Privacy Policy

Privacy Policy for thevisajourney.com

Operated by Celestial Compass LLC
Effective: August 7, 2025

 

    • We publish firsthand U.S. visa experiences and offer a 15-minute “Experience Q&A Session” ($9.99 USD) focused on sharing personal experience—not legal advice.

    • We collect info you provide: name, email, time zone, booking details, messages, comments, story submissions (and newsletter sign-ups if you opt in).

    • Payments are processed by Stripe; we do not store full card numbers.

    • We automatically collect technical data like IP address, device/browser type, pages viewed, referral URLs, approximate location, and we use cookies.

    • We use trusted service providers: Hostinger (hosting), Stripe (payments), Bookly (scheduling), Google Analytics (analytics), plus anti-spam and security tools.

    • Manage cookies via Cookie preferences or your browser settings.

    • You have privacy rights (e.g., access, delete). Submit requests at Contact.

    • We keep data only as long as needed for the purposes in this policy, then delete or de-identify it.

California “Notice at Collection”

  • Purpose: Celestial Compass LLC collects personal information to operate thevisajourney.com, publish firsthand visa experiences, and provide a 15-minute Experience Q&A Session. We do not sell or share personal information for cross-context behavioral advertising.
  • Categories Collected: identifiers (name, email); customer/booking info (time zone, selected slot, reminders); commercial info (transaction details via Stripe); internet/network activity (IP address, device/browser, pages viewed, referral URLs); approximate location (IP-based); user content (comments, story submissions). We do not intentionally collect sensitive personal information—please do not submit it.
  • Sources: directly from you; automatically via cookies and similar technologies; and from service providers—Hostinger (hosting), Stripe (payments), Bookly (scheduling), Google Analytics (analytics).
  • Purposes of Use: provide site content and Experience Q&A Sessions; schedule sessions and process payments; send confirmations and receipts; secure and maintain the site; prevent fraud/abuse; analyze performance and improve services; comply with legal and tax obligations.
  • Retention: bookings and session metadata ~24 months; payment records up to 7 years; analytics logs 12–24 months; newsletter data until you unsubscribe; comments and stories until removed or moderated.
  • Your Rights (CCPA/CPRA): know/access, correct, delete, data portability, and (if our practices change) opt-out of sale/share; non-discrimination. Submit requests at Contact. Manage cookies at Cookie preferences and via your browser settings.

1) Who We Are & Scope

    • Celestial Compass LLC (“we,” “us,” “our”) is the controller of personal information collected on thevisajourney.com (the “Site”). We are U.S.-based and welcome global visitors. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Site.

2) Information We Collect

    • You provide: name, email, time zone, booking details, messages, comments, story submissions, and any other information you send us.
    • Payments: processed by Stripe. We receive limited payment metadata (e.g., transaction ID) and do not store full card data.
    • Automatically collected: IP address, device and browser info, pages viewed, referral URLs, approximate location (from IP), and cookie identifiers.
    • From third parties:  bookly, Google Analytics, anti-spam tools (e.g., comment spam filtering), embedded social media or video platforms may provide or receive limited data.
    • Sensitive data: We do not intentionally collect sensitive categories (e.g., government IDs, health data). Please do not submit sensitive information in bookings, messages, or public posts.

3) How We Use Information (Purposes)

    • Provide and improve the Site and content.

    • Schedule and deliver the Experience Q&A Session; send confirmations and reminders.

    • Process payments and send transactional emails/receipts.

    • Respond to inquiries and moderate user submissions.

    • Secure the Site; prevent, detect, and investigate fraud or abuse.

    • Measure performance and understand how the Site is used.

    • Comply with legal, tax, and regulatory obligations.

4) Legal Bases / Authority

    • EU/UK visitors (GDPR/UK GDPR):

      • Contract (to provide the Site and sessions you request).

      • Legitimate interests (security, fraud prevention, analytics, basic personalization, site operations).

      • Consent (cookies not strictly necessary, marketing emails).

      • Legal obligation (tax, accounting, compliance).

