Privacy Policy

Last updated: February 2026

The protection of your personal data is of particular concern to us. We use your data exclusively in accordance with applicable data protection principles, in particular the provisions of the EU General Data Protection Regulation (GDPR). This privacy policy explains how VISARIGHT processes personal data in accordance with Art. 13 ff. GDPR.

1. General Information

The following privacy policy informs you about the nature and scope of the processing of personal data by VISARIGHT GmbH (hereinafter “VISARIGHT”, “we”, “us” or “our”). Personal data is any information that enables the direct or indirect identification of a person. The use of our services, products, technologies or functions as well as all associated pages, applications and services (collectively “Services”) is subject to this privacy policy.

The data collected by VISARIGHT can essentially be divided into two categories:

  • All data required for the processing, preparation, and fulfillment of a contract with VISARIGHT. If other service providers are involved in the fulfillment of the contract (e.g., visa authorities, optimization services, or hosting providers), your data will be shared with them to the extent necessary.
  • When you access our services, certain information is exchanged between your device and our server or the servers of the services we use. This may include personal data. The information obtained in this way is used, among other things, to improve our services.

Age requirement: Our services are only available to users who are at least 18 years old. If you are not yet 18 years old, you may only use our services with the consent of your parents.

2. Data Controller

Responsible for data processing:

VISARIGHT GmbH
c/o orangery Magdeburg
Breiter Weg 232a
39104 Magdeburg
Germany

Email: support@visaright.eu

3. Own Services

3.1 Contact Requests

You can contact us at any time by phone, in writing, by email, fax, or in person. The data you provide with your request is always provided voluntarily. We process the following personal data in accordance with Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR:

  • Name
  • Company (if applicable)
  • Subject
  • Phone number
  • Email address
  • Message

We generally do not share your personal data with third parties but process it internally. We store your personal data until it is no longer required for the respective purposes. Correspondence subject to commercial retention obligations is stored for 6 years.

3.2 Application Processing

To provide our services, particularly for processing visa applications, we process the following data in accordance with Art. 6(1)(b) GDPR and Art. 9(2)(a) GDPR:

  • Email address
  • First and last name
  • Residential address
  • Nationality
  • Gender
  • Date and place of birth
  • Marital status
  • Education
  • Occupation
  • Information entered by you

The submitted data is forwarded to the responsible authority. The data required for application processing is stored until it is no longer needed for this purpose. During the retention period (usually 6 to 10 years after conclusion of the contract), the data is only used in the context of a tax audit.

3.3 Business Partners and Service Providers

Most of our business partners and service providers designate an employee as a contact person. We process the following data in accordance with Art. 6(1)(f) GDPR:

  • First and last name
  • Company
  • Phone number
  • Email address

In the case of visa applications, the data is transmitted to the responsible authority. The data is stored for the legally prescribed periods (usually 2 to 5 years for visa applications).

4. Data Processing During Website Visits

4.1 Server Log Files

Each time you access our website, the hosting provider (Vercel Inc.) automatically collects information in so-called server log files that your browser automatically transmits. This includes:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Time of server request
  • IP address

Processing is carried out on the basis of Art. 6(1)(f) GDPR. The data is not merged with other data sources. Collection is technically necessary for providing the website.

4.2 Cookies and Local Storage

This website uses technically necessary cookies for language settings and session management. These are set without consent on the basis of Art. 6(1)(f) GDPR and Section 25(2) TDDDG, as they are essential for the operation of the website. In addition, we use analytics cookies (Google Analytics, provider: Google LLC) only with your explicit consent (Art. 6(1)(a) GDPR, Section 25(1) TDDDG). Collected data is processed pseudonymously. You can withdraw your consent at any time via the cookie settings in the page footer. Your settings are stored in your browser (localStorage). Storage duration: technically necessary cookies up to 1 year, analytics cookies up to 2 years.

4.3 Hosting

This website is hosted by Vercel Inc. (340 S Lemon Ave #4133, Walnut, CA 91789, USA). Vercel processes the above-mentioned data on our behalf. The transfer to the USA is based on the EU Commission's standard contractual clauses. Further information can be found in Vercel's privacy policy.

Vercel Privacy Policy

4.4 Database Service

For the management of service data, we use Supabase, Inc. (65 Chulia Street #38-02/03, OCBC Centre, Singapore 049513), a company incorporated in the USA (Delaware). Data processing takes place exclusively on EU servers (AWS eu-west-1, Ireland); personal data does not leave the EU/EEA. Supabase processes exclusively publicly accessible administrative data, not personal user data. Processing is carried out on the basis of Art. 6(1)(f) GDPR (legitimate interest in the reliable and secure provision of the website). Further information can be found in Supabase's privacy policy.

