Last updated: 9 March 2026
When you use our service, we collect the following personal data: your full name, email address, phone number (if provided), nationality, passport biographical page, visa application forms and drafts, financial documents (bank statements, salary slips, tax returns), educational certificates and transcripts, employment records, statements of purpose or cover letters, relationship evidence (for spouse visa audits), previous refusal letters (for reapplication audits), and payment transaction details.
We also collect technical data automatically: IP address, browser type, device information, approximate location (country level, used for payment routing), and pages visited on accuratevisa.com. This is collected via server logs, Google Analytics (GA4, property G-FE1NDCJCM2), and Google Ads conversion tracking (AW-16914902284). Google Analytics uses cookies to measure website traffic and does not access your uploaded documents.
We process your personal data on the following bases under UK GDPR and GDPR:
Contract performance (Article 6(1)(b)): to deliver the audit service you have paid for. This covers processing your visa documents, delivering your report, and handling payment.
Legitimate interest (Article 6(1)(f)): to improve our service, prevent fraud, and maintain security. We have conducted a legitimate interest assessment and concluded that these processing activities are necessary and proportionate, and do not override your rights. You may request a copy of this assessment by contacting us.
Legal obligation (Article 6(1)(c)): to comply with anti-money laundering requirements, professional regulatory obligations, and tax record keeping.
Consent (Article 6(1)(a)): for marketing communications, which you can withdraw at any time by emailing customer@accuratevisa.com.
Special category data (Article 9): Some visa documents may contain data revealing racial or ethnic origin, health information, or religious beliefs. We process this under Article 9(2)(a) (your explicit consent, obtained at the point of document upload) solely for the purpose of the visa audit.
Your documents are processed for the sole purpose of conducting a visa application audit. We do not use your documents for any other purpose, including training AI models, marketing, or sharing with third parties.
Our service uses artificial intelligence (Claude by Anthropic) as a preliminary screening tool. AI analyses your documents against immigration rules and generates a draft assessment. This draft is then reviewed, verified, and finalised by the reviewing solicitor (Santosh Pandey). No automated decision making with legal or similarly significant effect occurs without human review. The final audit report is always approved by a qualified solicitor before delivery.
When your documents are processed by the AI system, document content is sent to Anthropic's API for analysis. Anthropic's data processing terms provide that API inputs and outputs are not used to train their models. Anthropic processes data in the United States.
Accurate Visa audits are conducted by a qualified solicitor. Information you share with us in connection with seeking legal advice is protected by legal professional privilege (in England & Wales, under the Legal Services Act 2007 and common law) and advocate client privilege (in India, under Section 126 of the Indian Evidence Act, 1872). We do not waive this privilege except where required by law or with your express written consent.
Your documents are stored in encrypted cloud storage (Supabase, hosted on Amazon Web Services infrastructure). Data is encrypted both in transit (TLS 1.2+) and at rest (AES 256). Access to client documents is restricted to the reviewing solicitor (Santosh Pandey) via authenticated credentials with row level security policies.
We do not store your documents on shared drives, open folders, or any system where third parties could access them.
We share your data with the following third party processors, each under appropriate contractual safeguards:
| Processor | Purpose | Data shared | Location |
|---|---|---|---|
| Supabase (AWS) | Document storage and database | All uploaded documents, audit records | US/EU (AWS regions) |
| Razorpay | Payment processing (India and international) | Payment details, name, email | India |
| Anthropic | AI document screening | Document content for analysis | US |
| SendGrid (Twilio) | Email notifications | Name, email, case reference | US |
| Google (Analytics/Ads) | Website analytics, ad conversion | IP, device info, page visits | US |
| Vercel | Website hosting | Server logs (IP, user agent) | US/EU |
Each processor has its own privacy policy and data processing agreement. Supabase and AWS maintain SOC 2 Type II compliance. We do not sell your data to anyone.
All client documents (including uploaded visa applications, supporting documents, and audit reports) are retained for 6 years from the date of audit delivery. This retention period is required by: (a) the Limitation Act 1980 (England & Wales), Section 5, which provides a 6 year limitation period for contractual claims; (b) the SRA Accounts Rules and professional record keeping obligations; (c) the Indian Limitation Act 1963; and (d) our money back guarantee obligations.
After 6 years, all documents and personal data are permanently deleted. During the retention period, documents remain encrypted and access restricted to the reviewing solicitor only. You may request early deletion of your documents by contacting customer@accuratevisa.com, however we may retain records necessary to comply with our professional regulatory obligations and to defend any claims.
Your data is processed in India (where P&Y Law Offices is based) and stored on servers in the United States or European Union (via AWS/Supabase). Your data is also processed in the US by Anthropic, SendGrid, and Google as described above.
For users in the United Kingdom, European Economic Area, or other jurisdictions with data transfer restrictions: transfers are made on the basis of Standard Contractual Clauses as adopted by the European Commission (decision 2021/914) and the UK International Data Transfer Agreement/Addendum where applicable. We have conducted a Transfer Impact Assessment for transfers to India and the United States and concluded that adequate safeguards are in place, including encryption in transit and at rest, access controls, and contractual commitments from each processor.
Under UK GDPR, GDPR, and applicable data protection law, you have the right to: access the personal data we hold about you (Article 15), rectify inaccurate data (Article 16), request erasure of your data subject to our legal obligations (Article 17), restrict processing (Article 18), receive your data in a portable format (Article 20), object to processing based on legitimate interest (Article 21), and withdraw consent at any time where processing is based on consent (Article 7). To exercise any of these rights, contact us at customer@accuratevisa.com. We will respond within 30 days.
If you believe your data protection rights have been infringed, you have the right to lodge a complaint with: the Information Commissioner's Office (ICO) in the UK (ico.org.uk), your local supervisory authority in the EEA, or the relevant data protection authority in your jurisdiction.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach (as required by Article 33 UK GDPR). Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay (Article 34).
Our website uses Google Analytics cookies (measurement purposes) and Google Ads conversion tracking cookies. These are set when you visit accuratevisa.com. We do not use third party advertising cookies beyond Google Ads conversion measurement. You can control cookies through your browser settings.
Our service is not directed at individuals under 18. If a visa application is being submitted on behalf of a minor, the parent or guardian must submit the documents and is the contracting party.
We may update this policy from time to time. Material changes will be notified via the email address associated with your audit. The "last updated" date at the top of this page will always reflect the current version.
For any privacy related queries, contact us at:
P&Y Law Offices
C-180/A Defence Colony
New Delhi 110024, India
Email: customer@accuratevisa.com
Santosh Pandey is the data controller for the purposes of UK GDPR and GDPR.