- Safe connection
- 256-bit secure
- 3.9/5 from real customers
- 70,000+ visas done
Privacy Policy
How we collect, use, store, and protect your personal data on singaporevisaonline.sg.
Effective Date: April 2026 ยท Last Updated: 18 April 20261. Introduction
Welcome to Singapore Visa Online. We are a visa application assistance platform operated by Travel Rox, Inc. We help travellers apply for Singapore eVisas by collecting the necessary information, processing payments, and submitting applications on their behalf.
This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and your rights regarding your data. By using our website and services, you agree to the practices described in this policy.
If you have questions about this policy or your data, contact us at [email protected].
2. Data Controller
Travel Rox, Inc. is the data controller responsible for your personal data processed through singaporevisaonline.sg.
Contact for privacy matters:
Email: [email protected]
WhatsApp: +1-707-606-0634
Website: singaporevisaonline.sg
Postal: 68 Circular Road, #02-01, Singapore 049422
3. What Personal Data We Collect
3.1 Information You Provide Directly
When you use our visa application service, we collect the following categories of personal data:
Primary Contact Information:
Full name (first name and last name).
Email address.
Phone number.
WhatsApp number (optional).
Traveller Information (for each traveller in your application):
Full name as it appears on the passport.
Date of birth.
Nationality.
Passport number.
Any additional information required by the visa application form (such as address, occupation, travel history, and purpose of visit).
Minor Applicant Information: If you are applying on behalf of a minor (a person under 18 years of age), we collect the same traveller information for the minor. By submitting an application for a minor, you confirm that you are the parent or legal guardian of that minor and have the authority to provide their personal data and consent to its processing.
Supporting Documents:
Passport scan or photograph.
Passport-sized photograph.
Proof of financial means.
Invitation letters.
Any other documents required for the specific visa type.
Payment Information:
We do not directly collect or store your credit card or debit card numbers. All payment processing is handled by our third-party payment processor, Stripe. We receive and store:
A unique customer identifier from Stripe.
Transaction reference numbers.
Payment amount and currency.
Payment status (successful, failed, refunded).
3.2 Information Collected Automatically
When you visit our website, we automatically collect:
Technical Data:
IP address (collected at the time of checkout for consent verification).
Browser type and version (user agent string).
Device type.
Pages visited and time spent on each page.
Referring website.
Cookies and Similar Technologies:
Session cookies for website functionality.
Language preference cookies.
Analytics cookies (see Section 7 for details).
3.3 Information from Third Parties
We may receive the following data from our service providers:
Payment confirmation and transaction status from Stripe.
Email delivery status (delivered, bounced, opened) from our email service provider.
4. How We Use Your Personal Data
We process your personal data for the following purposes:
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Processing your visa application | Name, DOB, passport number, nationality, supporting documents, contact details | Performance of contract |
| Processing payments | Payment transaction data, email, order details | Performance of contract |
| Communicating with you about your application status, required actions, and updates | Email address, phone number, name | Performance of contract |
| Sending transactional emails such as payment confirmations, application updates, and visa delivery | Email address, name, application details | Performance of contract |
| Verifying your identity when you check your application status (OTP verification) | Email address, visa reference number | Legitimate interest (security) |
| Preventing fraud and abuse, including rate limiting, account lockout, and duplicate detection | IP address, email, phone number | Legitimate interest (security) |
| Recording consent for terms of service and privacy policy acceptance at checkout | IP address, user agent, timestamp | Legal obligation |
| Maintaining audit trails of administrative actions on your application | Application data, admin action logs | Legitimate interest (accountability) |
| Improving our services through analytics and website performance monitoring | Anonymised usage data, page views, device info | Consent (via cookie consent banner) |
| Advertising and remarketing (if you consent to marketing cookies) | Anonymised identifiers, conversion events | Consent |
We do not use your personal data for automated decision-making or profiling that produces legal effects concerning you. All visa application decisions are made by Singapore's Immigration & Checkpoints Authority (ICA), not by our platform.
5. How We Store and Protect Your Data
5.1 Data Storage
Your personal data is stored on secure cloud infrastructure. Supporting documents (passport scans, photographs, and similar files) are stored in encrypted cloud storage with access controlled through time-limited signed URLs that expire within minutes.
5.2 Security Measures
We implement the following security measures to protect your data:
Encryption in transit: All data transmitted between your browser and our servers is encrypted using HTTPS/TLS.
