Privacy Policy

NAVI is an AI-powered student productivity platform operated in Egypt. For questions about your data, contact us at navibygeo@gmail.com.

We collect the following categories of data when you use NAVI:

Account & Identity Data

• Email address (provided during sign-up or via Google OAuth).
• Display name (if you choose to set one).
• Password (hashed and never readable — stored securely by Supabase Auth).
• Google account identifier (if you sign in with Google).

Profile Data

• Institution type (university, school, self-studying).
• Year level and major.
• Timezone and language preference.
• Subscription tier and status.

Academic Content You Create

• Courses, subjects, and grade components you add.
• Tasks, study sessions, and schedule items.
• Notebooks and notes.
• Files and documents you upload as study materials.
• Messages you send to NAVI (AI conversations).
• Group chat messages (visible to other group members).

Usage & Technical Data

• Message counts and file upload counts (used to enforce subscription limits).
• Log timestamps of key actions (for debugging and security).
• IP address and browser type (collected by our infrastructure providers for security purposes).

Payment Data

• We store only your subscription tier and status. Card details are handled exclusively by Kashier and are never stored by NAVI.

We use your data to:

• Provide, operate, and maintain the NAVI platform and all its features.
• Personalise your experience (e.g., remembering your settings, pre-filling your name in AI conversations).
• Enforce subscription limits and process payments.
• Send transactional emails (e.g., email verification, support replies, billing notifications).
• Detect and prevent fraud, abuse, or violations of our Terms of Service.
• Improve NAVI's features and reliability through anonymised usage analysis.
• Respond to your support requests.

We do not:

• Sell your personal data to third parties.
• Use your academic content to train AI models.
• Show you third-party advertisements.
• Share your data with data brokers.

If you enable Personalised Learning Memory in Settings, NAVI builds a private profile of your learning patterns — such as your preferred explanation style, topics you find difficult, and study habits.

• Memory notes are stored only for your account and used only to personalise NAVI's responses to you.
• Memory is never shared with other users, advertisers, or third parties.
• Memory notes focus solely on academic behaviours. NAVI never infers or stores sensitive attributes such as health information, religion, political views, ethnicity, sexual orientation, or financial status.
• You can view, edit, export, or delete your memory notes at any time from Settings → Personalization & Memory.
• You can fully disable Learning Memory at any time. Disabling it does not affect any other features.

Messages and content posted in group chat spaces are visible to all members of that group. Private AI conversations you have within a group session are visible only to you. Be mindful of what personal information you share in group spaces.

If a group is deleted or you are removed, your messages may no longer be accessible to you but may remain in the group's history for other members depending on group settings.

NAVI uses OpenRouter to route AI requests to language model providers (such as Google, Anthropic, or OpenAI). Your messages and relevant academic context are sent to these providers to generate responses.

• We do not send your name, email, or account identifiers to AI providers.
• AI providers process your messages under their own privacy policies.
• AI conversations may be retained by providers for limited periods for safety and quality purposes, per their policies.

Other third-party services we use:

• Supabase — database and authentication hosting (EU/US servers).
• Kashier — payment processing.
• Resend / SendGrid — transactional email delivery.

Your data is stored in Supabase (PostgreSQL) with Row-Level Security (RLS) enforced at the database level, meaning your data is strictly isolated from other users' data.

• All data is encrypted in transit using TLS 1.2+.
• Passwords are hashed using bcrypt and are never accessible in plaintext.
• Service-level access to the database is restricted to authenticated backend processes only.
• We do not store data unnecessarily — content is retained only as long as needed to provide the service.

While we take reasonable security measures, no system is 100% secure. If you discover a security vulnerability, please contact us responsibly at navibygeo@gmail.com.

• Active accounts: your data is retained for as long as your account is active.
• Deleted accounts: data is removed within 30 days of account deletion, except where legally required to retain it.
• AI conversation logs: retained for up to 12 months for debugging and quality purposes, then deleted.
• Support requests: retained for up to 2 years for accountability and legal purposes.
• Payment records: retained for 5 years as required by Egyptian financial regulations.

You have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you.
• Correction: update incorrect or incomplete profile information at any time in Settings.
• Deletion: request full account and data deletion by emailing navibygeo@gmail.com.
• Export: export your learning memory notes from Settings → Personalization & Memory.
• Opt-out of memory: disable personalised learning memory at any time in Settings, with no impact on other features.
• Withdraw consent: if you previously consented to any optional data processing, you may withdraw that consent at any time.

