Security Overview

This page describes VisaFlow's security approach at a high level. It is intended to explain current themes and practices, not to publish exhaustive or immutable guarantees about every technical control, provider, algorithm, or operational process.

Security approach

VisaFlow is designed to protect sensitive immigration and business information by combining product controls, operational processes, and managed provider safeguards that are appropriate to the service and its risk profile.

Because controls can evolve over time, customers evaluating VisaFlow for procurement, due diligence, or legal review should request the current supporting detail that is relevant to their use case.

Access and authentication

  • VisaFlow is designed to restrict access to authorised users and staff who need it for their role.
  • Depending on the service context, controls may include authentication safeguards, role-based permissions, and account-monitoring measures.

Transport, hosting, and vendors

  • VisaFlow uses managed cloud and software providers to help deliver hosting, email, analytics, and other operational services.
  • Provider footprint, regions, and safeguards can change over time, so specific vendor or regional details are available on request where relevant.

Logging, resilience, and recovery

  • We aim to maintain logging, monitoring, backup, and recovery processes appropriate to the service and risk profile.
  • Retention periods, backup cycles, and restoration procedures may differ by environment, agreement, and operational need.

Incident handling

  • Security concerns are reviewed and escalated internally according to their severity and impact.
  • Where a personal-information compromise is identified, VisaFlow will assess legal and contractual notification duties and respond accordingly.

Website analytics and tracking

Optional analytics and campaign-measurement technologies on the marketing site are gated behind visitor consent. If a visitor declines optional cookies, those technologies are not loaded.

Shared responsibility

Security in a SaaS environment is shared. Customers remain responsible for configuring their own access, choosing what information to upload, deciding whether to enable particular features, and meeting their own legal and operational obligations.

Related legal information

For more detail on privacy and POPIA-related roles, see our Privacy Policy and POPIA Statement.

Contact

If you have a security question or want to report a concern, email security@visaflow.co.za. Privacy-related questions can be sent to privacy@visaflow.co.za.