Last Updated: 06/17/2025
1. Introduction
Welcome to D4U (“we”, “our”, “our company”). We are an international planning company providing technical, strategic, and organizational support, headquartered in Florida, USA. We understand the sensitive nature of the information you entrust to us and are deeply committed to protecting your privacy and handling your personal data securely, transparently, and in compliance with applicable laws, including Florida regulations such as the Florida Information Protection Act (FIPA).
This Privacy Policy explains how we collect, use, share, protect, and store your personal information when you use our services (the “Service”). It details the specific—and often sensitive—types of data required for these processes and describes your rights regarding your data and how to exercise them.
By using our Service, you acknowledge that you have read and understood this Privacy Policy. We will request your active consent for any relevant changes to this policy, as described in Section 13.
2. Information We Collect
To provide our technical, strategic, and organizational support services, we need to collect specific and often highly sensitive personal information required by government agencies (such as U.S. Citizenship and Immigration Services – USCIS, Department of State – DOS, Customs and Border Protection – CBP, and relevant embassies/consulates). The types of personal data we collect include, but are not limited to:
- Personal Identifiers: Full legal name, previous names, date and place of birth, gender, marital status.
- Contact Information: Current and previous physical addresses, email address, phone number(s).
- Government-Issued Identification: Passport details (number, issue/expiration dates, issuing country), national identity number, Alien Registration Number (A-Number), Social Security number (if applicable), driver’s license information.
- Biographical and Family Information: Data about your parents, spouse(s), children, and, if necessary, other relatives required by specific forms (including names, dates/places of birth, addresses, immigration status).
- Immigration Status and History: Current status, previous visa applications/petitions (approved or denied), entry/exit records, details of previous immigration processes.
- Professional and Educational History: Information about current and previous employers (names, addresses, dates, positions, salaries), educational institutions attended, degrees obtained.
- Financial Information: Bank statements, proof of income/assets, tax returns, financial sponsor data (as required for certain types of visas, such as financial support statements).
- Travel History: Records of international travel, including dates, destinations, and purpose of travel.
- Supporting Documentation: Copies of birth certificates, marriage certificates, divorce decrees, military records, criminal background checks (if applicable/required), photographs in compliance with government specifications, and other documents necessary to support your application.
- Limited Biometric Information: We may collect photographs required in processes. We may assist you in scheduling biometric collections (such as fingerprints) at official centers, but we generally do not collect or store fingerprint data.
- Health Information: Data related to medical exams required for certain visas or immigration benefits, typically provided by you or designated doctors/panel physicians during the process.
- Account Data: Username and password (encrypted) for access to our client portal (if offered), communication preferences.
- Communication Data: Records of our communications with you (emails, secure messages, case notes) related to your case.
- Technical and Usage Data (for online portals/sites): IP address, browser type, operating system, usage patterns on our website or client portal (if applicable), primarily used for security and service enhancement.
We collect this information directly from you (or authorized third parties acting on your behalf with your explicit permission) through consultations, application forms, secure document uploads, and communications. Providing this information is necessary to effectively use our services.
3. How We Use your Information
Your personal data is used exclusively for the following purposes:
- To provide technical, strategic, and organizational support services:
- Complete and prepare required government forms (e.g., USCIS forms, DS forms) on your behalf.
- Gather and organize necessary supporting documentation.
- Submit applications and petitions to the relevant government agencies (USCIS, DOS, NVC, consulates, etc.) as per your instructions.
- Communicate with government agencies about your case status, respond to Requests for Evidence (RFEs), etc., on your behalf (when authorized).
- Provide updates and guidance throughout the application process.
- To communicate with you:
- Respond to your inquiries, provide case updates, and send important notices related to your application or our services.
- For security and compliance:
- Protect the security and integrity of your data and our systems, prevent fraud, comply with legal and regulatory obligations (including professional conduct rules and information registration requirements), and enforce our terms of service.
- To improve our services (internal use):
- Analyze process efficiency or identify common client needs using anonymous or aggregated data that does not allow personal identification. We do not use your sensitive data for general marketing analysis.
- To personalize your experience:
- Adjust content and functionalities based on your preferences or usage patterns.
- Use of de-identified, anonymized, or pseudonymized data:
- We may process your data to create de-identified, anonymized, or pseudonymized datasets. This means removing or modifying information that could reasonably identify you.
- We may use these aggregated or anonymized data for research, analysis, service improvement, industry reports, or other legitimate business purposes.
- We will not attempt to re-identify these data. They may be shared with third parties, as described in Section 4, but only in a way that does not allow personal identification.
4. Data Sharing and Disclosure
We handle your highly sensitive data with extreme care and strictly limit its sharing.
- We do not sell your personal data: D4U does not sell your personal data under any circumstances for profit or any type of monetary transaction. Your information is never shared with data brokers or marketing companies for independent use.