To exercise any of these rights, contact us at navibygeo@gmail.com. We will respond within 30 days.

NAVI is not intended for children under 13. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected data from a child under 13, contact us immediately at navibygeo@gmail.comand we will delete it promptly.

Users between 13 and 18 must have parental or guardian consent to use NAVI. Parents may contact us to request access to or deletion of their child's data.

NAVI uses browser cookies and local storage for:

• Authentication session management (keeping you logged in).
• User preferences (theme, language).
• Security tokens (CSRF protection).

We do not use advertising cookies or third-party tracking cookies. You can clear cookies through your browser settings, but doing so will log you out of NAVI.

We may update this Privacy Policy from time to time. Material changes will be notified via email and/or an in-app notice at least 14 days before taking effect. Your continued use of NAVI after that date constitutes acceptance of the updated policy.

For privacy questions, data requests, or concerns, contact us at:
Email: navibygeo@gmail.com
Phone: +20 155 545 5607
Location: View on Google Maps
Platform: NAVI Support Form

If you are unsatisfied with our response to a privacy concern, you may escalate to the relevant data protection authority in your jurisdiction.

Under the GDPR and UK GDPR, we rely on the following lawful bases:

• Contract (Art. 6(1)(b)) — to provide the NAVI service you signed up for: hosting your sessions, notebooks, files, schedule, AI responses.
• Consent (Art. 6(1)(a)) — for Learning Memory personalisation, optional email notifications, and non-essential cookies. You can withdraw consent any time from Settings.
• Legitimate interests (Art. 6(1)(f)) — for security, fraud detection, rate limiting, and basic service analytics (aggregate usage counts). We balance these against your rights and you can object via the contact email.
• Legal obligation (Art. 6(1)(c)) — to comply with tax, fraud-prevention, or law-enforcement orders.

NAVI is operated from Egypt. Your data is stored and processed by service providers located in the United States and European Union:

• Supabase (database + auth) — EU / US regions, GDPR Standard Contractual Clauses in place.
• Vercel (hosting + serverless functions) — US, SCCs.
• OpenRouter (AI model routing) — US, only AI prompt text is sent, not your full account data.
• Resend (email delivery) — EU/US, SCCs.
• Kashier (payments) — only when you upgrade a subscription.

Where data leaves the EU/UK, transfers are protected by the European Commission's Standard Contractual Clauses (SCCs) or equivalent safeguards.

• Account data: retained while your account is active. Deleted within 30 days of account deletion (backups within 90 days).
• Sessions / messages / notebooks / materials: retained until you delete them or your account.
• Learning Memory notes: only created if you opt in; deletable at any time.
• Usage logs: aggregated after 12 months; raw logs deleted within 90 days.
• Payment records: retained for 7 years as required by tax law.
• Authentication logs (sign-ins, failed-password attempts): retained for 90 days for security.

California residents have specific rights under the California Consumer Privacy Act (CCPA) as amended by the CPRA:

• Right to know what personal information we collect, use, disclose.
• Right to delete your personal information.
• Right to correct inaccurate information.
• Right to opt out of sale or sharing.
• Right to limit use of sensitive personal information.
• Right to non-discrimination for exercising your rights.

We do not and have never sold your personal information. We do not share personal information for cross-context behavioural advertising. The only third parties who receive your data are essential service providers (listed in §15) under data-processing agreements.

To exercise any of these rights, visit Your Data Rights or email navibygeo@gmail.com. We will not discriminate against you for exercising your rights — same features, same prices, same experience.

NAVI uses cookies and local storage to:

• Strictly necessary — keep you signed in (Supabase session cookies), maintain CSRF protection, remember your cookie-banner choice.
• Functional — your theme (light/dark), the last session/notebook you opened, draft messages.

We do not use third-party advertising, marketing, or cross-site tracking cookies. You can manage your choice via the cookie banner that appears on your first visit, or by clearing cookies in your browser.

NAVI is intended for students aged 16 or older. We do not knowingly collect data from children under 16 in the EU/UK or under 13 in the United States.

If you are a parent or guardian and believe a child under these ages has an account, email navibygeo@gmail.com with proof of relationship and we will delete the account.