Privacy Policy

Visa Tracker Pro is published by Positive Thinkers Pty Ltd (ABN 90 668 517 119), trading as Positive Education and Migration ("we", "us", "our"). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose and safeguard your information when you use the Visa Tracker Pro mobile application and the website at app.positivemigration.com (together, the "Service"). We handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

By using the Service you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please discontinue use of the Service.

1. Introduction

Visa Tracker Pro is an information and self-help planning tool for individuals exploring Australian skilled-migration pathways. The Service is provided by Positive Education and Migration, a registered migration consultancy. The Service surfaces public data published by the Department of Home Affairs (DHA) and SkillSelect, plus tools you can use to track your own profile, points and documents. The Service does not provide migration advice and is not a substitute for advice from a registered MARA agent.

2. Information We Collect

2.1 Information you provide directly

• Account information: name, email address, and password (stored as a bcrypt hash — we never store passwords in plain text).
• Migration profile: age, English level, qualifications, work experience, occupation code (ANZSCO), partner status, state preference, EOI points and EOI lodgement details. You enter this voluntarily so the Service can compute points, rank you against the latest SkillSelect distribution, and surface relevant pathways.
• Personal contact information: phone number, date of birth, current residency, skill assessment status and visa lodgement status. This information is stored locally on your device only and is never transmitted to our servers.
• Documents: document names, expiry dates and a record of which document categories you have completed. We do not upload your scanned documents to our servers — only the metadata you choose to save.
• Support communications: messages you send via WhatsApp, email or in-app feedback.

2.2 Information we collect automatically (only after you opt in)

• Crash reports: when the app crashes, a stack trace, your operating system version, app version and device model are sent to our crash-reporting providers (Sentry and Firebase Crashlytics — see Section 12). Reports do not include your name, email, passport number, visa number, date of birth, or any migration profile fields.
• Usage events: which screens you visit and which features you use (e.g. "points calculator opened", "VAC calculated for subclass 189"). Values like your actual age, English score, EOI points total and occupation title are never transmitted — only ANZSCO occupation codes, visa subclass numbers and screen names.
• Anonymous identifier: a randomly generated UUID is created on first analytics use and stored on your device. It links your crash reports and usage events to each other across sessions but is not linked to your account, email or any personal information. The identifier is deleted when you delete your account.
• Authentication tokens: a JWT bearer token is issued at login and stored on your device to keep you signed in. This is collected regardless of analytics consent because it is essential to operate your account.

2.3 On-device OCR

2.4 Information we do not collect

• We do not collect biometric data, contacts, calendar entries, photos beyond those you actively share with the document scanner, or precise location.
• We do not run third-party advertising trackers inside the app.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide, operate and maintain the Service, including computing your points, EOI ranking and visa pathway suggestions.
• Authenticate you and keep your session secure.
• Send transactional emails (account confirmation, password reset, billing receipts).
• Respond to your support requests.
• Improve the Service through aggregated, de-identified analytics.
• Detect, prevent and address fraud, abuse or technical issues.
• Comply with legal obligations.

We do not sell your personal information, and we do not use it for unrelated marketing without your consent.

4. How We Share Your Information

We share information only in limited circumstances:

• With your consent — for example, if you ask us to refer you to a registered migration agent.
• Service providers — payment processors, email delivery providers and cloud hosting, bound by contractual confidentiality and used only to deliver the Service.
• Legal compliance — when required by law, court order or to respond to a lawful request from a government authority.
• Business transfer — in the event of a merger, acquisition or sale of assets, your information may transfer to the successor entity, subject to this Policy.

We do not share your migration profile with third-party migration agents, employers or institutions without your explicit consent.

5. Your Choices

• Access and correction: you can view and edit your profile at any time inside the app.
• Deletion: you can delete your account from the Profile screen. On deletion, your account record, profile rows, document metadata and any saved checklists are removed from our database within 30 days. Backups containing residual copies are overwritten on a rolling basis.
• Email preferences: transactional emails are required for the operation of your account. You may opt out of optional product update emails via the unsubscribe link in any such email.
• Marketing communications: we do not send marketing emails by default.

