For enterprise clients, a Data Processing Agreement (DPA) may be executed separately.
Introduction
Vision XIX Labs LLC ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, process, and safeguard your information when you use our mobile applications (including VisaNova and RecallEase), our website, and our cloud and AI engineering consulting services (collectively, the "Services").
This Privacy Policy applies to all users of our Services, including individual consumers and enterprise clients. For enterprise clients with formal agreements, a separate Data Processing Agreement (DPA) may govern data processing activities and will take precedence where applicable.
Please read this Privacy Policy carefully. By using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our Services.
Information We Collect
Consumer Mobile Applications
VisaNova - USCIS Case Tracker
When you use VisaNova, we may collect:
Personal Information: Name, email address, date of birth, marital status
Case Information: USCIS receipt number, priority date, case type (e.g., I-130, I-129F, I-485), service center, processing path (Consular/AOS), NVC status
Location Data: Country of origin (for processing time calculations)
Device Information: Device type, operating system version, unique device identifiers
Usage Data: App features accessed, time spent in app, error logs (for app improvement)
RecallEase - Health, Routine & Reminder
When you use RecallEase, we may collect:
Personal Information: Name, email address (if you create an account)
Health Data: Medication schedules, routine reminders, health tracking information you choose to input
Device Information: Device type, operating system version, unique device identifiers
Notification Preferences: Your notification settings and preferences for reminders
Important: All health and medication data you enter in RecallEase is stored locally on your device. We do not have access to your personal health information unless you explicitly choose to sync it to a cloud service (such as iCloud, if enabled).
Enterprise Consulting Services
When you engage us for cloud or AI engineering consulting services, we may process:
Business Contact Information: Names, email addresses, phone numbers, job titles of your employees and representatives
Account and Access Information: Cloud account identifiers, IAM role information (scoped to project needs), access logs
Technical Data: Infrastructure configurations, system logs, performance metrics, cost data (all within your cloud accounts)
Project Data: Requirements, specifications, deliverables, documentation created during engagements
Communication Data: Emails, meeting notes, support tickets, and other communications related to engagements
Enterprise Data Handling: We process your data only as necessary to provide consulting services. We do not access your production data unless explicitly required and authorized. All work is performed using role-based access in your cloud accounts. We do not store copies of your production data outside your cloud environment unless explicitly agreed in writing.
Website and Contact Forms
When you visit our website or submit contact forms, we may collect:
Contact Information: Name, email address, company name, phone number (if provided)
Inquiry Data: Information about your cloud provider, company size, technical requirements, and other details you provide
Cookies and Tracking: We use essential cookies for website functionality. We do not use third-party advertising cookies or tracking pixels.
Legal Basis for Processing (GDPR/CCPA)
We process personal data based on the following legal bases:
Contract Performance: To fulfill our contractual obligations under consulting agreements and SOWs
Legitimate Interests: To provide, maintain, and improve our Services, ensure security, and prevent fraud
Consent: Where you have provided explicit consent (e.g., marketing communications, optional features)
Legal Obligations: To comply with applicable laws, regulations, and legal processes
For enterprise clients, data processing is governed by the applicable consulting agreement and any executed Data Processing Agreement (DPA).
How We Use Your Information
We use the information we collect to:
Provide, maintain, and improve our Services
Process your requests and provide customer support
Send you notifications related to your case (VisaNova) or reminders (RecallEase)
Deliver consulting services, including cloud infrastructure design, AI system deployment, and related engineering work
Analyze usage patterns to improve functionality and user experience
Detect, prevent, and address technical issues and security threats
Comply with legal obligations and respond to legal requests
Communicate with you about Services, updates, and relevant information (with opt-out options)
AI Model Training: We do not use your data (including enterprise client data, USCIS case information, or health data) to train AI models unless explicitly agreed in writing. We use third-party AI services (e.g., OpenAI, Azure OpenAI) only with appropriate data processing agreements and "no training" terms where available.
Data Storage and Security
Consumer Applications
Local Storage: Most data is stored locally on your device using secure storage mechanisms (UserDefaults on iOS, SharedPreferences on Android). This includes profile information, case details (VisaNova), and health data (RecallEase).
Cloud Storage (Optional): You may choose to enable iCloud sync (iOS) or Google Drive sync (Android) to back up your data across devices. This is entirely optional and controlled by you.
Firebase Services: We use Firebase Cloud Messaging (FCM) to send push notifications. FCM requires a device token, but we do not store your personal information in Firebase unless you explicitly create an account.
Enterprise Consulting Services
Your Cloud Accounts: We perform work directly in your AWS, Azure, or GCP accounts. Your data, systems, and infrastructure remain in your cloud environment under your control. We do not copy or store your production data outside your cloud accounts unless explicitly required and agreed in writing.
