Privacy Policy

1. Introduction

This Privacy Policy describes how egvisas.com ("we", "us", or "our") collects, uses, stores, and shares personal information when you use our Egypt eVisa application assistance service. We are committed to protecting your personal data and complying with applicable data protection laws including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and equivalent regulations in jurisdictions where our customers reside.

By using our service, you consent to the collection and use of your personal data as described in this Privacy Policy.

2. Data controller

The data controller for personal information collected through egvisas.com is:

3. What personal data we collect

To process your Egypt eVisa application, we collect the following categories of personal data:

Identity and passport information

• Full name (as shown on your passport)

• Date of birth, place of birth, nationality, gender

• Passport number, issue date, expiry date, issuing country

• Passport biographic page scan or photo

• Passport-style photograph (digital file, reformatted by us to Egyptian 4 x 6 cm specifications)

Contact information

• Email address

• Phone number and WhatsApp number

• Country of residence

Travel information

• Intended arrival date in Egypt and entry port

• Length of stay and accommodation address in Egypt (if applicable)

• Purpose of travel (tourism, business)

Payment information

• Cardholder name and billing address

• Payment method (Visa, Mastercard, AmEx, UnionPay, Apple Pay, Google Pay, etc.)

• Note: full card numbers are processed by our PCI-DSS compliant payment processor (Stripe). We do not store full card details on our systems.

Technical and usage data

• IP address, browser type and version, device type, operating system

• Pages visited, time spent, referral source, search terms used

• Cookies and similar tracking technologies (see our Cookie Policy)

4. How we use your personal data

We use your personal data for the following purposes, on the following legal bases:

• To process your visa application (contract performance): submitting your application to the Egyptian eVisa portal, communicating updates, delivering the approved eVisa by email.

• To provide customer support (contract performance, legitimate interest): responding to your inquiries by email, WhatsApp, and phone.

• To detect fraud and ensure security (legitimate interest, legal obligation): verifying applicant identity, preventing fraudulent applications.

• To improve our website and services (legitimate interest): analyzing usage patterns, conducting A/B tests, improving the user experience.

• To comply with legal obligations (legal obligation): record-keeping for tax, accounting, and immigration-related laws.

• For marketing communications, only where you have opted in (consent): newsletters, travel guides, and promotional offers.

5. How we store and protect your data

Your personal data is stored on secure servers operated by our cloud infrastructure providers, with industry-standard encryption at rest and in transit (TLS 1.2+). We implement organizational and technical safeguards including:

• Encrypted storage of sensitive identity documents and photos

• Role-based access controls limiting employee access to personal data on a need-to-know basis

• Regular security audits and vulnerability scanning

• Secure payment processing via PCI-DSS Level 1 certified providers (Stripe)

• Multi-factor authentication for all employee accounts accessing customer data

Despite these measures, no system is 100% secure. We cannot guarantee absolute security of your data, but we will notify affected customers and regulators of any data breach in accordance with applicable law.

6. Third-party service providers

We share your personal data with the following categories of third parties, only as necessary to deliver our service:

• Egyptian eVisa portal (https://visa2egypt.gov.eg): we submit your application details, passport scan, and photograph to the official Egyptian government portal. This transfer is essential to obtaining your visa.

• Payment processors: Stripe processes your card payment. Card data is handled directly by Stripe under PCI-DSS Level 1 certification.

• Cloud hosting: our infrastructure providers (AWS, Cloudflare) store and serve our website and application data.

• Email and messaging: SendGrid (transactional email), WhatsApp Business API (customer support).

• Analytics: Google Analytics 4 (anonymized usage data only). See our Cookie Policy for details and opt-out.

• Legal and compliance: if required by law, court order, or to protect our rights, we may share data with law enforcement, regulators, or legal advisors.

7. Cookies and tracking technologies

We use cookies and similar technologies to operate our website, remember your preferences, and analyze usage. For full details on the cookies we use and how to manage them, please see our Cookie Policy.

8. International data transfers

Your personal data is processed primarily in the United States (where Travel Rox, Inc. is incorporated) and transferred to Egypt as part of the visa application process. We rely on the following legal mechanisms for international data transfers:

• EU/UK customers: Standard Contractual Clauses (SCCs) approved by the European Commission and the UK Information Commissioner's Office, supplemented by appropriate technical and organizational measures.

• Customers from other jurisdictions: contractual safeguards equivalent to SCCs, ensuring your data receives a comparable level of protection.

By using our service, you acknowledge that transferring your data to Egypt is necessary to process your eVisa application and that the Egyptian eVisa portal operates under Egyptian law, which may differ from your home jurisdiction.

9. Data retention

We retain your personal data only as long as necessary to fulfill the purposes described in this Privacy Policy. Specific retention periods:

• Application and passport data: 7 years after visa approval or rejection, to comply with tax and audit obligations.

• Email and support correspondence: 3 years after the last communication.

• Payment records: 7 years (US tax law requirement).

• Marketing data: until you withdraw consent or opt out, whichever is sooner.

• Analytics data: 26 months (Google Analytics 4 default), then aggregated and anonymized.

10. Your rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

• Right of access: request a copy of the personal data we hold about you.

• Right of rectification: correct inaccurate or incomplete data.

• Right of erasure ("right to be forgotten"): request deletion of your data, subject to legal retention requirements.

• Right to restrict processing: limit how we use your data in certain circumstances.

• Right to data portability: receive your data in a machine-readable format.

• Right to object: object to processing based on legitimate interest or for direct marketing.

• Right to withdraw consent: for any processing based on consent.

• Right to lodge a complaint with your local data protection authority.

To exercise any of these rights, email us at inq@egvisas.com. We respond to verified requests within 30 days, free of charge.

11. Children's privacy

Our service is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. Parents and guardians may submit visa applications on behalf of minor children, in which case the data collected is processed under the parent's or guardian's authority. If you believe we have collected personal data from a child under 16 without parental consent, please contact us immediately so we can delete it.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. Updates will be posted on this page with a revised "Last reviewed" date. Material changes affecting your rights will be communicated via email or a prominent notice on our website. Your continued use of our service after the effective date of any update constitutes your acceptance of the revised Policy.

13. Data Protection contact

For privacy-related inquiries, data access requests, or to exercise any of your rights under this Policy, please contact: