Skip to main content
← Back to Home

Privacy Policy

Last Updated: November 18, 2025

Effective Date: November 18, 2025

Introduction

Welcome to Naviask AI. We are committed to protecting your privacy and handling your personal information responsibly. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered business consultation platform (the "Service").

Our Privacy-First Commitment: We believe in minimal data collection and maximum privacy protection. We do not retain your business consultation data after your session ends, and we never sell your personal information to third parties.

Please read this Privacy Policy carefully. By accessing or using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, do not use our Service.

1. Information We Collect

We collect several types of information from and about users of our Service.

1.1 Information You Provide to Us

Account Information

When you create an account, we collect:

  • Name
  • Email address
  • Company/business name (optional)
  • Password (encrypted)

Consultation Information

During your consultation session, we collect:

  • Business information you share (industry, size, challenges, goals)
  • Your responses to consultation questions
  • Pain points and objectives you describe
  • Budget and implementation timeline preferences

Payment Information

When you purchase a report, we collect:

  • Billing name
  • Payment method information (processed by our payment processor)
  • Billing address
  • Transaction details

Note: We do not store complete credit card numbers. Payment processing is handled by our third-party payment processor (Stripe), which is PCI DSS compliant.

Communications

We collect information when you:

  • Contact our customer support
  • Respond to surveys or feedback requests
  • Subscribe to our newsletter or marketing communications
  • Participate in promotions or contests

1.2 Information We Collect Automatically

Usage Information

When you use our Service, we automatically collect:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Pages viewed and time spent on pages
  • Links clicked
  • Referring website
  • Date and time of access
  • General location information (city/state level, derived from IP address)

Technical Information

We collect:

  • Log files (server logs, error logs)
  • Device identifiers
  • Session data
  • Performance metrics

1.3 Information From Third Parties

We may receive information about you from:

  • Payment processors (transaction confirmations)
  • Authentication services (if you use social login)
  • Analytics providers (aggregated usage data)

We do not purchase or obtain personal information from data brokers or third-party marketing lists.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 To Provide and Improve Our Service

  • Process consultations: Analyze your business information to generate AI-powered recommendations
  • Generate reports: Create personalized strategic reports with tool recommendations and ROI projections
  • Deliver purchased content: Provide access to reports you have purchased
  • Process payments: Complete transactions and send confirmation emails
  • Communicate with you: Send service-related notifications, updates, and support responses
  • Improve our Service: Analyze usage patterns to enhance features, functionality, and user experience

2.2 For Business Operations

  • Account management: Maintain and administer your account
  • Customer support: Respond to inquiries and resolve issues
  • Fraud prevention: Detect and prevent fraudulent transactions and unauthorized access
  • Security: Protect against security threats and maintain system integrity
  • Legal compliance: Comply with legal obligations and enforce our Terms of Service

2.3 For Marketing and Analytics (With Your Consent)

  • Marketing communications: Send promotional emails about our Service (you can opt-out anytime)
  • Usage analytics: Understand how users interact with our Service
  • Product development: Identify features and improvements users want

2.4 Aggregated and De-Identified Data

We may create aggregated or de-identified data from your information that cannot reasonably be used to identify you. We use this data for:

  • Industry research and insights
  • Product improvement
  • Marketing and business analytics
  • Public reports or presentations

This aggregated data is not considered personal information and may be used and shared without restriction.

3. Data Retention and Deletion

3.1 Our Privacy-First Approach

Consultation Data Deletion: We are committed to minimal data retention. Once your consultation session ends and any purchased report has been delivered, we permanently delete all consultation-specific data, including:

  • Business information you shared during the consultation
  • Your responses to consultation questions
  • Analysis data generated during the session
  • Temporary session data

What This Means: We do not keep a history of your consultation conversations or business details beyond what is necessary to deliver your service.

3.2 What We Do Retain

For legitimate business purposes, we retain:

Account Information

Your name, email, and account credentials

Retention period: Until you request account deletion or 3 years of inactivity

Transaction Records

Payment history and receipts (for accounting and tax compliance)

Purchased report metadata (purchase date, report title, amount paid)

Retention period: 7 years (required for financial record-keeping)

Support Communications

Customer service correspondence

Retention period: 3 years from last communication

Legal and Security Records

Records needed to comply with legal obligations

Security incident logs

Retention period: As required by law or until no longer needed

3.3 Report Access

Reports you have purchased remain available to you for download through your account. If you delete your account, you will lose access to purchased reports unless you have saved them locally.

3.4 Backup Copies

Backup copies of deleted data may persist in our backup systems for up to 90 days, after which they are permanently removed. These backups are used solely for disaster recovery and are not accessible for any other purpose.

