Privacy Policy

Welcome to GoSuro ("we", "us", or "our"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our platform.

Please read this policy carefully. If you disagree with its terms, please discontinue use of our services. By accessing GoSuro, you acknowledge that you have read and understood this Privacy Policy.

Last updated: February 2026

We collect information in the following ways:

Information You Provide Directly

• Account & Profile Data: Name, email address, nationality, travel history, and visa-related documents you voluntarily submit for assessment.
• Communications: Messages, feedback, or support requests you send to us.
• Early Access Registrations: Email address and any optional details submitted through our early-access or waitlist forms.

Information Collected Automatically

• Usage Data: Pages visited, features used, time spent, and interaction patterns within the platform.
• Device & Technical Data: IP address, browser type, operating system, referring URLs, and device identifiers.

Information from Third Parties

• We may receive limited information from authentication providers (e.g., Google OAuth) if you choose to sign in via a third-party account.
• Publicly available travel advisories and visa-requirement databases used to power our AI-driven insights.

We use the information we collect for the following purposes:

• Service Delivery: To validate documents, generate cover-letter drafts, and provide personalised visa-readiness assessments.
• Platform Improvement: To understand how users interact with GoSuro and to improve features, reliability, and performance.
• Communications: To send service updates, security alerts, and — only with your consent — promotional content about new features.
• Legal & Safety: To comply with applicable laws, enforce our Terms of Service, and protect the rights and safety of our users and the public.
• AI Model Training: Aggregated and fully anonymised data may be used to improve our AI models. Individual documents are never used for training without explicit opt-in consent.

We do not sell, trade, or rent your personal information to third parties. We may share data in the following limited circumstances:

• Service Providers: Trusted vendors who help operate our infrastructure (cloud hosting, analytics, email delivery). All processors are contractually bound to handle data only on our instructions and in accordance with this policy.
• Legal Requirements: When required by law, court order, or governmental authority, or when necessary to protect the rights, property, or safety of GoSuro or its users.
• Business Transfers: In the event of a merger, acquisition, or asset sale, your data may be transferred. We will notify you via email and/or a prominent notice on our website before any such transfer occurs.

We retain personal data only for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law.

• Account Data: Retained while your account is active and for up to 90 days after deletion, to allow account recovery and dispute resolution.
• Document Uploads: Deleted from our servers within 30 days after processing is complete, unless you explicitly save them to your account.
• Analytics & Logs: Anonymised usage logs retained for up to 24 months for product analytics purposes.

You may request early deletion of your data at any time by contacting us at privacy@gosuro.com.

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request that inaccurate or incomplete data be corrected.
• Deletion: Request deletion of your personal data ("right to be forgotten").
• Portability: Receive your data in a structured, machine-readable format.
• Objection / Restriction: Object to or restrict certain processing activities, including direct marketing.
• Withdraw Consent: Where processing is based on consent, withdraw it at any time without affecting prior lawful processing.

To exercise any of these rights, contact us at privacy@gosuro.com. We will respond within 30 days (or as required by applicable law).

We implement industry-standard technical and organisational safeguards to protect your information, including:

• TLS encryption for all data in transit.
• AES-256 encryption for sensitive data at rest.
• Role-based access controls limiting internal data access to authorised personnel only.
• Regular security audits and penetration testing.
• Automated anomaly detection and incident-response procedures.

While we take every reasonable precaution, no method of transmission over the internet is 100% secure. We encourage you to use a strong, unique password and to contact us immediately at security@gosuro.com if you suspect any unauthorised access to your account.

GoSuro is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe that a child has provided us with personal data, please contact us immediately at privacy@gosuro.com and we will promptly delete such information.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:

• Update the "Last updated" date at the top of this page.
• Send an email notification to registered users (for significant changes).
• Display a prominent notice on our website for at least 30 days.

Your continued use of GoSuro after the effective date of any changes constitutes your acceptance of the revised policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to us:

• Email: privacy@gosuro.com
• General Enquiries: hello@gosuro.com

We are committed to resolving any privacy-related concerns promptly and transparently.