Legal

Privacy Policy

Published by Intellivisa Corp. and its subsidiary Nuron.AI Corp.

Last updated: June 2025

This Privacy Policy is published by Intellivisa Corp., a Delaware corporation (the US parent entity), and its wholly-owned subsidiary Nuron.AI Corp., an Ontario corporation (together, the "Intellivisa group," "Intellivisa," "we," "us," or "our"). It applies to your access to and use of our website, applications, programming interfaces, and the Intellivisa platform and related services (together, the "Services").

By accessing or using the Services, you confirm that you have read and understood this Privacy Policy.

A note on roles

Depending on the context, we act either as a data controller (where we determine why and how personal data is processed — for example, in relation to our website, marketing, accounts, and individuals who engage us directly) or as a data processor / service provider (where we process personal data on the documented instructions of a business client, such as a travel agency, online travel agency, global distribution system, university, or visa processor, who acts as the controller). Where we act as a processor, the privacy notice of the relevant business client governs that processing, and you should direct privacy questions and rights requests to that client.

1

Introduction and scope

This Privacy Policy describes the categories of personal data we collect, how and why we use it, who we share it with, how long we keep it, how we protect it, and the rights available to you. It applies to personal data processed through the Services and through our interactions with you.

We are committed to handling personal data in accordance with applicable data protection laws, which, depending on your location and the nature of the processing, may include:

  • The Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws in Canada;
  • The EU General Data Protection Regulation (GDPR) and the UK GDPR and Data Protection Act 2018 in the European Economic Area and the United Kingdom;
  • The Protection of Personal Information Act (POPIA) in South Africa; and
  • The California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA/CPRA), and comparable U.S. state privacy laws in the United States.

Where this Policy refers to a legal right or obligation, that reference applies to the extent the relevant law applies to you and to the processing in question.

2

Definitions

For convenience, the following terms have the meanings below. Where a defined term in an applicable law differs, that statutory meaning applies for the purposes of that law.

Personal data (or personal information):
Any information relating to an identified or identifiable individual.
Special category data (or special / sensitive personal information):
Personal data revealing or concerning biometric identifiers, health, racial or ethnic origin, religious or philosophical beliefs, or data relating to criminal matters, and financial account information, where treated as sensitive under applicable law.
Controller:
The party that determines the purposes and means of processing.
Processor (or service provider):
The party that processes personal data on behalf of, and under the instructions of, a controller.
Data subject:
The individual to whom personal data relates.
Processing:
Any operation performed on personal data, such as collection, storage, use, disclosure, or deletion.
3

Who we are and how to contact us

For processing described in this Policy (other than processing we carry out on behalf of a business client), the controller responsible for your personal data is Intellivisa Corp. if you are located in the United States, and Nuron.AI Corp. if you are located outside the United States.

Intellivisa Corp.

Delaware, USA — US parent entity

Nuron.AI Corp.

Ontario, Canada — wholly-owned Canadian subsidiary

Correspondence address: 2220 Lakeshore Boulevard West, Toronto, Ontario M8V 0C1, Canada

Data Protection Officer: Srijan Magon

Privacy enquiries: operations@intellivisa.ai

4

The personal data we collect

The categories of personal data we collect depend on how you use the Services. Because the Services support travel visa documentation and compliance, some of the data we process is necessarily detailed and, in certain cases, sensitive.

  • Identity and travel document dataFull name, date and place of birth, nationality, gender, passport and other travel or identity document numbers, issue and expiry dates, and document images.
  • Contact dataPostal address, email address, and telephone number.
  • Visa application dataPurpose and details of travel, travel history, itinerary, accommodation details, employment or study information, invitation or sponsorship details, and other information required by a destination authority.
  • Special category dataWhere a destination authority's requirements make it necessary: biometric photographs, health information, criminal record declarations, information that may reveal religion or ethnic origin, and financial information such as bank statements. Processed only where permitted by law and, where required, on the basis of your explicit consent.
  • Uploaded documents and supporting materialsScans or images of passports, photographs, financial documents, and other supporting documentation.
  • Account and authentication dataUsername, password and other credentials, and account settings.
  • Business and professional contact dataName, role, organisation, and work contact details (for users acting on behalf of an organisation).
  • Payment dataBilling details and transaction records (payment card details are processed by our payment providers and not stored by us).
  • Technical and usage dataIP address, device and browser information, log data, and information about how you interact with the Services.
  • Communications dataContent of, and metadata relating to, your communications with us, including support enquiries.
5

