Privacy Policy

1. Data We Gather

We gather several categories of information through our service:

Identity & Travel Data

When you use our platform, we collect identifying details including your legal name, birth date, gender, nationality, passport particulars, contact information, employment data, travel arrangements, and U.S. point-of-contact details.

Financial Data

Payment card details, expiration information, and billing addresses are collected exclusively for fee processing. This data flows through our PCI DSS certified processor and is never retained on our own infrastructure.

Usage & Device Data

We automatically record technical metadata when you interact with our site, including IP addresses, browser specifications, operating environment, referring sources, navigation patterns, and session diagnostics.

2. How We Utilize Your Data

Your information serves the following operational purposes:

• • Authorization Processing: Preparing, verifying, and facilitating the submission of your ESTA request
• • Status Communication: Delivering application progress alerts, confirmation notices, and responding to inquiries
• • Assistance Delivery: Providing support, resolving complications, and enhancing service quality
• • Regulatory Adherence: Meeting obligations under applicable statutes and legal directives
• • Platform Enhancement: Analyzing interaction patterns to refine our application workflow
• • Security Measures: Identifying and mitigating fraudulent activity to protect all users

3. Data Protection Measures

• • Transit Encryption: All data moving between your device and our servers is shielded by 256-bit SSL/TLS protocols
• • Controlled Access: Only authorized personnel with legitimate operational need can view personal records
• • Certification: Our security management framework aligns with international ISO 27001 standards
• • Ongoing Assessment: We perform regular security evaluations, vulnerability testing, and compliance reviews
• • Payment Isolation: Financial transactions are handled by PCI DSS Level 1 certified processors

4. Data Sharing Boundaries

We do not commercialize, trade, or lease your personal records. Sharing occurs only under these conditions:

• • With CBP for the purpose of processing your authorization request
• • With our certified payment processor to execute fee transactions
• • When compelled by statute, regulation, or judicial directive
• • To defend our legal rights, operational integrity, or user safety

5. Retention Schedule

We maintain your records only as long as necessary to fulfill the purposes for which they were gathered, including satisfying legal, financial, or regulatory retention mandates. Application data is typically held for the duration of your authorization validity plus any period required by governing regulations, after which it is securely purged or anonymized.

6. Your Data Rights

Subject to your jurisdiction, you may exercise the following rights:

• • Access: Obtain a copy of the personal data we hold about you
• • Correction: Request amendment of inaccurate or incomplete records
• • Deletion: Request removal of your data (subject to retention obligations)
• • Portability: Receive your data in a structured, transferable format
• • Objection: Challenge the processing of your data for specific purposes
• • Consent Withdrawal: Revoke processing consent at any time

7. Tracking Technologies

We employ cookies and analogous technologies to improve browsing quality, measure traffic patterns, and understand usage behavior. You may manage cookie preferences via your browser settings. Core cookies essential for platform functionality cannot be deactivated.

8. Cross-Border Data Movement

Your information may be transferred to and processed in jurisdictions beyond your country of residence. We ensure appropriate protective mechanisms are in place, consistent with applicable data protection legislation, including Standard Contractual Clauses endorsed by relevant authorities.

9. Minor Applicants

While ESTA applications may be filed for individuals under 18, such submissions must be completed by a parent or legal guardian. We do not intentionally gather personal data from minors without verified parental authorization.

10. Questions & Concerns