Supabase Privacy Policy

4.5 Error Monitoring

To detect and fix technical errors, we use Sentry, operated by Functional Software, Inc. (45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA). When an error occurs, Sentry automatically collects the following technical data:

  • IP address (anonymized)
  • Browser type and version
  • Operating system
  • Error stack trace (does not contain personal data)
  • URL of the page where the error occurred
  • Time of the error

Processing is carried out on the basis of Art. 6(1)(f) GDPR (legitimate interest in the stability and security of the website). Data is stored exclusively on EU servers (Frankfurt, Germany) and does not leave the EU/EEA. Sentry's automatic data scrubbing is enabled. Data retention period is 90 days. Further information can be found in Sentry's privacy policy.

Sentry Privacy Policy

5. Your Rights

You have the following rights regarding the processing of your personal data:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to withdraw consent (Art. 7(3) GDPR)

To exercise these rights, please contact us at support@visaright.eu.

You also have the right to lodge a complaint with a data protection supervisory authority.

6. Data Security

We apply the highest standards of data security for our infrastructure and the processing of your data. We use protective mechanisms such as firewalls and data encryption. All personal data transmitted by you is transferred via the secure SSL standard (Secure Socket Layer).

7. AI-Assisted Content and Services

VISARIGHT uses artificial intelligence (AI) for various functions on this website. Below we explain what data is processed in each case.

7.1 AI-Assisted Content Creation

Parts of the service descriptions and plain-language law texts on this website are created with the support of AI. The AI exclusively processes publicly available administrative data from the City of Berlin (PVOG interface) and publicly available legal texts. No personal user data is processed as part of content creation. Processing is carried out on the basis of Art. 6(1)(f) GDPR (legitimate interest in the understandable preparation of administrative information).

7.2 AI Chatbot (VISARIGHT Assistant)

You can use the VISARIGHT Assistant to ask questions about residence law. When using the chatbot, the following data is processed:

  • Your chat messages (questions and inputs)
  • IP address (for rate limiting and abuse prevention)
  • Language setting (German/English)

Your chat messages are transmitted to the Anthropic API (Claude) to generate a response. Before transmission, your messages are enriched with relevant public content from our database (service descriptions, legal texts). Anthropic processes the data exclusively to answer your request and not for training AI models.

Processing is carried out on the basis of Art. 6(1)(f) GDPR (legitimate interest in providing a helpful information service).

Chat messages are not stored server-side. Processing takes place exclusively in real-time during the chat session. No message content is retained after closing the chat window.

Please do not enter sensitive personal data in the chatbot (e.g., passport numbers, dates of birth, addresses, or health data). The chatbot is designed for general information questions about residence law.

7.3 AI Service Providers

We use the following service providers for AI-assisted functions:

Anthropic, PBC
548 Market St., PMB 90375, San Francisco, CA 94104, USA
AI model (Claude) for content creation and chatbot responses

The transfer of personal data (chat messages) to the USA is based on appropriate safeguards pursuant to Art. 46 GDPR. Anthropic has committed to not using the transmitted data for training AI models.

Anthropic Privacy Policy

Jina AI GmbH
Prinzessinnenstraße 19-20, 10969 Berlin, Germany
Search embeddings and reranking for chatbot context retrieval

Jina AI is based in Germany. No personal data is transferred to third countries.

Jina AI Privacy Policy

7.4 Your Rights Regarding AI Processing

In addition to the rights mentioned in Section 5, you have the right to object to the processing of your data by AI systems. You can choose not to use the chatbot at any time without giving reasons. For questions about AI-assisted data processing, please contact us at support@visaright.eu.

8. Protection of Minors

Protecting the privacy of children and young people is particularly important to us. For this reason, we do not knowingly collect or request personal data from persons under 16 years of age. If you are under 16 years of age, please do not send us any information about yourself. If we determine that we have collected personal data from a child under 16 years of age without parental consent, we will delete this data immediately.

9. Changes to the Privacy Policy

Changes to this privacy policy take effect upon publication on this page. If we change our privacy policy, we will publish the changes on this page to inform you about the data collected, its use, and the circumstances of any possible disclosure.

If you have any questions about our privacy policy, you can reach us at any time at support@visaright.eu.