How long does it take to get started?

Most firms are up and running within a week. We help you configure workflows for your specific visa types, import existing cases if needed, and onboard your team with guided walkthroughs.

Can I migrate data from my current system?

Yes. We provide migration support for spreadsheets, legacy case management tools, and other systems. Our team works with you to ensure a smooth transition with no data loss.

Is the client portal white-labeled?

Yes. Your clients see your brand — your logo, your colors, your domain. ICM Desk stays invisible in the background so you maintain a professional, consistent experience.

What visa types does ICM Desk support?

ICM Desk is flexible by design. You can configure custom workflows for any visa type — H-1B, L-1, EB-2, O-1, PERM, and any other immigration process your firm handles.

How does pricing work?

We offer per-seat pricing based on your team size, with plans that scale as your firm grows. Contact us for a quote tailored to your specific needs and case volume.

Absolutely. We use enterprise-grade encryption (256-bit AES), row-level security policies, role-based access control, and comprehensive audit logging. All data is encrypted at rest and in transit.

Privacy Policy — How We Protect Your Case Data

Effective Date: February 15, 2026.

1. Introduction and Scope

ICM Desk (“we,” “our,” or “us”) is a cloud-based platform currently owned and operated by ACFC Global (the “Operating Entity”). References to “ICM Desk,” “we,” “our,” or “us” in this Privacy Policy refer to the Operating Entity and any successor or affiliated entity that may assume ownership or operation of the platform in the future. The platform is designed for immigration law firms, immigration consultancies, human resources departments, relocation agencies, and global mobility companies (each, a “Company”). Our platform provides tools for immigration case management, AI-assisted document preparation, case status tracking through the U.S. Citizenship and Immigration Services (“USCIS”) Case Status API, client communication, and related services (collectively, the “Services”).

This Privacy Policy describes how we collect, use, store, share, and protect personal information in connection with our Services. It applies to the following categories of individuals:

Company Users: Employees, contractors, or authorized representatives of Companies who access the Company Portal to manage cases and use our tools.
End Clients: Individuals whose immigration matters are managed by a Company through our platform, including those who access the Client Portal directly.
Website Visitors: Individuals who visit our website at http://icmdesk.com/.

By accessing or using our platform in any capacity, you acknowledge that you have read and understood this Privacy Policy. If you are a Company User and such company gave you access to our platform, you also represent that you have the authority to bind your Company to the terms described herein.

2. Our Role: Data Controller and Data Processor

ICM Desk operates under a dual-role model depending on the type of data involved:

As a Data Controller: We act as the data controller for information we collect directly from Companies and Company Users in connection with account registration, billing, platform administration, and our own business operations. We determine the purposes and means of processing this data.

As a Data Processor: We act as a data processor on behalf of Companies for personal data of End Clients that Companies input, upload, or manage through our platform. In this capacity, Companies are the data controllers and determine the purposes and means of processing their clients’ data. We process End Client data solely in accordance with our agreements with the respective Company and applicable law.

If you are an End Client, your Company is the primary point of contact for questions about how your personal information is handled. We encourage you to review your Company’s own privacy policy and service agreements. However, you may also contact us directly as described in Section 17 of this policy.

3. End Client Acknowledgment and Consent

Access to the Client Portal requires End Clients to review and accept this Privacy Policy and any applicable Terms of Use before accessing or using the platform. By accepting these terms, you provide your direct and informed consent to the collection, use, and processing of your personal information as described in this Privacy Policy.

This direct acceptance establishes an independent basis for the processing of your personal information by ICM Desk, in addition to and without prejudice to any consents or authorizations your Company may have obtained from you. It ensures that you are informed of how your data is handled within the platform regardless of your Company’s own privacy practices.

If you do not agree with this Privacy Policy, you should not access or use the Client Portal and should contact your Company to discuss alternative arrangements for the management of your immigration matter.

4. Information We Collect

The types of personal information we collect depend on your role and how you interact with our platform.