Password security: Administrative accounts are protected with industry-standard bcrypt hashing with high cost factors.
Session security: HTTP-only, secure, and SameSite cookies prevent unauthorised session access.
Access control: Role-based access control (RBAC) ensures only authorised personnel can access your data.
Multi-tenant isolation: Your data is isolated from other websites operating on our platform.
Account lockout: Automatic lockout after repeated failed login attempts.
Rate limiting: API rate limiting prevents abuse and brute-force attacks.
Payment security: We never store your card details; all payment data is handled by PCI DSS-compliant Stripe.
Webhook verification: All incoming data from payment and email providers is cryptographically verified.
Document access: Uploaded documents are accessible only through temporary signed URLs, not permanent links.
Audit logging: All administrative actions are logged in an append-only audit trail.
5.3 Data Breach Notification
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay, in accordance with applicable law.
6. Third-Party Service Providers
We share your personal data with the following trusted third-party processors, each operating under a Data Processing Agreement (DPA):
6.1 Stripe, Inc. (Payment Processing)
Headquarters: United States.
Data shared: Email address, order amount, currency, transaction metadata (application ID, visa ID).
Purpose: To process your payment securely.
Privacy policy: https://stripe.com/privacy
Note: Stripe is PCI DSS Level 1 certified. Your card details are processed entirely by Stripe and never touch our servers.
6.2 Twilio SendGrid (Email Delivery)
Headquarters: United States.
Data shared: Email address, email content (application status updates, payment confirmations, OTP codes).
Purpose: To deliver transactional emails about your application.
Privacy policy: https://www.twilio.com/legal/privacy
Email tracking: SendGrid may track email delivery status, opens, and clicks to ensure reliable delivery.
6.3 DigitalOcean, LLC (Document Storage)
Headquarters: United States.
Data shared: Uploaded documents (passport scans, photographs, supporting documents).
Purpose: To securely store your application documents in cloud storage.
Privacy policy: https://www.digitalocean.com/legal/privacy-policy
Access control: Documents are stored with private access and are only accessible through time-limited signed URLs.
6.4 Google (Analytics and Tag Management)
Services used: Google Analytics 4, Google Tag Manager.
Data shared: Anonymised usage data, page views, device information, conversion events.
Purpose: To understand how visitors use our website and improve our services.
Privacy policy: https://policies.google.com/privacy
Opt-out: You can opt out of Google Analytics by declining analytics cookies via our cookie consent banner, or by installing the Google Analytics Opt-out Browser Add-on.
6.5 Meta Platforms, Inc. (Advertising)
Service used: Meta Pixel (Facebook Pixel).
Data shared: Anonymised page view events, conversion events (for example, completed applications).
Purpose: To measure the effectiveness of our advertising campaigns.
Privacy policy: https://www.facebook.com/privacy/policy
Opt-out: You can opt out by declining marketing cookies via our cookie consent banner, or through your Facebook Ad Settings.
6.6 Government Authorities
Data shared: All information required for your visa application (name, passport details, date of birth, nationality, supporting documents, and any other information required by the visa form).
Purpose: To submit your visa application to Singapore's Immigration & Checkpoints Authority (ICA) for processing.
Note: Once submitted, the processing of your data by government authorities is governed by their own privacy policies and applicable laws.
We do not sell your personal data to any third party.
7. Cookies and Tracking Technologies
7.1 Cookies We Use
| Cookie | Type | Purpose | Duration |
|---|---|---|---|
| Session cookie | Strictly necessary | Maintains your session while using the website | Session (expires when the browser closes or after inactivity) |
| Language preference | Strictly necessary | Remembers your selected language | 1 year |
| Cookie consent | Strictly necessary | Stores your cookie consent preferences | 12 months |
| Google Analytics | Analytics (requires consent) | Tracks website usage patterns anonymously | Up to 2 years |
| Meta Pixel | Marketing (requires consent) | Tracks conversions for advertising purposes | Up to 90 days |
7.2 Cookie Consent
When you first visit our website, you will see a cookie consent banner. You can choose to:
Accept all cookies: enables analytics and marketing cookies.
Accept only necessary cookies: only functional cookies are set.
Manage preferences: choose which categories to enable.
You can change your cookie preferences at any time through the "Cookie Settings" link in the website footer.
