Privacy Policy

We collect information that you provide directly to us, including: • Personal identification information (name, date of birth, nationality) • Passport information • Contact details (email, phone number, address) • Payment information (processed securely through Stripe) • Travel plans and visa application data • Communication history with our support team

We use your information to: • Process your Russia e-visa application • Communicate with you about your application status • Provide customer support • Improve our services • Comply with legal obligations • Prevent fraud and ensure security

We implement industry-standard security measures: • 256-bit SSL encryption for all data transmission • Secure servers with regular security audits • PCI DSS compliance for payment processing • Access controls and employee confidentiality agreements • Regular backups and disaster recovery procedures We are fully compliant with GDPR (General Data Protection Regulation) and other applicable data protection laws.

We use a cookie consent management system that gives you full control over which cookies are placed on your device. When you first visit our website, a cookie consent banner is displayed. No analytics or marketing cookies are set until you give explicit consent. We use three categories of cookies: • Necessary Cookies (always active): Required for the website to function. These include session cookies, security tokens (CSRF), and cookie consent preferences. These cannot be disabled. • Analytics Cookies (optional): Used to understand how visitors interact with our website. These cookies are only activated after you consent. Analytics tools include Google Analytics 4 (GA4) for traffic analysis, Microsoft Clarity for session recordings and heatmaps, and PostHog for product analytics and funnel tracking. • Marketing Cookies (optional): Used for advertising and remarketing. These are only activated after you consent. Marketing tools include Google Ads for conversion tracking and remarketing. All analytics and marketing tools are loaded through Google Tag Manager (GTM) with Consent Mode v2. This means: • Before consent: GTM loads but all analytics and ad storage is denied. No tracking cookies are set, no data is collected. • After consent: Only the categories you approved become active. GTM updates consent signals and fires the corresponding tags. • Revoking consent: You can change your preferences at any time by clicking the "Cookie Preferences" button in the footer. When you revoke consent, tracking stops and analytics cookies are automatically cleared. Specific cookies used: • _ga, _gid (Google Analytics) — traffic analysis, 2-year / 24-hour expiry • _clck, _clsk (Microsoft Clarity) — session replay, 1-year / 1-day expiry • ph_* (PostHog) — product analytics, 1-year expiry • cc_cookie (Cookie Consent) — stores your consent preferences, 6-month expiry

We work with trusted third-party service providers. Analytics and marketing services only receive your data after you give explicit cookie consent. • Stripe (payment processing) — PCI DSS compliant, processes card payments securely. Privacy: https://stripe.com/privacy • Vercel (hosting) — hosts our website infrastructure. Privacy: https://vercel.com/legal/privacy-policy • Supabase (database and authentication) — stores application data with Row Level Security. Privacy: https://supabase.com/privacy • Mailgun (email delivery) — sends transactional emails (EU region). Privacy: https://mailgun.com/legal/privacy-policy • Google Analytics 4 (usage analytics) — loaded via GTM after analytics consent only. Privacy: https://policies.google.com/privacy • Google Tag Manager (tag management) — manages analytics and marketing tags with Consent Mode v2. Privacy: https://policies.google.com/privacy • Microsoft Clarity (session recordings) — loaded via GTM after analytics consent only. Privacy: https://privacy.microsoft.com • PostHog (product analytics) — loaded with opt-out by default, enabled after analytics consent only. Privacy: https://posthog.com/privacy • Google Ads (advertising) — conversion tracking and remarketing, loaded via GTM after marketing consent only. Privacy: https://policies.google.com/privacy These providers have access only to information necessary to perform their functions and are obligated to maintain confidentiality.

Under GDPR and other privacy laws, you have the right to: • Access your personal data • Correct inaccurate data • Request deletion of your data • Object to data processing • Data portability • Withdraw consent To exercise these rights, contact us at info@russia-visas.com.

We retain your data: • For the duration of your application process • For 7 years after application (legal compliance) • Until you request deletion (where legally permissible) Payment data is not stored on our servers; it is handled directly by Stripe.

Your data may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards are in place through: • Standard Contractual Clauses (SCCs) • Adequacy decisions • Your explicit consent

We may update this Privacy Policy periodically. We will notify you of significant changes via email or prominent notice on our website. Continued use of our service constitutes acceptance of the updated policy.

For privacy-related questions or concerns: Email: info@russia-visas.com Phone: +44 7424 295820 Address: Suite 10153, 5 Brayford Square, London, United Kingdom, E1 0SG Data Protection Officer: info@russia-visas.com