Introducing Navos Intelligence: Know exactly how external forces affect your business every week.

Learn more
Privacy

Privacy policy

Last updated: April 10, 2026

1. What we collect

We collect information you provide directly: your name, email address, and company affiliation when you create an account.

We collect company data you upload or provide through the platform: financial data, strategy inputs, CEO questionnaire responses, and advisor conversations.

We also collect standard usage analytics (pages visited, features used, session duration) to improve the service.

2. How we use your data

Your data is used to provide the platform's analysis and advisory features, generating strategy reviews, operating environment briefs, performance tracking, and AI advisor responses.

We may use aggregated, anonymized data to improve the service. We never use individual company data for purposes other than delivering your advisory service.

3. AI processing disclosure

Your company data is processed by Anthropic (Claude) and OpenAI APIs to generate analysis and advisory content. Both providers operate under enterprise API terms: your data is not used to train AI models.

Data sent for processing is not stored by these providers beyond the API request lifecycle.

4. Third-party services

We use the following services to deliver the platform:

  • Supabase (AWS EU) — database hosting and authentication
  • Anthropic — AI analysis and advisory generation
  • OpenAI — AI data extraction and processing
  • Perplexity — web intelligence search (no company data sent)
  • Resend — transactional email delivery
  • Firecrawl — public web data extraction

4.5. Website analytics and cookies

The Navos marketing website at navos.ai uses Google Analytics 4 to measure how visitors use the site: pages viewed, time on site, referral source, and aggregate device and country information. We use this data to improve content, navigation, and performance. Google Analytics is the only analytics tool we use on the marketing site.

Legal basis: your explicit consent under Art. 6(1)(a) GDPR and Art. 5(3) of the ePrivacy Directive (2002/58/EC as amended). We do not rely on "legitimate interest" for analytics tracking.

Consent-first approach. We implement Google Consent Mode v2 in advanced mode. All consent signals (analytics_storage, ad_storage, ad_user_data, ad_personalization) are set to denied by default before any Google script loads. The Google Analytics script (gtag.js) is loaded on every page, but it respects the denied state: no cookies are set, no identifiers are created, and no personal data is sent to Google until you explicitly accept via the consent banner on your first visit.

Cookieless signals. Even when consent is denied, the Google Analytics script may send anonymous, aggregated signals (without cookies or identifiers) that Google uses for statistical modeling of overall traffic. These signals do not identify you and are not joined to any profile. You can prevent them entirely by declining consent and blocking the google-analytics.com domain at the browser level.

Data recipients. When you consent, analytics data is sent to Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) as the EEA contact, and to Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as the US-based data recipient.

International transfers. Transfer of data to Google LLC in the United States is based on the European Commission's adequacy decision of 10 July 2023 under the EU-US Data Privacy Framework (Commission Implementing Decision (EU) 2023/1795). Google LLC is self-certified to the DPF; you can verify active certification at dataprivacyframework.gov. Google's data processing terms also provide Standard Contractual Clauses as a supplementary safeguard.

Cookie retention. If you accept analytics cookies, Google Analytics sets the cookies listed in our Cookie policy. The primary cookies (_ga, _ga_<container-id>) have a 2-year lifetime. Google Analytics itself retains associated event data server-side for 2 months by default.

Your rights and how to withdraw. You can withdraw your consent at any time by clicking "Cookie preferences" in the footer of any page. Withdrawal takes effect immediately: existing Google Analytics cookies are cleared from your device, the denied state is restored, and no further data is sent. You can also block Google Analytics entirely through your browser settings or the official Google Analytics opt-out browser add-on.

Consent record. Because all tracking is blocked by default, we do not process personal data for analytics unless you affirmatively consent. Your consent choice is recorded only in your own browser's localStorage; we do not maintain a server-side consent audit log. If you believe analytics data was collected in error, contact us at security@navos.ai and we will investigate.

The Navos platform itself (behind the login) does not use analytics cookies. Sections 3 and 4 above describe the processing applied to data inside the authenticated platform.

5. Data storage and retention

All data is stored in Supabase (AWS EU region, eu-central-1). Data is encrypted at rest (AES-256) and in transit (TLS 1.2+).

Your data is retained while your account is active. Upon account termination, your data is deleted within 30 days. Anonymized aggregate data that is no longer personally identifiable may be retained.

6. Data sharing

We do not sell your data. We do not share your data with third parties for marketing purposes.

Data sharing is limited to the AI processing partners listed in Section 4, solely for the purpose of delivering your advisory service.

7. Your rights

Under GDPR and applicable data protection law, you have the right to:

  • Access — view and export all your data at any time
  • Rectification — correct any inaccurate data
  • Erasure — request complete deletion of your data
  • Portability — export your data in structured, machine-readable format
  • Restriction — pause all processing while retaining your data

8. Contact

For privacy-related questions or to exercise your data rights, contact us at security@navos.ai.