4.1 Information Collected from Companies and Company Users

Account and Business Information: Company name, business address, business email addresses, phone numbers, tax identification numbers, and billing information.
User Credentials: Names, email addresses, roles, and authentication credentials of authorized Company Users.
Platform Usage Data: Login activity, feature usage, IP addresses, browser and device information, and interaction logs.
Communication Records: Records of support requests, correspondence, and communications with our team.

4.2 Information Collected from or about End Clients

Companies and End Clients may input or upload the following types of information through our platform in connection with immigration case management:

Personal Identification Information: Full name, date of birth, nationality, gender, Social Security Number, Alien Registration Number (A-Number), and other government-issued identification numbers.
USCIS Receipt Numbers: Case receipt numbers (e.g., EAC, WAC, LIN, SRC, IOE, or other prefix formats) issued by USCIS. Receipt numbers are classified as Personally Identifiable Information (PII) and are collected from both Companies and End Clients to enable automated case status queries through the USCIS Case Status API. See Section 5.2 for details on how receipt numbers are used.
Contact Information: Email addresses, phone numbers, mailing addresses, and other contact details.
Document Uploads: Passports, identification cards, educational certificates, employment records, medical records, financial records, and other supporting documentation. These documents may contain sensitive personal information.
Family and Dependent Information: Information about spouses, children, parents, and other dependents relevant to immigration applications, which may include information about minors under 18 years of age.
Financial Information: Income, employment details, financial assets, and other economic data relevant to immigration applications.
Immigration Case Data: Case histories, petition types, filing dates, status updates, attorney/consultant notes, and other information related to immigration proceedings.
Client Portal Usage Data: IP addresses, browser and device information, login activity, and interaction data from End Clients who access the Client Portal.

4.3 Information Collected Automatically

When you visit our website or use our platform, we may automatically collect technical information including IP addresses, browser type and version, operating system, device identifiers, referring URLs, pages visited, time spent on pages, and clickstream data. This information is collected through cookies and similar tracking technologies as described in Section 12.

5. How We Use Your Information

5.1 General Purposes

Service Delivery: To provide, maintain, and improve our platform and Services, including immigration case management, document preparation, case tracking, and client communication tools.
Account Management: To create and manage Company accounts, authenticate users, process billing and payments, and provide customer support.
Platform Improvement: To analyze usage patterns and feedback to improve our Services, develop new features, and enhance user experience.
Security and Fraud Prevention: To detect, prevent, and respond to security incidents, fraud, and technical issues.
Legal Compliance: To comply with applicable laws, regulations, legal processes, and government requests.
Communications: To send service-related notifications, updates, and, with your consent, marketing communications. You may opt out of marketing communications at any time.

5.2 Use of USCIS Receipt Numbers and Case Status API

Our platform integrates with the USCIS Case Status API to provide automated immigration case status tracking. In connection with this feature:

Receipt numbers are collected directly from Companies (via the Company Portal) and/or from End Clients (via the Client Portal) for the sole purpose of querying the USCIS Case Status API to retrieve up-to-date case status information.
When a receipt number is submitted, our platform transmits it to USCIS through the Case Status API to retrieve the current status of the associated immigration case.
Case status results returned by USCIS are displayed within the platform to the Company and/or End Client associated with that case and may be stored to maintain case history and enable status change notifications.
Receipt numbers are treated as Personally Identifiable Information (PII) and are subject to all data security and protection measures described in this Privacy Policy.
Receipt numbers are not used for any purpose other than querying case status through the USCIS Case Status API and related case management functions within the platform. They are not sold, shared for marketing purposes, or disclosed to unauthorized third parties.

5.3 AI-Assisted Tools and Frameworks

Our platform incorporates AI-assisted tools and frameworks that support various functionalities, including but not limited to document preparation, content generation, data analysis, and other features designed to enhance the efficiency of immigration-related workflows. These AI-assisted capabilities are integral to the Services and may be used by Companies in connection with data provided by Companies and End Clients.

