Privacy Notice

Last updated: 7 July 2026

Controller and contact

Navos AI, Inc. is the controller for personal data processed in Navos customer workspaces and related product communications. Contact us at contact@navos.ai.

EU representative: to be appointed. Until that appointment is complete, EU privacy questions and rights requests should be sent to the contact address above.

Information we collect

  • Account information: name, work email address, company, role, invitation status, account preferences, and authentication identifiers.
  • Authentication and security records: sessions, login attempts, device/browser metadata, and AuthEvent logs retained for 395 days to investigate access and security events.
  • Workspace data: company profile, intelligence configuration, saved reports, operating-environment settings, contact fields such as ceo_email, and share-recipient emails used to deliver shared report links or notifications.
  • Product usage data: reader-engagement tracking, page views, report opens, module interactions, and cookieless PostHog product analytics used to understand product adoption and reliability. PostHog analytics do not include cookies, user IDs, company IDs, or session recordings in the current configuration.
  • Support and communications: messages you send us, support context, service announcements, and operational email delivery metadata.

How we use it

  • Provide, secure, and administer customer workspaces.
  • Generate and deliver requested intelligence reports and operating-environment briefs.
  • Measure product reliability, engagement, and adoption.
  • Debug errors, investigate security incidents, and support users.
  • Communicate with you about account, service, and product updates.

Subprocessors and transfers

We do not sell personal data. We use service providers to operate the product, including infrastructure, authentication, observability, analytics, email delivery, and AI model/API services. A current product subprocessor register is published at /subprocessors.

Where personal data is transferred internationally, we use an appropriate transfer mechanism for the transfer, such as standard contractual clauses, the UK addendum, or a Data Privacy Framework certification where applicable.

Retention

DataRetention
Account and workspace recordsFor the customer relationship, then as needed for legal, audit, and security records.
AuthEvent logs395 days.
SessionsUntil expiry, logout, replacement, or security-driven revocation.
Share-link recipient records and notesUntil link expiry, usually 30 days, then purged by scheduled maintenance.
Reader-engagement events395 days.
Anonymous PostHog product analyticsRetained while needed for product analytics and reviewed at least annually.

Your rights

Depending on where you are located, you may have rights to access, correct, delete, restrict, object to, or receive a copy of personal data about you. For EU users, this includes rights under Articles 15 to 22 of the GDPR. Send requests to contact@navos.ai.

Security and changes

We use technical and organisational controls described on the Security page. We may update this notice as the product, law, or our operations change, and will update the date above when we do.

© 2026 Navos AI, Inc.