Analytics and marketing cookies are only activated after you provide consent, in compliance with applicable privacy regulations. For the full list of cookies, please see our Cookie Policy.
7.3 How to Disable Cookies
You can disable cookies through your browser settings. Please note that disabling strictly necessary cookies may affect website functionality. For more information on managing cookies, visit www.allaboutcookies.org.
8. International Data Transfers
Our service providers (Stripe, Twilio SendGrid, DigitalOcean, Google, and Meta) are headquartered in the United States. When your data is transferred to these providers, it may be processed outside of Singapore.
These transfers are protected by:
Standard Contractual Clauses (SCCs) approved by relevant data protection authorities.
Data Processing Agreements with each provider.
Appropriate security measures implemented by each provider (encryption, access controls, certifications).
Where required by Singapore's Personal Data Protection Act 2012 (PDPA), we ensure that adequate protections are in place for any cross-border transfer of personal data.
9. Data Retention
We retain your personal data for the following periods:
| Data Category | Retention Period | Reason |
|---|---|---|
| Application data (name, passport, DOB, form answers) | Duration of the visa validity period plus 3 years, or until you request deletion | Legal and contractual obligation; to support reapplication and dispute resolution |
| Supporting documents (passport scans, photos) | Same as application data | Required for application processing and potential government inquiries |
| Payment records (transaction IDs, amounts) | 7 years from the transaction date | Tax and accounting obligations |
| Email communication logs | 2 years from the date of sending | Customer support and dispute resolution |
| Audit logs (administrative actions) | 7 years | Regulatory compliance and accountability |
| Analytics data | As per Google/Meta retention settings (up to 26 months) | Website improvement |
| Consent records (IP, timestamp, accepted terms) | 7 years | Proof of consent for legal compliance |
| Draft applications (not submitted) | Automatically deleted after the configured expiry period (typically 30 days) | No ongoing purpose |
After the retention period expires, your data will be securely deleted or anonymised.
10. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
10.1 Rights Under Singapore Law (PDPA)
Right to access: You may request confirmation of whether we process your data and obtain a copy of it.
Right to correction: You may request that we correct inaccurate or incomplete personal data.
Right to withdrawal of consent: You may withdraw consent for the collection, use, or disclosure of your personal data at any time, subject to legal or contractual restrictions.
Right to data portability: You may request your data in a commonly used machine-readable format.
10.2 Rights Under GDPR (for EU/EEA Residents)
If you are located in the European Economic Area, you additionally have the right to:
Data portability: Receive your data in a structured, commonly used, machine-readable format.
Restriction of processing: Request that we limit how we use your data.
Object to processing: Object to processing based on legitimate interest.
Withdraw consent: Withdraw consent at any time for consent-based processing (this does not affect the lawfulness of processing before withdrawal).
Lodge a complaint: File a complaint with your local data protection supervisory authority.
10.3 How to Exercise Your Rights
To exercise any of these rights, contact us at:
Email: [email protected]
Subject line: "Data Privacy Request: [Your Name]"
We will respond to your request within 30 days. We may need to verify your identity before processing your request, which may require you to provide your visa reference number and the email address used in your application.
11. Children's Privacy
Our visa application services may be used by parents or legal guardians to apply for visas on behalf of minors (persons under 18 years of age).
We do not knowingly collect personal data directly from children. All applications for minors must be submitted by a parent or legal guardian.
By submitting an application for a minor, you confirm that you are the parent or legal guardian and consent to the processing of the minor's personal data as described in this policy.
The personal data of minors is subject to the same security measures and retention policies as adult applicant data.
Parents and legal guardians may exercise data rights on behalf of the minor by contacting us at [email protected].
If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that data promptly.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
Update the "Last Updated" date at the top of this page.
Post the revised policy on this page.
For significant changes, notify you by email (if we have your email address) or through a prominent notice on our website.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.
13. Data Protection Officer
For any privacy-related concerns or grievances, please contact us:
Email: [email protected]
WhatsApp: +1-707-606-0634
Response time: We will acknowledge your enquiry within 24 hours and resolve it within 30 days from the date of receipt.
Questions About Your Privacy?
Our team is here to help with any questions regarding your personal data.
- +1-707-606-0634
- www.singaporevisaonline.sg
Singapore Visa Online is operated by Travel Rox, Inc. All rights reserved.