OzVisa Privacy Policy

Effective 14 May 2026 · Last reviewed 14 May 2026

1. Introduction

OzVisa ("the App", "we", "us") is an independent iOS application that helps Australian skilled-migration applicants and planners track their visa journey. This Privacy Policy explains what limited information OzVisa collects, how it is used, and which third-party services participate in those flows.

OzVisa is developed and published by RanKKI Studio. We are a small independent developer; we do not operate as a registered migration agent and we have no affiliation with the Australian Department of Home Affairs ("DHA") or any state nomination program.

2. The Short Version

We do not collect your name, email address, phone number, photo, location, or any directly identifying information.
The only identifier we use is an anonymous random UUID generated the first time you launch the App. It is not linked to your Apple ID, email, or device serial number.
The detailed records you keep in the App (profiles, milestones, points answers, credentials) are stored in your iCloud Private Database when you are signed into iCloud, otherwise in a local file on your device. We have no access to your iCloud Private Database.
A small "profile shape" mirror (visa subclass, ANZSCO code, nominated state, lodgement status) and anonymous milestone events are sent to our backend to power push-notification targeting and cohort statistics.
Subscription state for OzVisa Pro is mirrored from RevenueCat via webhook so our backend can filter premium-only notifications. Payment details remain with Apple.

3. What We Collect

3.1 Anonymous Identifier

On first launch the App calls Supabase Auth's anonymous sign-in, which returns a randomly generated UUID. This UUID is the only identifier we use for backend operations. The session is stored in the iOS Keychain so the same anonymous identity persists across launches.

3.2 Profile Mirror

We mirror the following structural information to our user_app_profiles table, keyed on the anonymous UUID:

Visa subclass code (e.g. 189, 190, 491, 191)
Stream code (e.g. Points-Tested)
ANZSCO occupation code (e.g. 261313)
Nominated state (NSW, VIC, etc.) when applicable
User type (planner or applicant)
Lodgement status (lodged or not)

This mirror is used solely to filter push notifications (for example "send to 190 applicants only"). We do not store the lodgement date itself, milestone dates, points totals, English test scores, or any other detail you enter into the App.

3.3 Anonymous Cohort Events

When you record a milestone (biometrics done, medical complete, application lodged, etc.), an event row is upserted into our analytics_events table containing the anonymous UUID, visa context, event type, and event date. These rows are used to compute aggregate cohort statistics — for example, the median time between lodgement and biometrics for 190 applicants. Individual event rows are never displayed back; aggregates require a minimum sample size before they are revealed.

3.4 Push Notification Token

If you grant push permission, your Apple-issued APNs device token is stored in our notification_tokens table, keyed on the anonymous UUID. The token allows Apple to route notifications to your specific device. Revoking push permission in iOS Settings removes the token on the next app launch.

3.5 Subscription State

If you subscribe to OzVisa Pro, RevenueCat fires a webhook to our backend with the entitlement status. We store the status (active / expired / cancelled), the entitlement identifier, and the expiry date in our user_subscriptions table. We do not see your Apple Pay or payment-method details — Apple and RevenueCat handle the transaction.

3.6 Product Analytics (PostHog)

We use PostHog to record anonymous product analytics: app opens, onboarding started / completed / skipped, paywall views and dismissals, and subscription start / lost events. These events are keyed on the same anonymous UUID and are not enriched with user-identifying information. We use them to understand which parts of the App are useful and to optimise the onboarding flow.

4. What We Do Not Collect

Your name, email, phone, address, photo, or any directly identifying information
IDFA, IDFV, or advertising identifiers (we do not run ads)
Precise or approximate location data
Contacts, calendar, photos, microphone, or camera
Apple Pay or payment-card details
Browsing history outside the App
Any biometric data

5. How and Where Your Data Is Stored

5.1 In Your iCloud (Your Private Domain)

Your detailed profile data — profiles, milestones, dates, points answers, credentials — is stored in your iOS device's iCloud Private Database, a per-user storage area Apple provides. We do not have access to your iCloud Private Database.

5.2 Local File Fallback

If you are not signed into iCloud, the same profile data is stored in a local file on your device only. It is not uploaded anywhere.

5.3 In Our Backend

Only the limited information described in Section 3 is stored on our infrastructure. Our backend is hosted on Supabase (PostgreSQL-as-a-service); see "Third-party services" below.

6. Third-Party Services

OzVisa integrates with the following third-party services. Each is bound by its own privacy practices:

Apple — App Store, iCloud, APNs. apple.com/legal/privacy
Supabase — backend database (PostgreSQL) and anonymous authentication. supabase.com/privacy
RevenueCat — manages subscription receipts and entitlement state. revenuecat.com/privacy
PostHog — product analytics (anonymous events). posthog.com/privacy

We do not sell, license, or share your data with any party outside the operational integrations listed above.

7. Data Retention

Anonymous identifier: persists until you uninstall the App or use the "Start Over" function in the Account screen.
Profile mirror: retained while the anonymous user remains active; deleted within 30 days of a deletion request.
Cohort events: retained for aggregate statistics; we periodically purge events older than five years.
Push tokens: deleted automatically when Apple reports a token as no longer valid (410 Unregistered).
Subscription state: retained while the subscription is or has been active, and for accounting / refund reconciliation thereafter.

8. Your Rights

You may:

Stop using the App at any time. Uninstalling clears the local copy and the iCloud Private Database is yours to manage.
Use the "Start Over" function within the App (Account → Reset) to clear local state and the anonymous user record.
Request deletion of your backend data by emailing [email protected] with the anonymous UUID shown on the Account screen. We will remove your records from user_app_profiles, analytics_events, notification_tokens, and user_subscriptions within 30 days.
If you are an EU resident, you may exercise additional rights under the General Data Protection Regulation (access, rectification, portability, restriction, objection) by emailing the same address.

9. Children's Privacy

OzVisa is not directed at children. We do not knowingly collect data from anyone under 13 (or under 16 in EU jurisdictions). If you become aware that a child has used OzVisa without parental consent, please contact us so we can delete the relevant records.

10. International Transfers

Our backend infrastructure is hosted on Supabase in the Australia (Sydney) region. PostHog uses United States infrastructure (US Cloud). By using the App you consent to your data being transferred to these regions where applicable data-protection regimes may differ from your own.

11. Data Accuracy Disclaimer

The data displayed by OzVisa is point-in-time and may be outdated. DHA policies, processing times, ANZSCO eligibility lists, EOI cutoffs, and state nomination program rules change frequently and without notice. OzVisa ingests public data on a periodic schedule (typically monthly for SkillSelect and EOI rounds). Between updates, the displayed information may not reflect current government policy. Always verify against official DHA and state nomination program sources before making any migration decision.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will update the "Last reviewed" date at the top of this page. Material changes will be flagged in the App on next launch.

13. Contact

Questions or concerns about this Policy? Email [email protected].