Privacy Policy
Last Updated: January 2025 · usestareg.org
Scope of This Document
This Privacy Policy describes how US ESTA REG ("we," "us," "our"), operating at usestareg.org, gathers, processes, stores, and protects the personal data you supply when using our travel-authorization assistance platform. By accessing our website, you consent to the data practices outlined below.
1. Data We Gather
We collect information across several categories to facilitate your filing: Identification Data: Full legal name, date of birth, nationality, birth country, and gender. Passport Data: Document number, issuance date, expiry date, and issuing authority — essential for linking your authorization to your travel document. Contact Data: Email address, telephone number (when provided), and postal address. Travel Data: Planned arrival and departure dates, intended accommodation address, and relevant travel history as required by the filing form. Financial Data: Card details processed through encrypted, PCI-compliant payment gateways. We never retain full card numbers on our infrastructure. Technical Data: IP address, browser type, device identifiers, and cookie information as detailed in our Cookie section.
2. How We Use Your Data
Your information is used exclusively for the following purposes: • Preparing, reviewing, and submitting your authorization filing • Communicating processing updates and status changes • Responding to support inquiries and providing guidance • Verifying identity to prevent fraudulent submissions • Fulfilling legal and regulatory obligations • Enhancing platform functionality and user experience • Sending service-related notifications (never marketing without explicit consent)
3. Security Architecture
We deploy multiple layers of technical and organizational safeguards: • 256-bit SSL/TLS encryption for every data transmission • AES-256 encryption at rest for stored personal records • Scheduled penetration tests and vulnerability assessments • Role-based access controls limiting data visibility to authorized staff • Compliance with international data-protection frameworks No system is entirely impervious to risk. In the unlikely event of a breach, we commit to notifying affected individuals without undue delay.
4. Data Sharing
We do not sell, rent, or trade your personal information for marketing purposes. Sharing occurs only under these limited conditions: • With processing partners required to complete your submission • With payment processors for secure transaction handling • When compelled by law, court order, or regulatory directive • With service vendors operating under strict confidentiality agreements Every third party that receives your data is contractually bound to maintain its confidentiality and security.
5. Retention Period
We retain personal filing data for the duration necessary to deliver our services and meet legal obligations — typically up to five years for compliance and support purposes. You may request early deletion by contacting us, subject to any overriding legal retention requirements.
6. Your Rights
You hold the following rights over your personal data: • Access — obtain a copy of the records we hold about you • Rectification — request correction of inaccurate entries • Erasure — request deletion (subject to legal constraints) • Portability — receive your data in a machine-readable format • Objection — challenge specific processing activities • Consent withdrawal — revoke previously granted consent To exercise any right, email [email protected].
7. Cookie Usage
Our platform uses cookies to maintain session state, analyze traffic patterns, and remember user preferences. Essential cookies are required for basic functionality. Analytics and preference cookies may be declined through your browser settings without impacting core features.
8. Privacy Inquiries
For questions, data requests, or concerns regarding how your filing information is handled, contact our Data Protection team at [email protected]. We aim to respond to all valid requests within thirty calendar days.