Legal

Privacy Policy

Last updated: 28 June 2026

1. Who We Are

VisaPath (“we”, “us”, “our”) operates the platform at abroadmaster.com. For any privacy-related queries, contact us at privacy@abroadmaster.com.

2. Data We Collect

Account data: Email address, name, and profile photo when you register via email or Google OAuth.

Profile data: Information you voluntarily provide in the profile wizard — age, education, work experience, language scores, and budget — used exclusively to calculate your eligibility scores.

Usage data: Pages visited, visa categories viewed, bookmark activity, and forum posts. Collected to personalise your experience and improve the Platform.

Payment data: We do not store payment card details. All payment processing is handled by Paddle. Paddle shares only your subscription status and billing dates with us.

AI conversation data: If you use the AI Assistant (Pro feature), your conversation messages are stored to provide context across sessions. You can delete your conversation history at any time from your account settings.

Cookie data: We set functional cookies (session management, preferences) and, with your consent, advertising cookies for Google AdSense. See Section 8 for details.

3. How We Use Your Data

  • To provide, maintain, and improve the Platform.
  • To calculate visa eligibility scores based on your profile.
  • To send you email notifications you have opted in to (e.g. visa change alerts).
  • To process and manage your Pro subscription via Paddle.
  • To display relevant advertisements (with your cookie consent).
  • To comply with legal obligations.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area and UK, we process your personal data under the following legal bases:

  • Contract: To provide the service you signed up for.
  • Legitimate interests: To improve the Platform and prevent abuse.
  • Consent: For advertising cookies and marketing emails. You may withdraw consent at any time.
  • Legal obligation: Where required by law.

5. Data Sharing and Third Parties

We share data only with the following third-party processors:

  • Supabase — database and authentication hosting (servers in EU).
  • Vercel — web hosting and edge infrastructure.
  • Paddle — payment processing and subscription management.
  • Anthropic — AI inference for the Pro AI Assistant feature. Conversation content is sent to Anthropic to generate responses; Anthropic does not train on API input data.
  • Google AdSense— advertising (only if you accepted cookie consent). Google's Privacy Policy governs their use of advertising data.

We do not sell your personal data to any third party.

6. Data Retention

Account and profile data is retained while your account is active. You may request deletion at any time (see Section 7). After deletion, data is purged within 30 days except where we are required to retain it by law.

7. Your Rights

You have the right to:

  • Access a copy of the personal data we hold about you.
  • Correct inaccurate data via your account settings.
  • Deleteyour account and all associated data (right to erasure). Use the “Delete account” option in Account Settings.
  • Portability: Request an export of your data in machine-readable format.
  • Object to processing based on legitimate interests.
  • Withdraw consent for cookies or marketing emails at any time.

To exercise any right, email privacy@abroadmaster.com. We will respond within 30 days.

8. Cookies

Strictly necessary cookies: Session tokens and preference cookies that are required for the Platform to function. These are set automatically and do not require consent.

Advertising cookies:Google AdSense sets cookies to serve personalised ads. These are only placed after you click “Accept” on our cookie consent banner. Declining or not accepting prevents any advertising cookies from being set. You can change your preference at any time by clearing your browser cookies and revisiting the site.

9. Security

We use industry-standard measures including TLS encryption in transit, bcrypt-hashed passwords, Row Level Security policies on our Supabase database, and regular security reviews. No system is completely secure; we encourage you to use a strong, unique password.

10. Children

VisaPath is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If we become aware that a child under 16 has provided personal data, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be announced via an in-app notification. The “Last updated” date at the top of this page always reflects the most recent revision.