Privacy Policy

This Privacy Policy explains how personal data is collected, used, stored, and protected when you use evis.ma, operated by Nomora Digital Services, Inc., a company registered in the State of Delaware, United States ("Company," "we," "us," or "our").

By using the website or purchasing services, you acknowledge this Privacy Policy.

1. Data Controller

The data controller responsible for your personal data is:

2. Categories of Data Collected

2.1 Information You Provide

We may collect:

• Full name, date of birth, nationality, and gender
• Passport number, issue/expiry dates, and passport image
• Contact details (email, phone number, address)
• Travel details (dates, accommodation, purpose of visit)
• Billing name, billing address, and transaction confirmation

Payment card numbers are processed only by Stripe and are not stored on our servers.

2.2 Automatically Collected Data

When you access the website, we may collect:

• IP address and approximate location
• Browser, device, and operating system information
• Pages visited, timestamps, and interaction data
• Referral URLs and session identifiers

2.3 Communications

We may retain:

• Email correspondence
• Support chat transcripts
• Customer service call records (where applicable)

3. Legal Bases for Processing (GDPR)

Where applicable data protection laws apply, we rely on:

• Performance of a contract – to provide purchased services
• Legal obligation – accounting, compliance, and fraud prevention
• Legitimate interests – security, service improvement, and analytics
• Consent – marketing communications and optional cookies

4. How We Use Personal Data

We use data to:

• Prepare and submit travel documentation applications
• Provide customer support and service updates
• Process payments and refunds
• Detect fraud, abuse, or security threats
• Comply with legal and regulatory obligations
• Improve website functionality and performance

5. Cookies and Tracking

We use cookies necessary for:

• Website operation and security
• User preferences and session management
• Analytics and performance measurement

Where required by law, non-essential cookies are used only with consent. You may control cookies via browser settings; disabling essential cookies may affect functionality.

6. Sharing of Personal Data

We may share data with:

• Government authorities for application processing
• Stripe and payment processors for billing
• Cloud hosting and technical providers for infrastructure
• Legal or regulatory authorities where required by law

We do not sell personal data to third parties. All service providers are required to maintain appropriate confidentiality and security safeguards.

7. International Data Transfers

Because we operate globally, personal data may be processed in:

• United States
• European Union
• Morocco (for application processing)
• Other jurisdictions where service providers operate

Where required, transfers rely on Standard Contractual Clauses (SCCs), adequacy decisions, or other lawful transfer mechanisms.

8. Data Retention

We retain data only as long as necessary:

• Application records: up to 5 years
• Financial and accounting records: up to 7 years
• Support communications: up to 3 years
• Analytics data: up to 26 months

After retention expires, data is securely deleted or anonymized.

9. Your Data Protection Rights

Depending on your jurisdiction, you may have rights to:

• Access your personal data
• Correct inaccurate data
• Request deletion (where legally permitted)
• Restrict or object to processing
• Receive a portable copy of your data
• Withdraw consent at any time
• Lodge a complaint with a supervisory authority

Requests can be submitted to [email protected]. We typically respond within 30 days.

10. Data Security

We implement administrative, technical, and physical safeguards, including encrypted data transmission (SSL/TLS), secure infrastructure, access controls, monitoring for unauthorized access, and staff confidentiality obligations. No system is completely secure; however, we take reasonable industry-standard measures to protect data.

11. Data Breach Notification

Where legally required, we will notify affected individuals, inform relevant supervisory authorities, and take steps to mitigate risks.

12. Children’s Data

Services are not directed to children under 18. Where an application involves a minor, the parent or legal guardian is responsible for consent and data accuracy.

13. Marketing Communications

We send marketing only with opt-in consent. You may unsubscribe at any time via email link or by contacting us. Transactional service emails are not affected by marketing opt-out.

14. Third Party Links

We are not responsible for privacy practices of external websites linked from our platform.

15. Updates to This Policy

We may revise this Privacy Policy periodically. Updated versions become effective upon publication on the website.

16. Contact Information

By using the website or services, you confirm that you have read and understood this Privacy Policy.