Privacy Policy
Published by Intellivisa Corp. and its subsidiary Nuron.AI Corp.
Last updated: June 2025
This Privacy Policy is published by Intellivisa Corp., a Delaware corporation (the US parent entity), and its wholly-owned subsidiary Nuron.AI Corp., an Ontario corporation (together, the "Intellivisa group," "Intellivisa," "we," "us," or "our"). It applies to your access to and use of our website, applications, programming interfaces, and the Intellivisa platform and related services (together, the "Services").
By accessing or using the Services, you confirm that you have read and understood this Privacy Policy.
A note on roles
Depending on the context, we act either as a data controller (where we determine why and how personal data is processed — for example, in relation to our website, marketing, accounts, and individuals who engage us directly) or as a data processor / service provider (where we process personal data on the documented instructions of a business client, such as a travel agency, online travel agency, global distribution system, university, or visa processor, who acts as the controller). Where we act as a processor, the privacy notice of the relevant business client governs that processing, and you should direct privacy questions and rights requests to that client.
Table of contents
- 1.Introduction and scope
- 2.Definitions
- 3.Who we are and how to contact us
- 4.The personal data we collect
- 5.How we collect personal data
- 6.How and why we use personal data
- 7.Automated processing and the use of artificial intelligence
- 8.How we share personal data
- 9.International transfers
- 10.How long we keep personal data
- 11.Data security
- 12.Your privacy rights
- 13.Cookies and similar technologies
- 14.Third-party links and services
- 15.Children's privacy
- 16.Changes to this Privacy Policy
- 17.Contact and complaints
Introduction and scope
This Privacy Policy describes the categories of personal data we collect, how and why we use it, who we share it with, how long we keep it, how we protect it, and the rights available to you. It applies to personal data processed through the Services and through our interactions with you.
We are committed to handling personal data in accordance with applicable data protection laws, which, depending on your location and the nature of the processing, may include:
- The Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws in Canada;
- The EU General Data Protection Regulation (GDPR) and the UK GDPR and Data Protection Act 2018 in the European Economic Area and the United Kingdom;
- The Protection of Personal Information Act (POPIA) in South Africa; and
- The California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA/CPRA), and comparable U.S. state privacy laws in the United States.
Where this Policy refers to a legal right or obligation, that reference applies to the extent the relevant law applies to you and to the processing in question.
Definitions
For convenience, the following terms have the meanings below. Where a defined term in an applicable law differs, that statutory meaning applies for the purposes of that law.
- Personal data (or personal information):
- Any information relating to an identified or identifiable individual.
- Special category data (or special / sensitive personal information):
- Personal data revealing or concerning biometric identifiers, health, racial or ethnic origin, religious or philosophical beliefs, or data relating to criminal matters, and financial account information, where treated as sensitive under applicable law.
- Controller:
- The party that determines the purposes and means of processing.
- Processor (or service provider):
- The party that processes personal data on behalf of, and under the instructions of, a controller.
- Data subject:
- The individual to whom personal data relates.
- Processing:
- Any operation performed on personal data, such as collection, storage, use, disclosure, or deletion.
Who we are and how to contact us
For processing described in this Policy (other than processing we carry out on behalf of a business client), the controller responsible for your personal data is Intellivisa Corp. if you are located in the United States, and Nuron.AI Corp. if you are located outside the United States.
Intellivisa Corp.
Delaware, USA — US parent entity
Nuron.AI Corp.
Ontario, Canada — wholly-owned Canadian subsidiary
Correspondence address: 2220 Lakeshore Boulevard West, Toronto, Ontario M8V 0C1, Canada
Data Protection Officer: Srijan Magon
Privacy enquiries: operations@intellivisa.ai
The personal data we collect
The categories of personal data we collect depend on how you use the Services. Because the Services support travel visa documentation and compliance, some of the data we process is necessarily detailed and, in certain cases, sensitive.
- Identity and travel document data — Full name, date and place of birth, nationality, gender, passport and other travel or identity document numbers, issue and expiry dates, and document images.
- Contact data — Postal address, email address, and telephone number.
- Visa application data — Purpose and details of travel, travel history, itinerary, accommodation details, employment or study information, invitation or sponsorship details, and other information required by a destination authority.