How we collect personal data

  • Directly from youWhen you create an account, submit an application or documents, communicate with us, or otherwise use the Services.
  • From our business clientsWhere a travel agency, online travel agency, global distribution system, university, visa processor, or similar client provides data to us so that we can deliver the Services on their behalf.
  • AutomaticallyThrough cookies and similar technologies when you use our website and applications.
  • From third partiesSuch as government and consular systems, official visa application centres, and identity or document verification providers.
6

How and why we use personal data

We use personal data for the purposes set out below. Where the GDPR, UK GDPR, or a comparable law applies, we rely on the lawful bases indicated.

To provide the Services

Receive, organise, and process visa documentation; analyse and validate submitted documents; assess applicable requirements; and assist with preparation and submission.

Lawful basis: Performance of a contract; legitimate interests; processing on behalf of a controller.

To carry out compliance checks

Support accuracy, completeness, and adherence to destination requirements.

Lawful basis: Performance of a contract; legitimate interests; legal obligation.

To process special category data

Where necessary to deliver the Services in light of a destination authority's requirements.

Lawful basis: Explicit consent, or another condition permitted by applicable law.

To manage your account and provide support

Authenticate you, respond to enquiries, and administer the relationship.

Lawful basis: Performance of a contract; legitimate interests.

To process payments

Take and record payment for the Services.

Lawful basis: Performance of a contract; legal obligation.

To secure the Services and prevent misuse

Protect against fraud, unauthorised access, and other security risks.

Lawful basis: Legitimate interests; legal obligation.

To maintain and improve the Services

Improve the performance and accuracy of our document-processing technology through automated processing. Our personnel do not read personal data contained in documents for this purpose.

Lawful basis: Consent (individuals); instructions of business clients under data processing agreements (processors); legitimate interests.

To communicate with you

Service-related notices and, where permitted, relevant updates.

Lawful basis: Legitimate interests; consent where required.

To comply with legal obligations

Establish, exercise, or defend legal claims.

Lawful basis: Legal obligation; legitimate interests.

7

Automated processing and the use of artificial intelligence

The Services use software, including machine learning and automated techniques, to help prepare, organise, classify, and check travel documentation, to identify applicable requirements, and to facilitate the submission of applications. The Services are not used to adjudicate applications.

Intellivisa does not make visa or immigration decisions.

Decisions on visa applications are made solely by competent government and consular authorities. Our outputs are informational and operational support; they do not determine, guarantee, or influence the outcome, processing time, or eligibility of any application.

Human review

Human review is applied by default within the Services. We do not use solely automated processing to make decisions that produce legal or similarly significant effects concerning you. Where applicable law (such as Article 22 GDPR) grants you rights in relation to such decisions, you may request human intervention, express your point of view, and contest the decision by contacting us at the details in Section 3.

8

How we share personal data

We share personal data only as necessary to provide the Services. We do not sell personal data.

  • Business clientsWhere we process personal data on behalf of a travel agency, university, or similar client, we disclose data to and as directed by that client.
  • Government and consular authoritiesIncluding government visa portals and authorised application centres. Transfer to destination-country authorities is inherent to the visa process.
  • Travel-technology and distribution partnersIncluding global distribution systems and platforms through which the Services are made available.
  • Service providers and sub-processorsCloud hosting, identity and document verification, communications, and analytics providers, under appropriate contractual safeguards.
  • Payment providersTo process payments.
  • Professional advisersAuditors, lawyers, and insurers where necessary.
  • Acquirers and successorsIn connection with a merger, acquisition, or sale of assets, subject to confidentiality protections.
  • Authorities and other partiesWhere necessary to comply with law, respond to lawful requests, or protect the rights and safety of Intellivisa, our users, or others.
9

International transfers

Because visa processing is inherently cross-border, personal data will be transferred to and processed in countries other than the one in which it was collected — including the destination country of an application and the countries in which we and our service providers operate. Where applicable law requires it, we rely on a lawful transfer mechanism, such as an adequacy decision, standard contractual clauses, or another mechanism permitted under applicable law. You may contact us for further information about the safeguards we apply. Transfers to government and consular authorities as part of the visa process are made because they are necessary to deliver the requested service.

