Legal document

Privacy Policy

Last updated: July 11, 2026

At a glance

1.Who we are

VizoraMail (“the Service”, “we”) is an email-monitoring platform for travel and visa-service agencies. It automatically detects, inside explicitly authorized mailboxes, notifications sent by visa application centers (TLScontact, VFS Global, consulates…) and alerts the relevant agency.

The Service is published and operated by:

For any question about this policy or your data, contact us at the address above (see also section 16).

2.Definitions and scope

This policy applies to VizoraMail's public website, its web application and its monitoring engine. It covers all data processed by the Service, including data obtained through Google and Microsoft APIs.

3.Data we collect

Category Data Source
Agency account Agency name, sign-in email, password (stored only as an irreversible hash), notification email address. Entered when the account is created.
Client file Client's first and last name, phone number, monitored mailbox address, case-tracking dates (start date, payment due date). Entered by the Agency.
Email content For each processed email: sender, subject, date, message body (plain text and HTML) and the names of attachments. Attachment contents are never downloaded or stored. Read from authorized mailboxes through Google's and Microsoft's official interfaces (see sections 5 and 6).
Access tokens OAuth refresh tokens and mailbox app passwords, stored encrypted. Provided when the mailbox is authorized.
Technical data Processing history (timestamps, number of emails analyzed, rules applied, errors) and server logs. Generated by the operation of the Service.

We do not collect any browsing data for advertising purposes and we use no analytics tools (see section 9 — Cookies).

4.Purposes: why we use this data

The data described above is used exclusively for the Service's user-facing features:

We never use this data for: advertising or ad targeting, selling or renting to third parties, profiling, creditworthiness assessment, or training artificial-intelligence or machine-learning models.

5.Google user data

5.1 Requested permissions (OAuth scopes)

When a Gmail mailbox is connected through “Sign in with Google”, VizoraMail requests the following permissions:

5.2 What we do with this data

5.3 Who can see this data

The email content of a mailbox is visible only to: (a) the authorized users of the Agency the mailbox belongs to, within the mandate granted by the mailbox owner (see section 7); and (b) the Service operator, only where strictly necessary for maintenance, security, or compliance with a legal obligation. No other human access takes place.

5.4 Limited Use disclosure (required by Google)

VizoraMail's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

In practice, data obtained through Google APIs: is used only to provide the features described in section 4; is never sold; is never used for advertising; is never used to train generalized AI models; and is read by humans only in the cases described in section 5.3.

6.Microsoft user data

When an Outlook mailbox is connected, VizoraMail requests the Microsoft Graph Mail.Read permission: it allows reading emails only, with no ability to send, modify or delete anything.

The same commitments as for Google apply: reading of the Inbox and Junk folders, storage of the sender, subject, date, body and attachment names (never their contents), encrypted access token, no advertising or commercial use, no transfer to third parties, and human access limited to the cases in section 5.3.

7.Mailbox owner consent

A mailbox can only be monitored with the explicit consent of its owner, expressed on Google's or Microsoft's authorization screen (or by voluntarily providing an app password).

When the Agency connects a client's mailbox as part of handling their visa case, the Agency warrants that it has previously informed the client and obtained their explicit agreement regarding: the monitoring of their mailbox by the Service, the Agency's access to detected and archived emails, and the duration of that monitoring.

The mailbox owner may withdraw consent at any time, without giving any reason, through any of the means described in section 12. Withdrawal immediately ends the monitoring of the mailbox.

8.Sharing and disclosure

We do not sell, rent or share your data with any third party, except:

Each Agency can only access its own data: agency workspaces are strictly isolated from one another.

9.Cookies

The application uses a single session cookie, strictly necessary for the signed-in area to work (it proves you are authenticated). It is flagged HttpOnly (unreadable by scripts) and expires on sign-out or after a period of inactivity.

We use no advertising cookies, no trackers and no analytics tools.

Public pages load fonts from Google Fonts: when they load, your IP address is transmitted to Google, as with any third-party-hosted content.

10.Security

No system is infallible: in the event of a data breach likely to affect you, we will inform you as soon as possible, as well as the competent authorities where the law requires it.

11.Retention and deletion

Complete deletion on request: a mailbox owner or an Agency may at any time request the permanent deletion of all data concerning them (email content, client file, tokens, archives) by writing to [email protected]. Deletion is carried out within a maximum of 30 days, including in our backup copies.

12.Revoking access

The Service's access to a mailbox can be withdrawn at any time, through three independent means:

13.Your rights

In accordance with Moroccan law No. 09-08 on the protection of individuals with regard to the processing of personal data, you have the following rights:

To exercise these rights, write to [email protected]. We reply within a maximum of 30 days. You may also lodge a complaint with Morocco's data protection authority (CNDP).

If you reside in the European Economic Area, the equivalent rights under the General Data Protection Regulation (GDPR) apply, including the right to data portability and the right to lodge a complaint with your local supervisory authority.

14.Minors

The Service is intended for professionals. When a visa case concerns a minor, the Agency warrants that it has the legal guardian's consent for the monitoring of the mailbox associated with the case.

15.Changes to this policy

We may update this policy to reflect changes in the Service or in legal obligations. The date of the latest update is shown at the top of this page. In the event of a substantial change (new purpose, new sharing), Agencies will be informed through the application or by email before it takes effect.

16.Contact

For any question about this policy or your data: