Pasaporte at Visa Photo

Privacy Policy

Effective: 2026-05-16 · Last updated: 2026-05-16

This Privacy Policy explains how Prime Axis LLP (“we”, “us”, or “our”) collects, uses, stores, and shares information in connection with the passport & visa photo service offered through this website (the “Service”).

1. Who we are

  • Prime Axis LLP, a Singapore-registered limited liability partnership.
  • Registered office: 69 Telok Blangah Heights, #02-279, Singapore 100069.
  • Contact: hello@primeaxis.digital

2. What we collect and why

2.1 Your uploaded photo

When you upload a photo, your browser sends it over an encrypted (TLS) connection to our processing servers, which run a background-removal model on dedicated GPU instances operated by Modal Labs, Inc. The image is processed in memory and the original is discarded immediately after the cutout is returned to your browser. We do not retain the original photograph.

The final composed photo (with your selected background colour applied) is uploaded to our object storage so it can be delivered to you after payment. See section 6 for how long this file is kept.

2.2 Photo-job metadata

We store the following metadata about each photo job:

  • The country / passport specification you selected.
  • The background colour hex value you chose.
  • A random opaque identifier (CUID) used to associate the job with an order.
  • An anonymous session identifier so we can authorise uploads from your browser.
  • Timestamp of creation.

2.3 Payment data

Payments are processed by Stripe, Inc. We do not collect or store your card number, CVC, or billing address — Stripe handles that directly in a PCI-DSS-compliant environment. The charge will appear on your card statement as PRIME AXIS.

We do receive and store:

  • The Stripe Checkout Session ID and Payment Intent ID.
  • Amount, currency, and payment status (pending / paid / refunded).
  • A signed, time-limited token that lets you download your photo after payment.

Stripe may also collect information about your device and IP address as part of fraud prevention. See Stripe's Privacy Policy for details.

2.4 Analytics

We use PostHog to understand which pages are visited and where users drop off in the photo-creation flow. PostHog stores an anonymous visitor identifier in your browser's local storage. We do not associate it with your name, email, or any identifiable information. We honour the Do Not Track and Global Privacy Control browser signals — if your browser sends either, PostHog will not load.

2.5 Technical / log data

Our servers automatically log requests to diagnose errors and prevent abuse. Logs include IP address, user-agent string, and URL accessed. Logs are rotated and deleted within 30 days.

2.6 Cookies

We use only strictly-necessary first-party cookies — see our Cookie Policy for details. We do not set marketing cookies. Stripe may set cookies on its own checkout.stripe.com domain when you proceed to payment.

3. Legal bases for processing

Where local data-protection law (e.g. Singapore PDPA, EU/UK GDPR) applies, we rely on:

  • Performance of a contract — to deliver the photo you paid for.
  • Legitimate interests — to keep the service secure and prevent fraud.
  • Legal obligation — to keep transaction records for tax and accounting.

We do not use your photo or any biometric-derived data to train machine-learning models, sell data to advertisers, or build a profile of you.

4. Who we share data with

We share limited data only with the following processors:

  • Modal Labs, Inc. (USA) — GPU compute for background removal. Photos are processed in memory; Modal does not retain image bytes after the request returns.
  • Google LLC — Firebase App Hosting (web hosting + CDN) and Firebase Storage (encrypted object storage for composed photos).
  • Neon, Inc. — encrypted Postgres database hosting for photo-job and order metadata.
  • Stripe, Inc. (USA / EU / UK) — payment processing.
  • PostHog, Inc. (USA) — privacy-respecting product analytics.
  • jsDelivr — public CDN for the in-browser face-detection model files.

We have, or are putting in place, data-processing agreements with each of the above. We will never sell your personal information. We may disclose data when compelled by a valid legal order, in which case we will notify you unless legally prohibited.

5. International transfers

Several of our processors are located outside Singapore (primarily the United States). Transfers are made under each processor's contractual safeguards (such as Standard Contractual Clauses where applicable) and Singapore PDPA transfer-limitation rules.

6. Retention

  • Original photograph: not retained — discarded immediately after background-removal processing.
  • Composed photo file: retained for as long as needed to deliver your download — typically no longer than 30 days after the order is completed. You can request immediate deletion at any time by emailing us.
  • Photo-job metadata (country, colour, IDs): up to 12 months or until you request deletion.
  • Order records (Stripe IDs, amounts): 7 years for tax and accounting purposes, as required by Singapore law.
  • Server logs: 30 days.

7. Security

All data in transit is encrypted with TLS 1.2+. Data at rest is encrypted by our storage providers. Download links use HMAC-signed tokens that expire and are owner-gated by an opaque session cookie. Database access is restricted to authenticated application accounts with least-privilege credentials.

8. Your rights

Depending on where you live, you have some or all of the following rights:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — correct inaccurate data.
  • Erasure — request deletion of your data.
  • Restriction — ask us to stop processing your data in certain ways.
  • Portability — receive your data in a machine-readable format.
  • Objection — object to processing based on legitimate interests.
  • Withdraw consent — where processing is based on consent.

To exercise any of these, email hello@primeaxis.digital. We will respond within 30 days.

If you are dissatisfied with our response, you may lodge a complaint with the Personal Data Protection Commission of Singapore, or with your local data protection authority if you reside elsewhere.

9. Children

The Service is not directed to children under 13 (or 16 in the EEA/UK). If you are a parent or guardian submitting a photo of a child for a passport or visa application, you warrant that you have the legal authority to do so. We will delete any data we learn belongs to a child under the applicable age on request.

10. Biometrics disclaimer

Our face-detection step identifies the bounding box and eye position of a face in order to crop your photo correctly. This is a transient operation; we do not extract, store, or share any biometric template, faceprint, or identifier derived from your face.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified by a prominent notice on this website. The “Last updated” date at the top indicates the latest revision.

12. Contact

Prime Axis LLP
69 Telok Blangah Heights, #02-279
Singapore 100069
hello@primeaxis.digital

Summary (for quick reference)

  • Your original photo is processed on our servers and discarded immediately — we don't keep a copy.
  • The final composed photo is stored only as long as needed to deliver your download, and removed within ~30 days.
  • Payments go through Stripe; we never see your card details.
  • No advertising trackers, no selling of data, no AI training on your photos.
  • Email hello@primeaxis.digital any time to access, correct, or delete your data.