10

How long we keep personal data

We retain personal data for as long as necessary to fulfil the purposes for which it was collected — including providing the Services, complying with legal, tax, accounting, and regulatory obligations, resolving disputes, and enforcing our agreements. When personal data is no longer required, we delete it or anonymise it. Criteria used to determine retention periods include the nature and sensitivity of the data, the purposes of processing, applicable legal and regulatory requirements, and the existence or likelihood of disputes. Where we process personal data on behalf of a business client, we retain and delete that data in accordance with our agreement with, and the instructions of, that client.

11

Data security

We implement appropriate technical and organisational measures designed to protect personal data against unauthorised or unlawful access, alteration, disclosure, loss, or destruction. These measures include:

  • Encryption of data in transit and at rest where appropriate
  • Access controls and authentication
  • Network and application security controls
  • Staff confidentiality obligations

No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential. Where required by applicable law to notify you or a regulator of a personal data breach, we will do so without undue delay.

12

Your privacy rights

Subject to applicable law, you may have the following rights in relation to your personal data:

Access

Obtain confirmation of whether we process your personal data and a copy of it.

Rectification

Have inaccurate or incomplete personal data corrected.

Erasure

Have your personal data deleted in certain circumstances.

Restriction

Restrict our processing in certain circumstances.

Portability

Receive certain personal data in a machine-readable format and have it transmitted to another controller.

Objection

Object to processing based on legitimate interests, and to direct marketing at any time.

Withdrawal of consent

Withdraw consent where we rely on it, without affecting prior processing.

Complaint

Lodge a complaint with the relevant supervisory authority.

Jurisdiction-specific information

European Economic Area and United KingdomYou may lodge a complaint with your local data protection authority, or with the UK Information Commissioner's Office (ICO).
South AfricaUnder POPIA, you may object to processing and request access or correction, and lodge a complaint with the Information Regulator (South Africa).
CanadaUnder PIPEDA, you may access and correct your personal information and complain to the Office of the Privacy Commissioner of Canada.
United States (including California)Where the CCPA/CPRA or comparable state law applies, you may have the right to know, access, correct, and delete personal information, and to opt out of the "sale" or "sharing" of personal information. We do not sell personal information. We will not discriminate against you for exercising your rights.

To exercise a right, contact us using the details in Section 3. We may need to verify your identity before responding and will respond within the timeframe required by applicable law.

13

Cookies and similar technologies

Our website uses cookies and similar technologies to operate the site, remember your preferences, measure performance, and improve the Services. These fall into broad categories:

  • Strictly necessaryRequired for the site to function.
  • FunctionalRemember your choices and preferences.
  • Performance and analyticsHelp us understand how the site is used.

Where required by law, we obtain your consent before placing non-essential cookies. You can manage your preferences through our cookie controls or your browser settings. Disabling certain cookies may affect the functionality of the site.

14

Third-party links and services

The Services may contain links to, or interoperate with, third-party websites and services, including government portals and application centres. We are not responsible for the privacy practices or content of those third parties, and we encourage you to review their privacy notices.

15

Children's privacy

The Services are intended for use by adults and by organisations and their authorised representatives. The Services are not directed to children for self-registration, and we do not knowingly collect personal data directly from children for that purpose.

We recognise that visa applications may involve minors — for example, in family applications or in connection with study by individuals under the age of majority. Where personal data relating to a minor is processed, it is provided by and processed in the context of an application managed by a responsible adult, parent or guardian, or an authorised business client, who is responsible for providing any required notices and obtaining any required consents. We apply additional care to personal data relating to minors in accordance with applicable law. If you believe a child's personal data has been provided to us other than as described, please contact us.

16

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will post the updated Policy on the Services and, where required by law, provide additional notice. The version of this Policy that applies is the one posted on the Services at the time you access them. Your continued use of the Services after an update takes effect constitutes acceptance of the revised Policy to the extent permitted by law.

17

Contact and complaints

For any privacy enquiry, to exercise a right, or to make a complaint, please contact our Data Protection Officer, Srijan Magon, at operations@intellivisa.ai, or write to us at the correspondence address in Section 3. If you are not satisfied with our response, you may contact the relevant supervisory authority identified in Section 12.

Questions about your privacy?

Our Data Protection Officer is here to help.

operations@intellivisa.ai