Legal

Privacy Policy

Effective date: 1 January 2026. Last updated: 29 April 2026.

Atlys is committed to protecting your personal information. This policy explains what data we collect, why we collect it, and how we keep it safe. Please read it carefully.

1

Information We Collect

  • Personal Identification: Name, email address, phone number, date of birth, passport details, and nationality when you create an account or apply for a visa.
  • Application Data: Travel history, visa application documents, photographs, financial information, and any other data required to process your visa application.
  • Usage Data: Pages visited, features used, device type, browser, IP address, and interaction patterns within the Atlys platform.
  • Payment Information: Billing address and payment method details. Full card numbers are never stored on our servers — payments are processed by PCI-DSS compliant third-party processors.
  • Communications: Messages exchanged with our support team, feedback you provide, and survey responses.
2

How We Use Your Information

  • Visa Processing: To submit your application to the relevant government authorities and track its status on your behalf.
  • Account Management: To create and maintain your Atlys account and provide customer support.
  • Service Improvement: To analyse platform usage, fix bugs, and develop new features that make visa applications faster and simpler.
  • Communications: To send application status updates, service announcements, and — where you have opted in — relevant travel and visa information.
  • Legal Compliance: To meet our obligations under applicable laws and regulations in the jurisdictions we operate in.
  • Fraud Prevention: To detect and prevent fraudulent activity and protect the security of your account and our platform.
3

Sharing Your Information

  • Government Authorities: Your visa application data is submitted to the relevant embassy, consulate, or immigration authority as required to process your application.
  • Service Providers: We share data with vetted third-party vendors (cloud hosting, payment processors, identity verification) who process data on our behalf under strict data processing agreements.
  • Legal Requirements: We may disclose your data if required by law, court order, or to protect the rights and safety of Atlys, our users, or the public.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.
  • We do not sell your personal data to third parties for marketing purposes.
4

Cookies & Tracking

  • Essential Cookies: Required for the platform to function — session management, security tokens, and user preferences. These cannot be disabled.
  • Analytics Cookies: Help us understand how users navigate Atlys so we can improve the experience. We use privacy-respecting analytics with IP anonymisation enabled.
  • Marketing Cookies: Used to measure the effectiveness of our advertising. You can opt out at any time via your account settings or browser controls.
  • You can manage cookie preferences in your browser settings. Note that disabling certain cookies may affect platform functionality.
5

Data Retention

  • We retain your personal data for as long as your account is active or as needed to provide our services.
  • Application records, including submitted documents and visa outcomes, are retained for 7 years to comply with regulatory requirements and to assist with future applications.
  • After account deletion, most personal data is purged within 90 days. Some data may be retained longer where required by law.
6

Your Rights

  • Access: You can request a copy of the personal data we hold about you at any time.
  • Correction: You can update inaccurate or incomplete data directly in your account settings or by contacting us.
  • Deletion: You can request deletion of your account and associated data, subject to legal retention requirements.
  • Portability: You can request your data in a structured, machine-readable format.
  • Objection: You can object to certain processing activities, including direct marketing communications.
  • To exercise any of these rights, contact our privacy team at privacy@atlys.com. We will respond within 30 days.
7

Security

  • We use industry-standard security measures including AES-256 encryption at rest, TLS 1.3 in transit, multi-factor authentication, and regular third-party security audits.
  • Access to personal data within Atlys is restricted to employees and contractors who need it to perform their job functions, governed by least-privilege access controls.
  • Despite these measures, no system is completely secure. If you believe your account has been compromised, contact us immediately at security@atlys.com.
8

International Transfers

  • Atlys operates globally. Your data may be transferred to and processed in countries other than your country of residence, including the United States, India, and the United Arab Emirates.
  • For transfers from the European Economic Area, we rely on Standard Contractual Clauses approved by the European Commission to ensure adequate protection of your data.
9

Changes to This Policy

  • We may update this Privacy Policy from time to time. We will notify you of material changes by email and by posting a notice on the Atlys platform at least 30 days before the change takes effect.
  • Continued use of Atlys after the effective date of a revised policy constitutes acceptance of the updated terms.
10

Contact Us

  • For privacy-related enquiries or to exercise your rights, contact our Data Protection Officer at:
  • Email: privacy@atlys.com
  • Post: Atlys Inc., 301 Mission Street, San Francisco, CA 94105, United States
  • If you are based in the European Union, you may also lodge a complaint with your local data protection supervisory authority.