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We share your information only in the limited circumstances described below:

4.1 Service Providers

We share information with trusted third-party service providers who perform services on our behalf, including:

AI Processing Providers

  • OpenAI (GPT-4 for consultation processing)
  • Anthropic (Claude for conversational interfaces)

These providers process your consultation input to generate recommendations and reports. They are contractually required to use your data only for providing services to us and not for their own purposes.

Payment Processors

  • Stripe (payment processing and transaction management)

Stripe handles payment information according to PCI DSS standards. We do not store complete credit card information.

Infrastructure Providers

  • Render (hosting and infrastructure)
  • PostgreSQL database hosting

These providers host our Service and store data on our behalf with strong security measures.

Communication Services

  • Email service providers (for transactional and marketing emails)
  • Customer support tools

All service providers are carefully vetted and bound by contractual obligations to protect your data and use it only as we direct.

4.2 Business Transfers

If Naviask AI is involved in a merger, acquisition, asset sale, or bankruptcy, your personal information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our Service of any change in ownership or use of your personal information.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Valid legal processes (subpoenas, court orders, warrants)
  • Government or law enforcement requests
  • National security requirements
  • Legal claims or disputes

We will notify you of such requests unless prohibited by law.

4.4 Protection of Rights

We may disclose information to:

  • Enforce our Terms of Service
  • Protect our rights, property, or safety
  • Protect the rights, property, or safety of our users or the public
  • Detect, prevent, or address fraud, security, or technical issues

4.5 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

5. Third-Party AI Processing

5.1 How AI Processing Works

Our Service uses artificial intelligence to analyze your business information and generate recommendations. This requires sharing your consultation input with third-party AI providers:

What Information Is Shared

When you engage in a consultation, the information you provide (business details, challenges, goals, budget) is transmitted to:

  • OpenAI for analysis and recommendation generation
  • Anthropic for conversational processing

How It's Used

These AI providers process your information solely to generate your consultation results. Your data:

  • Is transmitted securely over encrypted connections
  • Is processed in real-time to generate your recommendations
  • Is NOT used to train or improve AI models (per our agreements with providers)
  • Is NOT retained by AI providers beyond the immediate processing window

5.2 Data Processing Agreements

We have data processing agreements with our AI providers that require them to:

  • Use your data only to provide services to us
  • Implement appropriate security measures
  • Not retain your data beyond what's necessary for processing
  • Not use your data for their own purposes or model training

5.3 Your Control

By using our Service, you consent to this AI processing. If you do not wish your information to be processed by AI providers, you should not use our consultation Service.

6. Cookies and Tracking Technologies

6.1 What Are Cookies

Cookies are small text files placed on your device by websites you visit. We use cookies and similar tracking technologies to enhance your experience and gather information about how you use our Service.

6.2 Types of Cookies We Use

Essential Cookies (Required)

  • Authentication cookies (keep you logged in)
  • Security cookies (protect against fraud)
  • Session management cookies

These cookies are necessary for the Service to function and cannot be disabled.

Analytics Cookies (Optional)

  • Usage tracking to understand how visitors interact with our Service
  • Performance metrics to identify and fix issues

Marketing Cookies (Optional)

  • Track effectiveness of marketing campaigns
  • Personalize advertising (if applicable)

6.3 How to Control Cookies

Browser Settings

You can set your browser to refuse all or some cookies, or to alert you when cookies are being sent. Note that if you disable essential cookies, some features of the Service may not function properly.

6.4 Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. Currently, there is no universal standard for how to respond to DNT signals. Our Service does not currently respond to DNT signals, but you can use the cookie controls described above to manage tracking.

6.5 Third-Party Links

Our Service may contain links to third-party websites, tools, or services that we recommend. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any information to them.

7. Data Security

7.1 Our Security Measures

We implement appropriate technical and organizational security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. These measures include:

Technical Safeguards

  • Industry-standard encryption for data in transit (TLS/SSL)
  • Encryption for sensitive data at rest
  • Secure password storage using industry-standard hashing algorithms
  • Regular security audits and vulnerability assessments
  • Firewalls and intrusion detection systems
  • Multi-factor authentication for administrative access
  • Secure API connections to third-party services

Organizational Safeguards

  • Access controls limiting employee access to personal information
  • Confidentiality obligations for employees and contractors
  • Regular security training for personnel
  • Incident response procedures
  • Vendor security assessments

Infrastructure Security

  • Secure hosting with reputable cloud providers
  • Regular backups with encryption
  • Database access logging and monitoring
  • Network segmentation

7.2 Limitations of Security

While we use reasonable security measures to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information. You are responsible for:

  • Maintaining the confidentiality of your account password
  • Restricting access to your devices
  • Logging out after using shared devices
  • Notifying us immediately of any unauthorized access

7.3 User Responsibilities

To protect your account:

  • Use a strong, unique password
  • Do not share your password with others
  • Enable multi-factor authentication if available
  • Keep your contact information up to date
  • Review your account activity regularly

8. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information.