To deliver these capabilities, our platform may utilize one or more third-party artificial intelligence service providers. The selection and use of AI providers may change over time as we improve our Services.

Third-party AI providers engaged by ICM Desk operate under their own terms of service, data processing agreements, and privacy policies, which govern how they handle data received in connection with API requests. ICM Desk selects AI providers based on their publicly available data protection standards and contractual commitments regarding data handling. However, the specific data processing practices of each AI provider, including but not limited to data retention, usage, and security practices, are governed by that provider’s own terms and policies.

Companies are encouraged to review the terms and policies of the AI providers utilized by the platform. A current list of AI providers is available upon request. If a Company determines that the terms of any AI provider are incompatible with its own obligations, policies, or its clients’ requirements, the Company should contact us to discuss available options, which may include limiting the use of certain AI-assisted features or discontinuing use of the platform for affected matters. The Company is responsible for making this determination and for informing its End Clients as appropriate.

ICM Desk does not use personal information processed through AI-assisted features for any purpose other than delivering the requested Services. We do not independently provide personal information to AI providers for the purpose of training, developing, or improving their models. Any data processing by AI providers in connection with our API requests is governed solely by the terms between ICM Desk and the respective AI provider.

6. Legal Basis for Processing

We process personal information on the following legal grounds, as applicable under the laws of relevant jurisdictions:

Contractual Necessity: To perform our obligations under our service agreements with Companies and to provide the Services.
Legitimate Interest: For platform security, fraud prevention, service improvement, and our business operations, where such interests are not overridden by the data subject’s rights.
Legal Obligation: To comply with applicable laws, regulations, and legal processes, including requirements imposed by USCIS and other government agencies.
Consent: For marketing communications, certain cookie and tracking technologies, and any processing not covered by other legal bases. You may withdraw your consent at any time.

Where we act as a data processor on behalf of a Company, the Company is responsible for establishing the appropriate legal basis for processing End Client data. Companies are required under our agreements to obtain all necessary consents and authorizations from their clients before inputting their data into our platform. Additionally, End Clients provide their own direct consent upon accepting this Privacy Policy and the applicable Terms of Use prior to accessing the Client Portal, as described in Section 3.

7. Information Sharing and Third Parties

We do not sell personal information. We may share information with the following categories of recipients:

Service Providers: We engage third-party service providers who perform services on our behalf, including cloud hosting and data storage, payment processing, email delivery, analytics, and customer support tools. These providers are contractually obligated to protect personal information and to use it only for the purposes for which it was disclosed.

Artificial Intelligence Providers: Personal data may be processed by third-party AI service providers in connection with the AI-assisted tools and frameworks described in Section 5.3. These providers operate under their own terms of service and data processing commitments. For more information about how AI providers handle data, please refer to Section 5.3.

USCIS (Case Status API): Receipt numbers are transmitted to USCIS through the Case Status API to retrieve immigration case status information. This data exchange is governed by USCIS terms of service and applicable federal regulations.

Companies (for End Client Data): End Client information is accessible to the Company managing the respective immigration case through the Company Portal, as the Company is the data controller for such information.

Analytics and Marketing Tools: We may use analytics services (such as Google Analytics) and marketing tools to analyze platform usage and deliver relevant communications. These services may collect and process information according to their own privacy policies.

Legal Requirements: We may disclose information if required by law, court order, subpoena, or government request, or if we believe disclosure is necessary to protect our rights, the safety of our users, or the public interest.

Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, personal information may be transferred to the acquiring or successor entity. We will notify affected parties of any such transfer.

8. Data Storage and Security

Storage Location: Data is stored using cloud-based database services, which may involve storage in data centers located in the United States and other geographic locations. We implement appropriate safeguards for any cross-border data transfers as required by applicable law.

Security Measures: We implement industry-standard technical and organizational security measures to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption in transit and at rest, access controls, regular security assessments, and incident response procedures. However, no method of electronic storage or internet transmission is completely secure, and we cannot guarantee absolute security.

