalike audiences, or behavioural segments.
  • We do not share data with data brokers.

Third-party services we rely on

These services receive limited data inherent to serving you content. We have selected them for their privacy practices and minimise the data they receive.

  • Vercel (hosting): receives HTTP request data and access logs. See Vercel's privacy policy.
  • Plausible Analytics (analytics): cookie-free, GDPR-compliant. See Plausible's privacy policy.
  • Pexels (hero images): images are served via their CDN; standard image-request logs apply. See Pexels' privacy policy.
  • Google Fonts (Inter, Newsreader): font files served self-hosted via our Next.js setup; no direct Google request from your browser.
  • Google Translate proxy (optional, only if you click a language toggle): translates the visible page in your browser. Google receives the page URL and may set its own cookies subject to its privacy policy.
  • jsDelivr (country silhouettes from the open-source djaiss/mapsicon dataset): standard CDN image requests.

International data transfers

Vercel and Plausible are based outside your jurisdiction in some cases. Data transfers rely on the standard contractual safeguards each provider has in place. Plausible specifically processes EU-visitor data in the EU.

Your rights (GDPR, UK GDPR, CCPA, and similar)

Depending on your jurisdiction, you have the right to:

  • Access the personal data we hold about you (if any)
  • Correct inaccurate data
  • Erase your data — note that because we hold so little personal data (typically none beyond a preference cookie in your own browser), there is rarely anything to erase server-side
  • Object to processing
  • Withdraw consent for any consented processing
  • Lodge a complaint with your data-protection regulator (the UK Information Commissioner's Office, your EU member state's DPA, or the California Attorney General, as applicable)

To exercise any of these rights, contact us via the contact page.

Children

The Service is not directed at children under 16 and we do not knowingly collect data from children. If you believe a child has provided us personal information, please contact us and we will delete it.

Changes to this policy

We may update this Privacy Policy as the Service evolves. The “Last updated” date above reflects the most recent revision. Material changes will be highlighted on the homepage or via a banner on this page.

Contact us about privacy

Questions about this policy or your data can be sent via the contact page. We aim to respond to data-rights requests within 30 days.