8.1 Access and Portability

You have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Portability: Receive your information in a structured, machine-readable format

8.2 Correction

You have the right to:

  • Correct: Request that we correct inaccurate or incomplete personal information
  • Update: Modify your account information at any time through your account settings

8.3 Deletion

You have the right to:

  • Delete: Request deletion of your personal information ("right to be forgotten")
  • Account Deletion: Delete your entire account through your account settings

Note: We may retain certain information as required by law or for legitimate business purposes (e.g., transaction records for tax compliance).

8.4 Restriction and Objection

You have the right to:

  • Restrict: Request that we limit how we process your information
  • Object: Object to processing of your information for direct marketing purposes

8.5 Withdraw Consent

Where we rely on your consent to process information, you have the right to:

  • Withdraw consent: Withdraw your consent at any time

Note: This does not affect the lawfulness of processing before withdrawal.

8.6 Opt-Out of Marketing

You have the right to:

  • Unsubscribe: Opt-out of marketing emails at any time by clicking the "unsubscribe" link in any marketing email
  • Preferences: Manage your communication preferences in your account settings

8.7 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

  • Email: help@naviask.ai
  • Subject Line: "Privacy Rights Request"
  • Include: Your name, email address, and specific request

We will respond to your request within:

  • 30 days for most requests
  • 45 days for complex requests (with notice of extension)
  • 60 days for California residents under CCPA

We may need to verify your identity before processing your request. We will not discriminate against you for exercising your privacy rights.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

9.1 Categories of Personal Information We Collect

We collect the following categories of personal information:

CategoryExamplesCollected?
IdentifiersName, email, IP address, account ID✓ Yes
Commercial InformationPurchase history, transaction records✓ Yes
Internet ActivityBrowsing history, interactions with Service✓ Yes
Professional InformationBusiness name, industry, role✓ Yes
InferencesPreferences, interests, behavior predictions✓ Yes
Financial InformationPayment method, billing address✓ Yes (via payment processor)
Geolocation DataGeneral location (city/state from IP)✓ Yes
Biometric Information-✗ No

9.2 Sensitive Personal Information

Under CPRA, certain information is classified as "sensitive personal information." We do NOT knowingly collect:

  • Social Security numbers
  • Driver's license numbers
  • Precise geolocation
  • Racial or ethnic origin
  • Religious or philosophical beliefs
  • Union membership
  • Genetic or biometric data
  • Health information
  • Sexual orientation
  • Citizenship or immigration status

9.3 Sharing Personal Information

We share personal information with the categories of third parties described in Section 4 of this Privacy Policy.

We do NOT sell or share your personal information for cross-context behavioral advertising.

9.4 Your California Privacy Rights

As a California resident, you have the right to:

  • Right to Know: Request information about personal information we have collected, used, disclosed, or sold about you in the past 12 months
  • Right to Delete: Request deletion of your personal information (subject to certain exceptions)
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out: Opt-out of the sale or sharing of your personal information (Note: We do NOT sell or share personal information)
  • Right to Non-Discrimination: Not be discriminated against for exercising your privacy rights

9.5 How to Exercise Your California Rights

Submit a Request:

  • Email: help@naviask.ai
  • Subject: "California Privacy Rights Request"
  • Include: Your name, email, California residency, and specific request

Response Timeline:

  • We will respond within 45 days of receipt
  • We may extend by an additional 45 days if necessary (with notice)

No Fee:

We do not charge a fee for processing requests. For excessive, repetitive, or manifestly unfounded requests, we may charge a reasonable fee or refuse the request.

10. Other State Privacy Rights

If you reside in certain other U.S. states, you may have additional privacy rights under state law.

10.1 States with Comprehensive Privacy Laws

The following states have enacted comprehensive privacy laws with rights similar to CCPA:

  • Virginia (VCDPA)
  • Colorado (CPA)
  • Connecticut (CTDPA)
  • Utah (UCPA)

10.2 Your Rights in These States

Residents of the states listed above generally have the right to:

  • Access your personal information
  • Correct inaccurate personal information
  • Delete your personal information
  • Opt-out of the sale of personal information
  • Opt-out of targeted advertising
  • Data portability (receive data in portable format)

Note: We do NOT sell personal information or engage in targeted advertising.

10.3 How to Exercise Your State Rights

Follow the same process described in Section 8.7 for exercising your rights. Include your state of residence in your request.

