Visto n' Visa
Blog
Notícias e artigos
Destinations
All countries
United States
New York Los Angeles Chicago Houston San Francisco Miami Boston Seattle Austin Denver
Canada
Toronto Vancouver Montreal Calgary Ottawa Edmonton Winnipeg Quebec City Halifax Victoria
United Kingdom
London Manchester Birmingham Edinburgh Bristol Glasgow Liverpool Leeds Cardiff Cambridge
Germany
Berlin Munich Frankfurt Hamburg Cologne Stuttgart Düsseldorf Heidelberg Dresden Nuremberg
Italy
Rome Milan Naples Turin Florence Bologna Venice Genoa Palermo Verona
Spain
Madrid Barcelona Valencia Seville Malaga Bilbao Alicante Zaragoza Palma Granada
Portugal
Lisbon Porto Braga Coimbra Faro Funchal Aveiro Évora Sintra Guimarães
Singapore
Marina Bay Orchard Road Sentosa Chinatown Jurong Bugis Clarke Quay Little India East Coast Holland Village
China
Shanghai Beijing Shenzhen Guangzhou Hangzhou Chengdu Wuhan Nanjing Tianjin Suzhou
Australia
Sydney Melbourne Brisbane Perth Adelaide Gold Coast Canberra Hobart Darwin Cairns
Careers
Technology
Software Engineer Data Scientist Arquiteto Cloud AI/ML Engineer DevOps Engineer
Healthcare
Médico Especialista Enfermeiro(a) Pesquisador Biomédico Farmacêutico Clínico Physical Therapist
Engineering
Civil Engineer Electrical Engineer Mechanical Engineer Environmental Engineer Aerospace Engineer
Sciences
Pesquisador Científico Biólogo Molecular Físico Aplicado Químico Industrial Geologist
Finance
Financial Analyst Controller Risk Manager Consultor de M&A Auditor Sênior
Immigrants
Community
Popular Destinations FAQ for Immigrants Success Stories Community
Services
Eligibility Test Cultural Adaptation Get your answers Do your move planning
More
Our Mission FAQ Partnerships & Affiliates Press Advertise With Us Contact Us
Become a partner
US English BR Português ES Español
Want to live abroad?

Privacy Policy

Last updated: May 16, 2026
Effective: upon first access to the Services after this date

This Privacy Policy ("Policy") describes how Visto n' Visa, LLC, a company organized under the laws of the State of Delaware, USA, with its principal business address at 169 Madison Avenue, New York, NY 10016 ("Visto n' Visa"), collects, uses, shares, stores, transfers, and protects personal data in connection with the website vistonvisa.com, its versions in other languages, subdomains, applications, and related services (collectively, the "Services").

This Policy is a global policy, designed to simultaneously comply with: Brazil's General Data Protection Law (Federal Law 13,709/2018 – "LGPD"); the European Union's General Data Protection Regulation (Regulation (EU) 2016/679 – "GDPR"); the UK GDPR and the Data Protection Act 2018; the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act ("CCPA/CPRA"); and other applicable privacy laws in jurisdictions where our Users are located.

Executive Summary (TL;DR)

  • Who we are: Visto n' Visa, LLC, the controller of your personal data.
  • What we collect: data you provide (registration, forms, payments, communications) and data generated by your interaction with the Services (browsing activity, device information, IP address, cookies).
  • Why we use it: to operate and improve the Services, authenticate users, process payments, communicate updates, fulfill legal obligations, prevent fraud, personalize content, and measure audience.
  • Who we share it with: strictly necessary subprocessors (hosting, email, analytics, payments), authorities when required by law, and successors in corporate reorganizations — we never sell your data.
  • Where we process it: your data may be processed in the USA, Brazil, the European Union, and other countries, always with appropriate safeguards in place.
  • Your rights: access, correction, deletion, portability, objection, withdrawal of consent, opt-out of marketing. To exercise: [email protected].
  • How long we retain it: only for as long as necessary for the stated purposes and to comply with legal obligations.

1. Controller and Data Protection Officer (DPO)

1.1. The controller of personal data processed under this Policy is Visto n' Visa, LLC, with its address at 169 Madison Avenue, New York, NY 10016, USA.

1.2. For purposes of the LGPD (art. 41), the GDPR (Arts. 37–39), and the UK GDPR, the Data Protection Officer (also referred to as Encarregado pelo Tratamento de Dados Pessoais) may be contacted at [email protected] or at the postal address above, marked "Attention: Data Protection Officer."

1.3. For purposes of GDPR Art. 27, in the absence of a Visto n' Visa establishment in the European Union or United Kingdom, a representative for the processing of data of data subjects located in the EU/UK may be designated upon request to the same email address.

2. Categories of personal data collected

2.1. Data you provide directly to us:

  • Registration data: first name, last name, email address, password (stored as a hash), phone number, country of residence, preferred language;
  • Immigration profile data (optional, depending on features used): nationality, age, marital status, educational background, profession, languages spoken, work experience, countries of interest, intended visa type, target timeline, declared financial situation, family preferences;
  • Communication data: content of messages submitted through contact forms, chat, support channels, or community features;
  • Payment data: cardholder name, last four digits, card network, billing email address, and billing address — full card numbers are processed directly by payment gateways and are not stored by Visto n' Visa;
  • User-generated content: reviews, comments, testimonials, questions and answers in forums or communities, uploaded attachments, video testimonials;
  • Whistleblower report data: report category, description, attachments, and, optionally, contact information.

2.2. Data collected automatically:

  • Browsing and device data: IP address, session identifier, operating system, browser type and version, device model, screen resolution, time zone, browser language, pages visited, time on page, referring URL, click patterns and interaction data;
  • Cookie and similar technology data: as described in the Cookie Policy;
  • Approximate location data: inferred from IP address (city/region/country) for purposes of currency, language, and editorial relevance personalization — we do not collect precise GPS-based geolocation without an explicit request and consent;
  • Security data: access logs, authentication attempts, brute-force blocking events, anomalous usage patterns.

2.3. Data obtained from third parties:

  • Social authentication providers (when you choose to sign in via Google, Apple, or others): name, email address, and unique platform identifier, within the scopes you have authorized;
  • Marketing and media partners: aggregated campaign data, conversions, and attribution;
  • Public sources: open government databases, public consular records, and editorial sources.

2.4. Sensitive data. For purposes of the LGPD (art. 5, II) and the GDPR (Art. 9), Visto n' Visa does not intentionally collect sensitive personal data (racial or ethnic origin, religious beliefs, political opinions, trade union membership, health data, sexual life, genetic or biometric data). If a User voluntarily provides such data in an open-text field or in content (e.g., a whistleblower report or testimonial), processing will be limited to the essential purpose of the context, with additional safeguards applied.

3. Purposes of processing

3.1. We process your personal data for the following specific purposes:

  • Service operation: authenticating access, maintaining secure sessions, providing contracted features, processing searches and simulations;
  • Customer care and support: answering questions, processing requests, managing complaints;
  • Content personalization: adapting language, currency, editorial recommendations, and offers based on country, declared immigration journey, and prior interactions;
  • Transactional communications: sending confirmations, reminders, receipts, security alerts, and operational updates (these communications are not opt-out while an active contractual relationship exists);
  • Marketing communications: sending editorial newsletters, news, content, and commercial offers, based on your consent (EU/UK) or on an opt-out model in jurisdictions that permit soft opt-in;
  • Measurement and improvement: usage metrics, A/B testing, funnel analysis, bottleneck identification, and quality regression prevention;
  • Payments and anti-fraud: processing payments, validating transactions, preventing and investigating fraud, managing refunds and chargebacks;
  • Legal and regulatory compliance: fulfilling tax, accounting, anti-fraud, and anti-money-laundering obligations, and responding to court orders and requests from competent authorities;
  • Information security: protection against intrusion, abuse, automated scanning, scraping, brute-force attacks, and other threats;
  • Defense in proceedings: exercising rights in administrative, arbitration, or judicial proceedings.

4.1. LGPD (Brazil) – art. 7: we process your personal data on the basis of:

  • Performance of a contract or pre-contractual steps (art. 7, V) — for registration, provision of contracted Services, payment, and support;
  • Compliance with a legal or regulatory obligation (art. 7, II) — tax, accounting, anti-fraud obligations, and responses to official requests;
  • Legitimate interest (art. 7, IX) — information security, fraud prevention, service improvement, and direct marketing to existing customers (always with balancing and respect for data subject rights);
  • Consent (art. 7, I) — non-essential cookies, marketing to non-customers, and optional processing activities;
  • Exercise of rights in judicial, administrative, or arbitration proceedings (art. 7, VI).

4.2. GDPR / UK GDPR (EU and United Kingdom) – Art. 6.1: we process on the basis of:

  • Consent (Art. 6.1.a) — non-essential cookies, marketing, and optional processing;
  • Performance of a contract (Art. 6.1.b) — provision of the Services;
  • Legal obligation (Art. 6.1.c) — regulatory obligations;
  • Legitimate interests (Art. 6.1.f) — security, fraud prevention, customer communications, and product improvement, with a documented balancing test.

4.3. CCPA/CPRA (California): Visto n' Visa acts as a "business" as defined in Cal. Civ. Code § 1798.140 and processes personal information for the commercial purposes described in this Policy. Visto n' Visa does not sell personal information as defined in § 1798.120 and does not share personal information for cross-context behavioral advertising as defined in § 1798.135, unless a California resident actively opts in to such sharing.

5. Cookies and similar technologies

5.1. We use cookies, pixels, local storage, and similar technologies for purposes strictly necessary for the operation of the Services, as well as for measurement, personalization, and marketing, as detailed in the Cookie Policy.

6. Data sharing and subprocessors

6.1. We do not sell personal data. We share personal data only with the categories of recipients listed below, strictly to the extent necessary for the stated purpose and subject to contractual safeguards:

  • Infrastructure and hosting providers (servers, CDN, storage, databases, monitoring, logs);
  • Transactional email and marketing providers (sending confirmations, receipts, and newsletters);
  • Analytics and measurement providers (usage analysis, campaign attribution, aggregated behavioral data);
  • Payment gateways and acquirers (billing processing, anti-fraud, dispute management);
  • Customer care and support providers (ticket management, chat, knowledge base);
  • Whistleblower management platforms (external whistleblowing channel);
  • Auditors, accountants, and attorneys bound by professional secrecy obligations;
  • Competent public authorities, when required by law, court order, or substantiated administrative request;
  • Corporate successors: in the event of a merger, acquisition, spin-off, asset sale, or reorganization, with notice to data subjects.

6.2. An updated list of the main categories of subprocessors is available upon request at [email protected]. We maintain data processing agreements (DPAs) with our subprocessors, requiring data protection standards equivalent to or higher than those set forth in this Policy.

7. International data transfers

7.1. As a global organization with principal operations in the United States, Visto n' Visa carries out international transfers of personal data, particularly to the United States, Brazil, and the European Union, where our servers, subprocessors, and teams are located.

7.2. For data subjects in Brazil (LGPD, art. 33): transfers take place on the basis of (i) performance of a contractual obligation, (ii) implementation of security policies and practices compliant with the LGPD, or (iii) specific consent, as applicable. Subprocessors in the USA and other countries assume contractual obligations equivalent to those required under the LGPD.

7.3. For data subjects in the EU/UK (GDPR, Chapter V): transfers to the USA are carried out on the basis of (i) the EU–US Data Privacy Framework, where the subprocessor is a certified participant; (ii) Standard Contractual Clauses (Commission Decision 2021/914/EU); or (iii) other appropriate safeguards under GDPR Art. 46, supplemented by a transfer impact assessment (TIA) and additional measures where applicable.

7.4. A copy of the applicable safeguards may be requested at [email protected].

8. Data retention and deletion

8.1. We retain your personal data only for as long as necessary for the stated purposes and to fulfill legal obligations. Upon expiration of the applicable retention period, data is securely deleted, anonymized, or pseudonymized.

8.2. Reference retention parameters (may vary depending on applicable law in specific cases):

  • Registration data: while the account is active, and for up to 5 years after closure, for purposes of defense in legal proceedings (CDC art. 27, § 1 and Brazilian Civil Code art. 206);
  • Transaction and billing data: 5 years from closure (CDC art. 27) or the applicable statute of limitations;
  • Accounting and tax data: 5 to 10 years, in accordance with applicable tax law (Brazil and USA);
  • Application access logs: 6 months, pursuant to art. 15 of Brazil's Internet Civil Rights Framework (Federal Law 12,965/2014 – Marco Civil da Internet);
  • Cookie data: per the specific duration of each cookie (see the Cookie Policy);
  • Whistleblower report data: for the period necessary for investigation and, thereafter, in anonymized form for statistical purposes.

9. Your rights as a data subject

9.1. Rights under the LGPD (art. 18):

  • Confirmation of whether processing is taking place;
  • Access to your data;
  • Correction of incomplete, inaccurate, or outdated data;
  • Anonymization, blocking, or deletion of unnecessary, excessive, or non-compliant data;
  • Portability to another service or product provider, subject to trade and industrial secrecy;
  • Deletion of data processed based on consent;
  • Information about public and private entities with which Visto n' Visa has shared data;
  • Information about the possibility of refusing consent and the consequences thereof;
  • Withdrawal of consent;
  • Review of automated decisions (art. 20).

9.2. Rights under the GDPR / UK GDPR (Arts. 15–22):

  • Right of access (Art. 15);
  • Right to rectification (Art. 16);
  • Right to erasure ("right to be forgotten") (Art. 17);
  • Right to restriction of processing (Art. 18);
  • Right to notification of rectification, erasure, or restriction (Art. 19);
  • Right to data portability (Art. 20);
  • Right to object to processing, including direct marketing (Art. 21);
  • Right not to be subject to automated decision-making (Art. 22).

9.3. Rights under the CCPA/CPRA (California):

  • Right to know — to obtain information about the categories and specific pieces of personal information collected (§ 1798.110, 1798.115);
  • Right to delete (§ 1798.105);
  • Right to correct (§ 1798.106);
  • Right to opt-out of sale or sharing (§ 1798.120, 1798.135) — Visto n' Visa does not sell or share for cross-context behavioral advertising by default;
  • Right to limit use of sensitive personal information (§ 1798.121);
  • Right to non-discrimination (§ 1798.125) for exercising your rights;
  • Right to access portability (§ 1798.130).

10. How to exercise your rights

10.1. To exercise any right, submit a request to [email protected], describing your request and providing information that allows us to verify your identity (name, registered email address, and any other information we may request in order to prevent fraudulent requests).

10.2. Response timelines:

  • LGPD: response within 15 days, extendable where necessary with justification;
  • GDPR / UK GDPR: response within 1 month, extendable by a further 2 months in complex cases (Art. 12.3);
  • CCPA/CPRA: response within 45 days, extendable by a further 45 days (§ 1798.130).

10.3. No charge. Exercising your rights is, as a general rule, free of charge. Requests that are manifestly unfounded or excessive may be subject to a reasonable fee or may be refused with justification, pursuant to GDPR Art. 12.5 and CCPA § 1798.145(g).

10.4. Authorized agent. California residents may designate an authorized agent to submit requests on their behalf, subject to a written authorization (§ 1798.135(c)).

11. Automated decisions and profiling

11.1. In certain features, Visto n' Visa uses algorithms to suggest content, recommend visa types, estimate preliminary eligibility, or present personalized offers. These features are informational in nature and do not substitute for human judgment.

11.2. Data subjects have the right to request review of such decisions under LGPD art. 20 and GDPR Art. 22, by contacting [email protected].

12. Information security

12.1. We implement reasonable technical and organizational measures to protect your personal data against unauthorized access, loss, alteration, disclosure, or destruction, including:

  • Encryption in transit (TLS 1.2/1.3) across all Service connections;
  • Encryption at rest in critical storage layers;
  • Password storage using established hashing algorithms;
  • Granular access controls based on the principle of least privilege;
  • Audit logs and anomaly detection monitoring;
  • Server hardening, continuous dependency updates, and vulnerability remediation;
  • Environment segregation (production, staging, development);
  • Periodic staff training on data protection and security.

12.2. Despite all measures taken, no system is absolutely immune to security incidents. In the event of an incident involving personal data that is likely to result in a risk or significant harm to data subjects, we will notify data subjects and competent authorities within applicable legal timeframes (LGPD art. 48; GDPR Arts. 33–34: within 72 hours to the supervisory authority where applicable).

13. Children and minors

13.1. The Services are not directed at children or minors. Visto n' Visa does not intentionally collect personal data from individuals under the age of 18 without the specific and conspicuous consent of a parent or legal guardian, pursuant to LGPD art. 14, GDPR Art. 8, the U.S. Children's Online Privacy Protection Act (COPPA), and other applicable rules.

13.2. If we become aware that we have inadvertently collected data from a minor without an adequate legal basis, we will promptly delete such data. Parents or guardians who identify such a situation should contact [email protected].

14. Marketing and commercial communications

14.1. You may unsubscribe from marketing communications at any time via the unsubscribe link included in every email, through your account preferences, or by contacting [email protected].

14.2. Withdrawal does not affect essential transactional communications (receipts, security alerts, contractual updates).

14.3. In compliance with the CAN-SPAM Act (USA), our commercial communications clearly identify the sender, include a valid physical address, and provide an effective unsubscribe mechanism.

15. Complaints to supervisory authorities

15.1. Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the competent supervisory authority:

  • Brazil: National Data Protection Authority (ANPD) — www.gov.br/anpd;
  • European Union: the national data protection authority of your member state of residence (list at edpb.europa.eu);
  • United Kingdom: Information Commissioner's Office (ICO) — ico.org.uk;
  • California (USA): California Privacy Protection Agency (CPPA) — cppa.ca.gov — and the California Office of the Attorney General.

16. Changes to this Policy

16.1. This Policy may be updated to reflect regulatory changes, the evolution of the Services, or improvements to our practices. Material changes will be communicated with reasonable advance notice (minimum 15 days) via the registered email address or a prominent notice within the Services, indicating the date of the new version.

16.2. We recommend that you review this page periodically. Continued use of the Services after changes take effect constitutes acknowledgment of the updated version.

17. Contact

Visto n' Visa, LLC — Data Protection Officer (DPO)
169 Madison Avenue, New York, NY 10016, United States of America
Email: [email protected]
General: [email protected]
Phone: +1 (302) 694-0834