Our Systems: We may store project documentation, communications, and deliverables in our secure systems (e.g., version control, project management tools). Access is restricted to authorized personnel and protected by encryption, access controls, and audit logging.
Security Measures
We implement technical and organizational measures to protect your information, including:
Encryption of data in transit (TLS/SSL) and at rest where applicable
Role-based access controls and least-privilege principles
Regular security assessments and vulnerability management
Secure development practices and code review
Audit logging and monitoring of access and changes
Employee training on data protection and security
Incident response procedures
However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
Data Retention
We retain your information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law:
Consumer Apps: Data is retained while you use the Apps and for a reasonable period after account deletion or app uninstallation to comply with legal obligations and resolve disputes
Enterprise Consulting: Project data and communications are retained for the duration of the engagement and for a period thereafter as required by law or as specified in the consulting agreement (typically 3-7 years for business records)
Website Data: Contact form submissions and website analytics data are retained for up to 2 years or until you request deletion
Upon expiration of the retention period, we securely delete or anonymize your information unless we are required to retain it for legal, regulatory, or dispute resolution purposes.
Data Sharing and Subprocessors
We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:
Service Providers (Subprocessors): We may engage third-party service providers who perform services on our behalf, such as:
Cloud hosting providers (AWS, Azure, GCP) for our own infrastructure
Email and communication services (Resend, email providers)
Analytics and monitoring tools (for our website and services)
Payment processors (for consulting services)
AI service providers (e.g., OpenAI, Azure OpenAI) only when explicitly used in consulting engagements and with appropriate data processing agreements
All subprocessors are contractually bound to protect your information and use it only for the purposes we specify.
Legal Requirements: We may disclose information if required by law, regulation, or legal process, or to protect our rights, property, or safety, or that of others
Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections
With Your Consent: We may share information with your explicit consent or as directed by you
Enterprise Clients: A list of subprocessors used in consulting engagements is available upon request. We will notify you of material changes to subprocessors and provide an opportunity to object where contractually required.
International Data Transfers
We are based in the United States. If you are located outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.
For enterprise clients subject to GDPR or other data protection laws:
We rely on Standard Contractual Clauses (SCCs) or other approved transfer mechanisms where required
Data Processing Agreements (DPAs) govern cross-border transfers for consulting engagements
We ensure that subprocessors provide adequate protection for your data
Your Rights and Choices (GDPR/CCPA)
Depending on your location, you may have the following rights regarding your personal information:
Access: Request access to and copies of your personal information
Rectification: Request correction of inaccurate or incomplete information
Erasure: Request deletion of your personal information (subject to legal retention requirements)
Restriction: Request restriction of processing in certain circumstances
Data Portability: Request transfer of your data to another service provider
Objection: Object to processing based on legitimate interests
Withdraw Consent: Withdraw consent where processing is based on consent
Opt-Out: Opt out of marketing communications and certain data uses (CCPA)
To exercise these rights, please contact us at support@visionxixlabs.com. We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.
Note: Some rights may be limited for enterprise clients where data processing is necessary for contract performance or where we act as a data processor under your instructions.
Data Breach Notification
In the event of a data breach that may affect your personal information, we will:
Investigate the breach and take immediate steps to contain and remediate it
Notify affected individuals and relevant authorities as required by applicable law (typically within 72 hours for GDPR, as soon as practicable for other jurisdictions)
Provide information about the nature of the breach, data affected, and steps taken to address it
For enterprise clients, notify your designated security contact as specified in the consulting agreement or DPA
Children's Privacy
Our consumer Apps are not intended for children under the age of 13 (or 16 in the EU). We do not knowingly collect personal information from children under these ages. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we become aware that we have collected information from a child under the applicable age, we will delete it promptly.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:
Posting the updated Privacy Policy on this page with a new "Last Updated" date
Sending an email notification to registered users (for material changes)
For enterprise clients, providing notice as specified in the consulting agreement or DPA
Your continued use of our Services after changes constitutes acceptance of the updated Privacy Policy. If you do not agree, please discontinue use of our Services.
Data Processing Agreements (Enterprise Clients)
For enterprise clients subject to GDPR, CCPA, or other data protection laws, we offer Data Processing Agreements (DPAs) that:
Define our roles and responsibilities as a data processor
Specify data processing purposes, categories, and retention periods
Outline security measures and breach notification procedures
Address international data transfers and subprocessor arrangements
Provide for audit rights and compliance assistance
If you require a DPA, please contact us at support@visionxixlabs.com. We will work with you to execute a DPA that meets your compliance requirements.
Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
For privacy-specific inquiries, please include "Privacy Policy" in the subject line.
EU Representative: If you are located in the EU and wish to contact us regarding GDPR-related matters, you may also contact your local data protection authority.
This Privacy Policy applies to all products and services offered by Vision XIX Labs LLC, including VisaNova and RecallEase mobile applications, our website, and cloud and AI engineering consulting services.