Privacy Policy — Visa India Online MCP Connector

Effective date: 2026-05-01

This page describes how the Visa India Online Model Context Protocol (“MCP”) connector handles data when an AI assistant (such as Claude, ChatGPT, or Gemini) calls our tools on your behalf. This policy applies to the MCP connector only. The Visa India Online website has its own separate privacy policy that governs the application form, document uploads, and payments — see {WEBSITE_PRIVACY_URL}.

If you have not enabled or invoked the Visa India Online connector through your AI assistant, this policy does not apply to you.

1. Who we are

Visa India Online is operated by {OPERATOR_LEGAL_NAME}, an independent visa facilitation service. We are not a government agency and we do not make visa decisions. Visa approval is granted solely by the relevant government authority of the destination country.

For privacy-related questions or to exercise the rights described in section 6, contact us at support@visain.in.

2. What data the MCP connector collects

The connector collects only the structured tool inputs your AI assistant sends. The full set of fields is:

• passport_country — ISO-3166 alpha-2 country code (e.g. DE, US).
• destination_country — ISO-3166 alpha-2 country code.
• visa_type — visa product code (e.g. evisa); optional, defaults to the connector’s primary type.
• purpose — one of tourism, business, transit, study, work; optional.
• arrival_date — ISO-8601 date (YYYY-MM-DD); optional.
• traveler_count — integer between 1 and 10; optional, defaults to 1.

That is the complete input surface. We do not collect, request, or accept through this connector:

• Names, email addresses, phone numbers, or any other personally identifying information.
• Passport numbers, passport scans, or any document images.
• Payment information.
• Free-text fields, conversation history, or anything outside the structured fields above.

Any of those (where applicable) are collected only on the Visa India Online application website after you click an apply link — that collection is governed by the website’s own privacy policy ({WEBSITE_PRIVACY_URL}), not this one.

3. How we use the data

When your AI assistant calls a tool, the connector:

1. Validates the input against the schema above.
2. Forwards the validated values to our backend visa platform to look up the eligibility rule and (for the packages tool) the package and pricing data for your destination.
3. Returns the structured response to your AI assistant, which presents it to you.

The backend visa platform is operated by {OPERATOR_LEGAL_NAME} as part of the same service; it is not an independent third party. Communication between the MCP connector and the backend runs over a private network with a service-identifier header (X-Service: vcore-mcp-server) so we can distinguish MCP traffic from website traffic in our operational logs.

4. What we log, and for how long

For each tool call we record an audit row containing:

• A timestamp.
• The tenant identifier (e.g. visain).
• A salted SHA-256 hash of the MCP session identifier — never the raw session ID.
• The tool name (check_visa_eligibility or list_visa_packages).
• A salted SHA-256 hash of the structured inputs (passport country + destination country + visa type) — the raw values are not stored, only the 16-character hash.
• Round-trip latency to the backend visa platform, in milliseconds.
• A response status (success, vcore_error, unsupported_destination).
• The name of the calling AI assistant if it identified itself during MCP initialization (e.g. claude-desktop, chatgpt).

These rows let us measure usage volume and reliability per tenant. They do not let us identify individual users or recover the original input values.

Retention: audit rows are retained for at most 90 days and then deleted. We do not store the request bodies, the tool responses, or any other artifact of individual tool calls beyond the audit row described above.

5. Third-party data flow

When you use this connector, your AI assistant transmits your prompt to its own platform (Anthropic, OpenAI, or Google) and forwards a structured tool call to us. The AI platform sees the prompt you typed and our response — that is part of how AI assistants work. Their handling of that data is governed by their privacy policies, not this one. Refer to:

• Anthropic: https://www.anthropic.com/privacy
• OpenAI: https://openai.com/policies/privacy-policy/
• Google (Gemini): https://policies.google.com/privacy

We do not share audit rows, tool inputs, or tool responses with any third party other than what is necessary to operate the service (i.e. our own backend visa platform described in section 3). We do not sell any data.

6. Your rights

Because the connector does not collect personally identifying information, most data-subject rights (access, correction, portability, erasure) are not applicable in the technical sense — there is nothing tied to your identity for us to retrieve, correct, or delete. The salted hashes in our audit log are non-reversible.

That said, if you believe data about you has reached us through this connector, contact us at support@visain.in and we will investigate.

If you are a resident of the European Economic Area, the United Kingdom, or another jurisdiction with applicable data protection law, you have the right to lodge a complaint with your local supervisory authority.

7. Security

We treat the MCP connector and its backend the same way we treat the rest of Visa India Online: HTTPS in transit, private-network isolation between the MCP server and the backend, no plaintext logging of inputs, hashed session identifiers, and monthly review of access. To report a suspected security issue, email support@visain.in with subject line SECURITY.

8. Children

The connector is not directed at, and we do not knowingly process tool inputs concerning, children under 13 (or the equivalent minimum age in your jurisdiction). The structured inputs (country codes, dates, counts) cannot identify a child on their own.

9. Changes to this policy

We will update this page as the connector evolves. Material changes will update the effective date at the top.

10. Contact

Visa India Online {OPERATOR_LEGAL_NAME} {OPERATOR_ADDRESS} support@visain.in