- Government Agencies: The primary reason for collecting your data is to submit it to the relevant government agencies (such as USCIS, DOS, NVC, CBP, U.S. Embassies/Consulates) as required for processing your visa or immigration application. This sharing is essential for the service you contracted, and you authorize us to do so when you hire our services.
- Third-Party Service Providers: We may use carefully selected third-party service providers who act on our behalf under strict confidentiality agreements. These providers are contractually obligated to protect your data, respect the terms of this Privacy Policy, and are prohibited from using or disclosing your personal information (including any de-identified data derived from it) for any purpose other than providing the contracted service, without your active and explicit consent. Examples include:
- Secure cloud storage providers: Azure Cloud Services – to securely store your files and documents.
- Secure communication platforms: (e.g., encrypted email services, secure client portals – to communicate with you).
- Payment processors: (e.g., LawPay, Stripe, PayPal – to securely process service fees. We typically do not store full credit card numbers).
- IT/Security consultants: To assist in maintaining secure systems.
- HubSpot for customer relationship management; attorneys; translation service providers; expert opinion letter services; academic validation companies; resume/CV formatting services; among others.
- Legal Requirements: We may disclose your information if required by law, subpoena, court order, or other legal process, or if we believe in good faith that disclosure is necessary to:
- comply with a legal or regulatory obligation (including professional ethics rules);
- protect and defend our rights or property;
- prevent or investigate possible misconduct related to the Service;
- protect the personal safety of clients or the public; or
- protect against legal liabilities.
- Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or part of our assets, your information may be transferred. We will notify you as described in Section 12 and ensure the protection of your data.
- With Your Explicit Consent: We will not share your sensitive immigration-related data with third parties (such as marketing companies or unrelated partners) without obtaining your separate, active, and informed consent, clearly identifying the recipient and purpose. Given the nature of our services, this type of sharing is highly unlikely.
5. Your Choices, Risks, and Benefits in Data Sharing
- Essential Sharing: Sharing your data with the relevant government agencies is mandatory for processing your immigration or visa application. If you choose not to allow this sharing, we will not be able to provide the requested service. Sharing with essential third-party service providers (such as secure hosting) is also necessary for us to operate and manage your process securely and efficiently.
- Risks: Providing highly sensitive personal data involves inherent risks, such as:
- Possible data breaches (both within our company and at government agencies or third-party providers, despite security measures);
- Misuse of information if accessed by unauthorized individuals;
- Potential refusals or more rigorous reviews in your immigration process, depending on the information provided (which is part of the nature of the immigration process);
- Errors in the data provided can also lead to significant delays or even denial of the application.
- Benefits: The main benefit of sharing your data with us is receiving professional support to navigate complex immigration procedures, increasing your chances of success in the process.
- Impact on Third Parties: Your process generally requires information from family members (spouse, children, parents). By providing this information, you confirm that you have the necessary authorization or consent to do so. Additionally, the outcome of your application may directly impact these family members.
6. Your Rights and Control over your Data
You have rights over your personal data, in accordance with applicable laws and with some specific limitations due to the nature of immigration processes:
- Right of Access: You may request a copy of the personal data we hold about you, as well as your case file.
- Right to Rectification: You may request the correction of incorrect or incomplete personal data. It is crucial that this information is accurate for your immigration processes.
- Right to Erasure (Deletion): You have the right to request the permanent deletion of your personal data from our active systems after the completion of our service.
How to Request Deletion: Send an email to [email protected] with the subject “Data Deletion Request”. We will need to confirm your identity before processing the request.
Timeframe and Limitations for Deletion: After receiving your duly verified request, provided our service has been completed and there are no outstanding financial obligations, your data will be deleted from our active systems within 30 days. However, according to legal, regulatory, and professional liability requirements related to immigration services and Florida state laws, we are required to retain copies of client files—including personal data—for a period of seven (7) years after the closure of the process or contractual relationship.
These data will be securely archived, isolated from any active processing, and will be used only for compliance, audit, or legal defense purposes, being permanently destroyed after this period.
Important: We cannot delete data that has already been submitted to government agencies.
- Right to Restrict Processing: You may request the limitation of the processing of your data in certain circumstances (which may impact our ability to provide the service).
- Right to Data Portability: You may request that essential elements of the data provided be delivered to you in a structured and commonly used format.
- Right to Object: You may object to the processing of your data in specific circumstances (although this is unlikely to apply to the essential services we provide).
- Right to Withdraw Consent (for non-essential processing): In cases where data processing depends on your consent (in optional activities, which is rare in our context), you may revoke it at any time.
To exercise any of these rights, contact us via email at [email protected].
7. How to Close your Account / Conclude Services
You may inform us at any time of your decision to terminate our services and finalize your process by directly contacting your case manager or sending an email to [email protected].
Closing your account/process will initiate our internal closure procedures, including the data retention and deletion practices described in Sections 6 and 10.
Any outstanding amounts must be settled as established in the service agreement.
8. Data Security
We take the security of your highly sensitive personal data extremely seriously. We have implemented robust technical, administrative, and physical security measures designed to protect your information against unauthorized access, disclosure, alteration, loss, or destruction, in compliance with industry best practices and Florida legislation (including FIPA requirements on “reasonable security measures”). These measures include:
- Encryption: Encryption of data both in transit (e.g., TLS/SSL) and at rest (e.g., encryption of database fields and stored documents).
- Access Controls: Strict access controls (role-based access and principle of least privilege) to ensure that only authorized employees who genuinely need the information to perform their duties can access your data.
- Secure Storage: Use of secure, reliable cloud storage providers and infrastructure with a strong security posture.
- Secure Document Handling: Procedures for the secure receipt, storage, and transmission of sensitive documents.
- Audits and Monitoring: Periodic security assessments and system monitoring.
- Employee Training: Mandatory training for all employees on data privacy, confidentiality, and security protocols.
- Incident Response Plan: Specific procedures to respond quickly to any security incidents.
Despite these measures, no system is completely invulnerable. We cannot guarantee absolute security, but we are committed to maintaining the highest standards of protection.
9. Data Breach Notification
In the unlikely event of a data breach involving your personal information that could reasonably pose a risk of harm or identity theft, we will take immediate action. We will notify you without undue delay, in accordance with applicable legislation (including FIPA notification requirements, Florida). This notification will typically be sent by email and include:
- The nature of the breach;
- The types of information potentially affected;
- The measures we are taking to resolve the situation and mitigate damages;
- Guidance on actions you can take to protect yourself.
If required by law, we will also notify the competent regulatory authorities (such as the Florida Attorney General’s office).
10. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected: providing the requested immigration services, resolving your case, and subsequently complying with legal, regulatory, and professional obligations.
- Active Processes: Data is retained while your process is active and we are providing services.
- Closed Processes/Files: As mentioned in Section 6, due to legal and professional requirements applicable to immigration service providers, we are required to retain client files—including personal data—for a period of seven (7) years after the conclusion of your process or termination of our representation. These data are securely archived and accessed only when absolutely necessary, for compliance, audit, or legal defense purposes.
- Inactive/Unformalized Consultations: If you conducted a consultation but did not formally hire our services, we will retain your contact information and any consultation notes for 2 years, for follow-up and internal records. After this period, the data is deleted unless there is subsequent formalization of the service.
- Secure Destruction: After the mandatory retention period, your archived data will be permanently and securely destroyed.
11. Children’s Privacy
Our services are intended for adults seeking immigration assistance. However, it is necessary for us to collect personal data of minors when they are included as dependents or beneficiaries in a client’s process. This information is provided by the parent or legal guardian (our client) and is treated with the same rigorous level of confidentiality and security that we apply to all client data. We do not offer or direct our services directly to individuals under 18 years of age.
12. Business Transfers and Changes in Ownership
If D4U undergoes a business transition, such as a merger, acquisition by another company, asset sale, or closure of operations:
- Notification: We will notify you by email before your personal information is transferred and possibly subject to a different privacy policy.
- Policy Alignment or User Option: Your data and client file may be transferred as part of the transaction. Considering the extreme sensitivity of immigration data, we will require the acquiring company to:
- Fully comply with the commitments established in this Privacy Policy regarding the information we previously collected; OR
- Provide clear notice of any significant changes in privacy practices and obtain your explicit consent before applying a new policy to your existing data. In the absence of such consent—or if the new policy is less protective—options will be offered such as the secure deletion of your data (subject to legal retention obligations) or the secure transmission of your file (data portability).
13. Changes to this Privacy Policy
This Privacy Policy may be updated occasionally to reflect changes in our practices or legal requirements. Relevant changes will be communicated with full transparency and will require your consent.
- Notification: You will be notified of any relevant changes.
- Active Consent: We will obtain your active consent before implementing changes that affect how we handle your sensitive personal data.
- Consent Form and Summary: The notification will be sent by email and include:
- A clear and simple language summary of the main changes;
- A link to the complete updated policy;
- A clear mechanism for you to provide your active consent, such as a checkbox or confirmation button.
Continued use of our services after a relevant change will require your active consent to the new policy. If you do not agree, we may terminate the services, and you may request the closure of your file as per Section 7 (observing data retention rules).
The date “Last Updated” indicates the date of the most recent version of this policy.
14. Contact Us
If you have any questions, comments, or concerns about this Privacy Policy, our data practices, your specific case information, or wish to exercise your privacy rights, contact us:
D4U GROUP
301 YAMATO RD
SUITE 1199
BOCA RATON, FL 33431
[email protected]
+1 (954) 478-8593