- Special category data — Where a destination authority's requirements make it necessary: biometric photographs, health information, criminal record declarations, information that may reveal religion or ethnic origin, and financial information such as bank statements. Processed only where permitted by law and, where required, on the basis of your explicit consent.
- Uploaded documents and supporting materials — Scans or images of passports, photographs, financial documents, and other supporting documentation.
- Account and authentication data — Username, password and other credentials, and account settings.
- Business and professional contact data — Name, role, organisation, and work contact details (for users acting on behalf of an organisation).
- Payment data — Billing details and transaction records (payment card details are processed by our payment providers and not stored by us).
- Technical and usage data — IP address, device and browser information, log data, and information about how you interact with the Services.
- Communications data — Content of, and metadata relating to, your communications with us, including support enquiries.
How we collect personal data
- Directly from you — When you create an account, submit an application or documents, communicate with us, or otherwise use the Services.
- From our business clients — Where a travel agency, online travel agency, global distribution system, university, visa processor, or similar client provides data to us so that we can deliver the Services on their behalf.
- Automatically — Through cookies and similar technologies when you use our website and applications.
- From third parties — Such as government and consular systems, official visa application centres, and identity or document verification providers.
How and why we use personal data
We use personal data for the purposes set out below. Where the GDPR, UK GDPR, or a comparable law applies, we rely on the lawful bases indicated.
To provide the Services
Receive, organise, and process visa documentation; analyse and validate submitted documents; assess applicable requirements; and assist with preparation and submission.
Lawful basis: Performance of a contract; legitimate interests; processing on behalf of a controller.
To carry out compliance checks
Support accuracy, completeness, and adherence to destination requirements.
Lawful basis: Performance of a contract; legitimate interests; legal obligation.
To process special category data
Where necessary to deliver the Services in light of a destination authority's requirements.
Lawful basis: Explicit consent, or another condition permitted by applicable law.
To manage your account and provide support
Authenticate you, respond to enquiries, and administer the relationship.
Lawful basis: Performance of a contract; legitimate interests.
To process payments
Take and record payment for the Services.
Lawful basis: Performance of a contract; legal obligation.
To secure the Services and prevent misuse
Protect against fraud, unauthorised access, and other security risks.
Lawful basis: Legitimate interests; legal obligation.
To maintain and improve the Services
Improve the performance and accuracy of our document-processing technology through automated processing. Our personnel do not read personal data contained in documents for this purpose.
Lawful basis: Consent (individuals); instructions of business clients under data processing agreements (processors); legitimate interests.
To communicate with you
Service-related notices and, where permitted, relevant updates.
Lawful basis: Legitimate interests; consent where required.
To comply with legal obligations
Establish, exercise, or defend legal claims.
Lawful basis: Legal obligation; legitimate interests.
Automated processing and the use of artificial intelligence
The Services use software, including machine learning and automated techniques, to help prepare, organise, classify, and check travel documentation, to identify applicable requirements, and to facilitate the submission of applications. The Services are not used to adjudicate applications.
Intellivisa does not make visa or immigration decisions.
Decisions on visa applications are made solely by competent government and consular authorities. Our outputs are informational and operational support; they do not determine, guarantee, or influence the outcome, processing time, or eligibility of any application.
Human review
Human review is applied by default within the Services. We do not use solely automated processing to make decisions that produce legal or similarly significant effects concerning you. Where applicable law (such as Article 22 GDPR) grants you rights in relation to such decisions, you may request human intervention, express your point of view, and contest the decision by contacting us at the details in Section 3.
How we share personal data
We share personal data only as necessary to provide the Services. We do not sell personal data.
- Business clients — Where we process personal data on behalf of a travel agency, university, or similar client, we disclose data to and as directed by that client.
- Government and consular authorities — Including government visa portals and authorised application centres. Transfer to destination-country authorities is inherent to the visa process.
- Travel-technology and distribution partners — Including global distribution systems and platforms through which the Services are made available.
- Service providers and sub-processors — Cloud hosting, identity and document verification, communications, and analytics providers, under appropriate contractual safeguards.
- Payment providers — To process payments.
- Professional advisers — Auditors, lawyers, and insurers where necessary.