Data Retention: We retain personal information for as long as necessary to provide our Services, comply with legal obligations, resolve disputes, and enforce our agreements. For Company account data, we retain information for the duration of the service relationship and a reasonable period thereafter. For End Client data processed on behalf of Companies, retention periods are determined by the Company’s instructions and applicable law. Given the nature of immigration processes, which may span several years, data may be retained for extended periods while cases remain active or pending. You may request deletion of your data at any time, subject to legal retention requirements and our obligations to the relevant Company.

9. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

Access: You may request confirmation of whether we process your personal information and obtain a copy of such information.

Correction: You may request correction of inaccurate or incomplete personal information.

Deletion: You may request deletion of your personal information, subject to legal retention requirements.

Data Portability: You may request a copy of your personal information in a structured, commonly used, machine-readable format.

Restriction of Processing: You may request that we limit how we process your personal information in certain circumstances.

Objection: You may object to the processing of your personal information based on legitimate interests.

Consent Withdrawal: Where processing is based on consent, you may withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

If you are an End Client whose data is processed on behalf of a Company, please direct your requests to your Company in the first instance, as they are the data controller for your information. You may also contact us directly, and we will coordinate with the relevant Company to address your request.

To exercise your rights, contact us at inquiry_icmdesk@acfcglobal.com. We will respond to verified requests within the timeframes required by applicable law.

10. Jurisdiction-Specific Provisions

10.1 United States

ICM Desk is operated by a U.S.-based entity. Our processing of personal information complies with applicable U.S. federal and state privacy laws.

California (CCPA/CPRA): If you are a California resident, you have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act, including the right to know what personal information we collect, the right to delete your information, the right to opt out of the sale or sharing of your information (we do not sell personal information), and the right to non-discrimination for exercising your privacy rights. To exercise these rights, contact us at inquiry_icmdesk@acfcglobal.com

10.2 European Economic Area and United Kingdom (GDPR/UK GDPR)

If you are located in the EEA or UK, you have rights under the General Data Protection Regulation, including the rights described in Section 9. You also have the right to lodge a complaint with your local supervisory authority. Where personal information is transferred outside the EEA or UK, we endeavor to ensure that appropriate safeguards are in place in accordance with applicable data protection requirements.

10.3 Brazil (LGPD)

If you are located in Brazil, your personal information is processed in accordance with the Lei Geral de Proteção de Dados (LGPD). You have the rights described in Section 9, as well as the right to request information about public and private entities with which your data has been shared. You may file complaints with the Autoridade Nacional de Proteção de Dados (ANPD).

10.4 Other Jurisdictions

If you are located in a jurisdiction with specific data protection laws not mentioned above, we will comply with the applicable requirements of those laws to the extent they apply to our processing of your personal information. Please contact us if you have questions about your specific rights.

11. Minors and Children’s Privacy

Our platform is not directed at individuals under 18 years of age. However, immigration applications often require information about minor dependents/derivative applicants. When a Company or End Client provides information about a minor:

The Company or End Client providing such information represents and warrants that they are the parent, legal guardian, or authorized representative of the minor and have obtained all necessary consents for the collection and processing of the minor’s personal information.
We reserve the right to request verification of authority and proof of required consents at any time.
If we cannot verify the authority or required consents are not provided when requested, we may suspend or terminate services related to applications involving the minor’s information.
Parents and legal guardians retain all rights regarding their children’s personal information and may contact us or the relevant Company to access, correct, or request deletion of such information.

12. Cookies and Tracking Technologies

Our platform and website use cookies and similar tracking technologies to enhance your experience, analyze usage, and support our operations. The categories of cookies we use include:

Essential Cookies: Required for platform functionality, authentication, and security. These cannot be disabled.
Analytics Cookies: Used to understand how users interact with our platform and to improve our Services.
Marketing Cookies: Used to deliver relevant communications and measure campaign effectiveness. These require your consent.