      • U.S. state privacy laws (e.g., CCPA/CPRA):
        We act as a “business.” See Notice at Collection for categories and purposes. We do not sell or share personal information for cross-context behavioral advertising.

5) Cookies & Tracking

    • We use cookies and similar technologies:

      • Strictly necessary: enable core site functions (security, session).

      • Performance/analytics: understand traffic and improve the Site.

      • Functional: remember preferences (e.g., time zone, cookie choices).

      • Advertising (if any): only if we add ads; we will update this policy and provide choices.

      • Manage cookies in your browser settings. Blocking some cookies may impact features.

6) Sharing & Disclosures

    • We share personal information with trusted service providers under contracts that limit use of your data to our instructions and require confidentiality and security safeguards. These include: Hostinger (hosting and infrastructure), Stripe (payments), Bookly (scheduling), Google Analytics (performance/analytics), and backup/monitoring providers. Stripe processes payments and card data directly; we receive only limited transaction metadata (e.g., amount, time, last 4 digits) for receipts and accounting.

    • We may disclose information if we believe it is necessary to: comply with law or legal process, enforce our Terms, protect our rights, privacy, safety, or property, or address fraud, security, or technical issues.

    • We may transfer information in connection with a business transaction (e.g., merger, acquisition, financing, reorganization, or sale of assets). You will be notified of any material change in ownership or control that affects your personal information.

    • We may publish aggregated or de-identified insights that do not identify you.

    • We do not sell or “share” personal information for cross-context behavioral advertising as defined by the CCPA/CPRA. If our practices change, we will update this Policy and provide opt-out links and disclosures as required.

7) Data Retention

    • We keep data only as long as needed for the purposes above, then delete or anonymize it. Typical periods:

      • Bookings & session metadata: ~24 months after the session.

      • Payment records (via Stripe) & invoices: up to 7 years (tax/accounting).

      • Technical logs & analytics: 12–24 months.

      • Comments/stories: until you delete or request removal, or if we moderate them.
        We also consider legal requirements, dispute resolution, and security when setting retention.

8) Security

    • We use reasonable safeguards: encryption in transit (HTTPS), least-privilege access, regular updates, monitored hosting, and backups. No method is 100% secure. If we learn of a breach that affects you, we will notify you as required by law.

9) Your Rights

    • EU/UK (GDPR/UK GDPR): You may request access, portability, correction, deletion, restriction, and objection to certain processing, and you may withdraw consent at any time (where processing is based on consent). You can also complain to a supervisory authority. 
    • U.S. States (e.g., CCPA/CPRA): You may have rights to know/access, correct, delete, opt-out of sale/share (if ever applicable), and limit use of sensitive info (not intentionally collected). We will not discriminate for exercising rights. Submit requests at Contact or email support@thevisajourney.com. We will verify your identity before acting on your request and may use an authorized agent as the law allows.
    • Do Not Track: Some browsers send “DNT” signals. We do not respond to DNT at this time.

10) International Data Transfers

      • We process data in the United States. If we transfer personal data from the EU/UK or other regions with data-transfer rules, we rely on appropriate safeguards (e.g., Standard Contractual Clauses, UK IDTA/Addendum) with our providers. To request a copy of the relevant safeguards, contact support@thevisajourney.com.

11) Children’s Privacy

    • The Site is not directed to children and we do not knowingly collect personal information from those under the age required by local law (e.g., 13 in the U.S., 16 in parts of the EU). If you believe a child provided data, contact us and we will delete it.

12) Third-Party Links & Social Features

    • We may link to third-party sites or embed third-party content (e.g., calendars, videos, social posts). Their data practices are governed by their own privacy policies. Please review them before using those services.

13) User Submissions & Public Areas

    • Comments and story submissions may be publicly visible. Do not post information you do not want made public. Avoid sharing personal or sensitive data about yourself or others.

14) Changes to This Policy

    • We may update this Privacy Policy from time to time. Changes take effect when posted with a new “Last Updated” date. If changes are significant, we may provide additional notice (e.g., banner or email, where possible).

15) Contact

    • Questions, disputes, or notices: Contact.