11. Children's Privacy

11.1 Age Restriction

Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from anyone under 18.

11.2 Parental Notice

If you are a parent or guardian and believe your child under 18 has provided us with personal information, please contact us immediately at help@naviask.ai. We will take steps to delete such information from our systems.

11.3 Verification

By using our Service, you represent that you are at least 18 years old. If you are under 18, you may not use the Service.

12. International Users

12.1 Service Location

Our Service is operated from the United States and is intended primarily for users in the United States.

12.2 Data Transfers

If you access our Service from outside the United States, please be aware that:

  • Your information will be transferred to and processed in the United States
  • The United States may have data protection laws that differ from your country
  • By using our Service, you consent to this transfer and processing

12.3 Third-Party Processing Locations

Our AI processing providers (OpenAI and Anthropic) may process data in various locations globally. They maintain appropriate safeguards for international data transfers.

12.4 European Economic Area (EEA) Users

If you are located in the EEA, please note:

  • Our Service is currently US-focused and may not fully comply with GDPR
  • We recommend EEA residents review whether our Service is appropriate for their needs
  • If you use our Service from the EEA, your data will be transferred to the US

12.5 Legal Basis for Processing (GDPR)

For users in jurisdictions where we must establish a legal basis for processing, we process your information under:

  • Consent: When you have given clear consent for specific purposes
  • Contract: To fulfill our contractual obligations to you
  • Legal obligations: To comply with legal requirements
  • Legitimate interests: For our business operations, where not overridden by your rights

13. Data Breach Notification

13.1 Our Commitment

We take data security seriously and will take appropriate action in the event of a data breach involving your personal information.

13.2 Notification Process

In the event of a data breach that affects your personal information, we will:

  • Investigate the breach promptly
  • Notify affected users via email to the address on file
  • Notify relevant regulatory authorities as required by law
  • Provide information about the breach, including what information was affected, what steps we are taking, and what steps you can take to protect yourself

13.3 Timeline

We will provide notification:

  • Without unreasonable delay
  • Within 72 hours of discovering the breach (for regulatory authorities where required)
  • As soon as practicable for affected individuals

13.4 Your Actions

If you receive a breach notification from us:

  • Change your password immediately
  • Monitor your accounts for suspicious activity
  • Review your credit reports if financial information was affected
  • Contact us with any questions or concerns

14. Changes to This Privacy Policy

14.1 Right to Modify

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

14.2 Notice of Changes

When we make changes, we will:

  • Update the "Last Updated" date at the top of this Privacy Policy
  • Notify you via email if changes are material
  • Post a prominent notice on our Service
  • Provide reasonable advance notice for material changes

14.3 Material Changes

For material changes that significantly affect your rights or how we handle your information, we will:

  • Provide at least 30 days' notice before changes take effect
  • Obtain your consent where required by law

14.4 Continued Use

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree to the changes, you must stop using the Service and may delete your account.

15. Contact Us

15.1 Privacy Questions

If you have questions, concerns, or complaints about this Privacy Policy or our privacy practices, please contact us at:

Naviask AI

Privacy Officer

Email: help@naviask.ai

Subject Line: "Privacy Inquiry"

Website: https://naviask.ai

15.2 Response Time

We will respond to your inquiries within:

  • 5 business days for general questions
  • 30-45 days for formal privacy rights requests
  • Immediately for urgent security matters

15.3 Dispute Resolution

If you are not satisfied with our response to your privacy inquiry, you may:

  • Request escalation to our legal team
  • Contact your state's Attorney General or consumer protection office
  • File a complaint with the Federal Trade Commission (FTC)
  • For California residents: Contact the California Attorney General

Additional Information

Your Privacy Choices at a Glance

ChoiceHow to Exercise
Access your dataEmail help@naviask.ai or use account settings
Correct your dataUpdate in account settings or contact us
Delete your dataRequest via email or delete account in settings
Opt-out of marketingClick "unsubscribe" in emails or adjust preferences
Manage cookiesBrowser settings or Cookie Preference Center
Delete accountAccount settings or contact support

Key Privacy Facts About Naviask AI

We do NOT sell your personal information
We do NOT share data for advertising purposes
We do NOT retain consultation data after your session
We do NOT use your data to train AI models
We do NOT collect sensitive personal information
We encrypt data in transit and at rest
We limit employee access to your information
We conduct regular security audits

Privacy-First Features

  • Immediate data deletion after consultation ends
  • No data brokers or third-party marketing lists
  • Transparent AI processing with clear disclosures
  • User control over communication preferences
  • Easy account deletion at any time
  • No hidden data collection or tracking

By using Naviask AI, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein.