Privacy Policy

We collect information you provide directly, information generated through your use of Navoxo, and limited technical information necessary to operate the service.

• Account information: name, email address, password (hashed, never stored in plain text).
• Session content: goals, decisions, and confusion you describe in Clarity Sessions, and the roadmaps generated from them.
• Usage data: pages visited, features used, session duration — collected in aggregate, not tied to your identity for analytics purposes.
• Payment information: processed entirely by Stripe or Razorpay. We never see or store your full card number.
• Device information: browser type, operating system, IP address (used for fraud prevention and regional pricing, then discarded).

We use your information to:

• Generate your Clarity Sessions, roadmaps, and Decision Engine outputs.
• Maintain your account and remember your progress across sessions.
• Process payments and manage subscriptions.
• Send essential service emails (password resets, billing receipts) and, if you opt in, product updates.
• Improve Navoxo’s reliability, performance, and AI response quality at an aggregate level.
• Detect and prevent fraud, abuse, or violations of our Terms of Service.

When you use a Clarity Session or Decision Engine, your input is sent to our AI processing provider solely to generate a response for you. This content is not reviewed by Navoxo staff under normal operation, and is not used to train third-party AI models.

If we ever wish to use anonymised, aggregated session patterns to improve Navoxo’s own prompts and roadmap quality, we will request separate, explicit opt-in consent — this is never bundled into account creation.

We do not sell your personal information. We share data only with:

• Service providers: hosting (Vercel), database (Supabase), payments (Stripe, Razorpay), AI processing (OpenRouter) — each bound by their own data protection agreements.
• Legal compliance: if required by law, court order, or to protect the rights and safety of Navoxo or its users.
• Business transfers: in the event of a merger or acquisition, with notice provided to you beforehand.

Your data is stored on encrypted infrastructure with industry-standard security practices, including encryption in transit (TLS) and at rest. Passwords are hashed using bcrypt and never stored in recoverable form.

While we take security seriously, no system is perfectly secure. We commit to notifying affected users within 72 hours of confirming any data breach affecting their personal information.

You can at any time:

• Access, export, or delete your account data from your account settings.
• Request a full copy of your stored data by emailing [email protected].
• Opt out of non-essential marketing emails via the unsubscribe link in any email.
• Request correction of inaccurate personal information.
• Withdraw consent for optional data uses (such as anonymised model improvement) at any time.

We use minimal cookies: one to remember your theme preference (Void or Ivory), one to keep you signed in, and aggregate, privacy-respecting analytics to understand product usage. We do not use third-party advertising trackers.

Navoxo is not directed at children under 16. We do not knowingly collect personal information from anyone under 16. If we learn we have done so, we will delete it promptly.

Navoxo is used globally. Your information may be processed in countries other than your own, including the United States, under data protection standards consistent with this policy regardless of where processing occurs.

We may update this policy periodically. Material changes will be communicated via email or an in-product notice at least 14 days before taking effect, consistent with the process described in our Terms of Service.

Privacy questions can be sent to [email protected] or through our contact page. We reply within 24 hours.