6. Data Security

We take reasonable technical and organisational measures to protect your information:

• All API traffic between the app and our servers uses TLS (HTTPS).
• Passwords are hashed with bcrypt; we never store or log plain-text passwords.
• Access to production systems is restricted to authorised personnel and protected by multi-factor authentication.
• Administrative tools are gated behind a server-side plan === 'admin' role check.
• Personal information stored on your device (phone, DOB, residency, skill assessment status, visa lodgement) never leaves your device.

No method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we will notify affected users in line with the Notifiable Data Breaches scheme under the Privacy Act 1988 if a breach is likely to result in serious harm.

7. Children's Privacy

The Service is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at the address below and we will delete it promptly.

8. Cross-border Disclosure

Our primary data hosting is located in Australia. The following service providers may process your data in the United States:

• Sentry (Functional Software Inc., San Francisco, USA) — crash reports, only if you have opted in to analytics under Section 2.2.
• Firebase Analytics & Firebase Crashlytics (Google LLC, Mountain View, USA) — usage events and native crash reports, only if you have opted in to analytics under Section 2.2.
• Firebase Cloud Messaging (Google LLC, USA) — push notification delivery. The device push token is sent to Google's servers as part of normal FCM operation regardless of analytics consent because it is essential to deliver notifications you have enabled.
• Email delivery — transactional emails are sent via a US-based email service provider.

Where overseas processing occurs, we take reasonable steps to ensure recipients comply with the Australian Privacy Principles or substantively similar protections, including written data-processing agreements where applicable.

9. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in the law, the Service or our practices. The "Last updated" date at the top of this page indicates when changes took effect. Material changes will be communicated through an in-app notice or email. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.

10. Contact Us

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or by phone on 1300 363 992.

11. Pricing

Visa Tracker Pro is currently free to use. The app does not contain in-app purchases, advertising or any paywalled features. If we introduce paid features in the future, we will update this Policy and provide clear notice at the point of purchase.

12. Third-Party Processors

We rely on the following third-party processors to operate the Service. Each is used only to deliver its specific function and is bound by its own published privacy terms:

• Cloud hosting — application servers and the SQLite database, hosted in the Australia region.
• Email delivery — transactional emails (account confirmation, password reset). US-based.
• Authentication — Google Sign-In (Google LLC, USA), for users who choose to log in with Google. We receive only your name, email, profile picture URL and the Google subject identifier. Google Privacy Policy.
• Authentication — Sign in with Apple (Apple Inc., USA), for users who choose to log in with Apple. Apple may issue a private relay email address; we cannot recover your real email if you opt to hide it. Apple Privacy Policy.
• Push notifications — Firebase Cloud Messaging (Google LLC, USA). Used to deliver migration-news alerts and operational notifications. Firebase Privacy and Security.
• Crash reporting — Sentry (Functional Software Inc., San Francisco, USA). Only active after you opt in to analytics. Used to identify and fix software faults. Sensitive fields (passport, visa, name, email, date of birth, phone, migration status) are scrubbed before transmission. Sentry Privacy Policy.
• Crash reporting — Firebase Crashlytics (Google LLC, USA). Only active after you opt in to analytics. Captures native crashes that occur in the Android or iOS layers. Firebase Privacy and Security.
• Usage analytics — Firebase Analytics (Google LLC, USA). Only active after you opt in to analytics. Captures screen views and feature-use events tied to an anonymous device-scoped identifier. Configured with "Not Used for Tracking" — we do not link the identifier to any advertising network. Firebase Privacy and Security.
• Public data sources — the Service displays read-only public data from the Department of Home Affairs, SkillSelect, OMARA and state nomination websites. No personal data is sent to them.

All providers listed above as US-based may process data outside Australia, as disclosed in Section 8.

13. Grievance Officer

If you have any grievance regarding the processing of your personal information or believe this Privacy Policy has been breached, please contact:

We will acknowledge receipt within 7 working days and aim to respond substantively within 30 days, in line with the Australian Privacy Principles.

Positive Thinkers Pty Ltd (ABN 90 668 517 119), trading as Positive Education and Migration, is bound by the Migration Agents Code of Conduct administered by the Office of the Migration Agents Registration Authority (OMARA). Visa Tracker Pro is an information and self-help tool only and does not constitute migration advice. For personal advice, consult a registered MARA agent.