You can manage your cookie preferences through your browser settings or through our cookie consent mechanism where available. Disabling certain cookies may affect platform functionality.

13. International Data Transfers

As a U.S.-based platform serving Companies and End Clients globally, personal information may be transferred to and processed in the United States and other countries where our service providers operate. These countries may have data protection laws that differ from those of your country of residence.

We endeavor to implement appropriate safeguards for international data transfers, including data processing agreements and other mechanisms recognized by applicable law, to help ensure an adequate level of protection for personal information.

14. Data Breach Notification

In the event of a security incident that results in unauthorized access to, or disclosure of, personal information that poses a risk to affected individuals, we will notify affected Companies and, where required by law, affected individuals and relevant regulatory authorities within the timeframes required by applicable law (typically within 72 hours of becoming aware of the incident). Companies are responsible for notifying their own End Clients as required by their obligations as data controllers.

15. Company Obligations

Companies that use our platform acknowledge and agree to the following obligations regarding personal data:

Maintain their own privacy policy that accurately describes their data collection and processing practices, including their use of ICM Desk as a service provider.
Obtain all necessary consents and authorizations from their End Clients before inputting personal information into the platform, including explicit consent for the processing of sensitive data and information about minors.
Ensure that their use of the platform complies with all applicable data protection laws in their jurisdiction.
Review the terms and policies of third-party service providers utilized by the platform, including AI providers, and determine whether such terms are compatible with the Company’s own obligations and its clients’ requirements.
Promptly notify us of any data subject requests received from End Clients that require our assistance to fulfill.
Not use the platform to process personal information for purposes other than those described in their agreement with us and their own privacy policy.

While ICM Desk takes measures to protect personal information, including requiring direct consent from End Clients upon access to the Client Portal (see Section 3), Companies remain primarily responsible as data controllers for ensuring lawful processing of their End Clients’ data. ICM Desk shall not be held liable for a Company’s failure to fulfill its obligations as a data controller, including but not limited to failure to obtain required consents, provide adequate privacy notices, or comply with applicable data protection laws.

16. Limitation of Liability

To the fullest extent permitted by applicable law, ICM Desk’s liability in connection with the processing of personal information is limited to the obligations expressly described in this Privacy Policy and in our service agreements with Companies. ICM Desk shall not be liable for any damages, losses, or claims arising from:

A Company’s failure to comply with its obligations as a data controller, including failure to obtain adequate consents from End Clients or to provide appropriate privacy notices.
The data processing practices of third-party service providers, including AI providers, to the extent such practices are governed by their own terms of service and privacy policies.
Unauthorized access to or disclosure of personal information resulting from a Company’s failure to maintain adequate security of its own account credentials or systems.
An End Client’s decision to provide personal information through the Client Portal after accepting this Privacy Policy and the applicable Terms of Use.

17. Contact Information

For questions about this Privacy Policy, to exercise your privacy rights, or to report privacy concerns, please contact us at:

Email: inquiry_icmdesk@acfcglobal.com

Website: http://icmdesk.com/

Please include “Privacy Policy Inquiry” in your subject line along with your full name. If your inquiry relates to a specific jurisdiction’s data protection law (e.g., CCPA, GDPR, LGPD), please indicate this in your subject line so we can route your request appropriately.

For End Clients: We recommend contacting your Company first regarding privacy inquiries, as they are the data controller for your information. If you are unable to resolve your concern with your Company, you may contact us directly.

18. Policy Updates

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or service offerings. We will notify Companies of material changes through email or platform notifications and update the “Last Updated” date at the top of this policy. Companies are responsible for informing their End Clients of any changes that affect the processing of End Client data. End Clients who access the Client Portal may be required to review and accept updated terms before continuing to use the platform.

19. Governing Law

This Privacy Policy is governed by the laws of the United States and the state in which the Operating Entity is organized, without regard to conflict of law principles.

*.*.*.*.*.*