- Acquirers and successors — In connection with a merger, acquisition, or sale of assets, subject to confidentiality protections.
- Authorities and other parties — Where necessary to comply with law, respond to lawful requests, or protect the rights and safety of Intellivisa, our users, or others.
International transfers
Because visa processing is inherently cross-border, personal data will be transferred to and processed in countries other than the one in which it was collected — including the destination country of an application and the countries in which we and our service providers operate. Where applicable law requires it, we rely on a lawful transfer mechanism, such as an adequacy decision, standard contractual clauses, or another mechanism permitted under applicable law. You may contact us for further information about the safeguards we apply. Transfers to government and consular authorities as part of the visa process are made because they are necessary to deliver the requested service.
How long we keep personal data
We retain personal data for as long as necessary to fulfil the purposes for which it was collected — including providing the Services, complying with legal, tax, accounting, and regulatory obligations, resolving disputes, and enforcing our agreements. When personal data is no longer required, we delete it or anonymise it. Criteria used to determine retention periods include the nature and sensitivity of the data, the purposes of processing, applicable legal and regulatory requirements, and the existence or likelihood of disputes. Where we process personal data on behalf of a business client, we retain and delete that data in accordance with our agreement with, and the instructions of, that client.
Data security
We implement appropriate technical and organisational measures designed to protect personal data against unauthorised or unlawful access, alteration, disclosure, loss, or destruction. These measures include:
- Encryption of data in transit and at rest where appropriate
- Access controls and authentication
- Network and application security controls
- Staff confidentiality obligations
No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential. Where required by applicable law to notify you or a regulator of a personal data breach, we will do so without undue delay.
Your privacy rights
Subject to applicable law, you may have the following rights in relation to your personal data:
Access
Obtain confirmation of whether we process your personal data and a copy of it.
Rectification
Have inaccurate or incomplete personal data corrected.
Erasure
Have your personal data deleted in certain circumstances.
Restriction
Restrict our processing in certain circumstances.
Portability
Receive certain personal data in a machine-readable format and have it transmitted to another controller.
Objection
Object to processing based on legitimate interests, and to direct marketing at any time.
Withdrawal of consent
Withdraw consent where we rely on it, without affecting prior processing.
Complaint
Lodge a complaint with the relevant supervisory authority.
Jurisdiction-specific information
To exercise a right, contact us using the details in Section 3. We may need to verify your identity before responding and will respond within the timeframe required by applicable law.
Cookies and similar technologies
Our website uses cookies and similar technologies to operate the site, remember your preferences, measure performance, and improve the Services. These fall into broad categories:
- Strictly necessary — Required for the site to function.
- Functional — Remember your choices and preferences.
- Performance and analytics — Help us understand how the site is used.
Where required by law, we obtain your consent before placing non-essential cookies. You can manage your preferences through our cookie controls or your browser settings. Disabling certain cookies may affect the functionality of the site.
Third-party links and services
The Services may contain links to, or interoperate with, third-party websites and services, including government portals and application centres. We are not responsible for the privacy practices or content of those third parties, and we encourage you to review their privacy notices.
Children's privacy
The Services are intended for use by adults and by organisations and their authorised representatives. The Services are not directed to children for self-registration, and we do not knowingly collect personal data directly from children for that purpose.
We recognise that visa applications may involve minors — for example, in family applications or in connection with study by individuals under the age of majority. Where personal data relating to a minor is processed, it is provided by and processed in the context of an application managed by a responsible adult, parent or guardian, or an authorised business client, who is responsible for providing any required notices and obtaining any required consents. We apply additional care to personal data relating to minors in accordance with applicable law. If you believe a child's personal data has been provided to us other than as described, please contact us.
Changes to this Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will post the updated Policy on the Services and, where required by law, provide additional notice. The version of this Policy that applies is the one posted on the Services at the time you access them. Your continued use of the Services after an update takes effect constitutes acceptance of the revised Policy to the extent permitted by law.
Contact and complaints
For any privacy enquiry, to exercise a right, or to make a complaint, please contact our Data Protection Officer, Srijan Magon, at operations@intellivisa.ai, or write to us at the correspondence address in Section 3. If you are not satisfied with our response, you may contact the relevant supervisory authority identified in Section 12.