Legal

Privacy Policy

1. Introduction

Welcome to Navtech.io ("Navtech," "we," "our," or "us"). Navtech is an AI-focused software development company dedicated to building intelligent, scalable, and responsible technology solutions for businesses worldwide. Our services include AI model development, software engineering, data analytics, machine learning pipelines, and enterprise digital transformation.

We are deeply committed to protecting your privacy and handling your personal data with transparency, care, and legal compliance. This Privacy Policy explains how we collect, use, store, share, and safeguard information when you visit www.navtech.io, use our products, or engage with our services.

Scope of This Policy

  • Visitors to www.navtech.io and all subdomains
  • Clients and business partners using Navtech services
  • Users of Navtech-developed software products
  • Job applicants, contractors, and third-party integrators
  • Any individual whose data Navtech processes in delivering its AI services

2. Data Consent

Navtech processes personal data only with a valid legal basis. We obtain your consent or rely on another lawful basis before collecting and using your information.

2.1 How We Obtain Consent

  • Explicit consent obtained via clear opt-in mechanisms on forms, registration pages, and cookie banners.
  • Contractual necessity when processing data is required to fulfill a service agreement.
  • Legitimate interest for purposes such as improving our AI models, detecting fraud, or ensuring platform security.
  • Legal obligation when processing is required by applicable law or regulation.

2.2 Your Consent Rights

  • You may withdraw consent at any time by contacting privacy@navtech.io.
  • Withdrawal of consent will not affect the lawfulness of prior processing.
  • Where consent is required for AI-specific data processing, we will seek additional explicit consent with a clear explanation of the purpose.

3. What Data We Collect

Navtech collects data that is necessary, proportionate, and relevant to the purposes described in this policy. We collect information across three primary categories:

3.1 Information You Provide Directly

  • Identity data: Full name, job title, company name, email address, phone number.
  • Account data: Login credentials, profile information, preferences, and settings.
  • Communication data: Messages, emails, support tickets, and feedback submitted through our platform.
  • Contractual data: Information provided when entering service agreements, statements of work, or NDAs.
  • Payment data: Billing details and invoicing information (processed via PCI-compliant third parties).

3.2 Information Collected Automatically

  • Technical data: IP address, browser type, operating system, device identifiers, and session tokens.
  • Usage data: Pages visited, features used, time spent, clickstream behavior, and API call logs.
  • Log data: Server access logs, error logs, and security event logs.

3.3 AI-Related Data

  • Prompts and inputs submitted to Navtech-powered AI tools or models.
  • Model interaction logs used for safety monitoring and quality improvement.
  • Training data contributions (only with explicit separate consent).
  • Inference outputs generated during use of our AI services.

4. Why We Collect Data

We collect personal data for specific, explicit, and legitimate purposes only. The table below summarizes our data processing purposes and the legal basis for each:

Purpose Description Legal Basis
Service Delivery To provide, operate, and maintain our software and AI services. Contract
Account Management To manage user accounts, authentication, and subscriptions. Contract
AI Model Improvement To improve model performance, accuracy, and safety. Legitimate Interest
Security & Fraud Prevention To detect threats, prevent unauthorized access, and protect systems. Legitimate Interest
Legal Compliance To meet obligations under applicable laws and regulations. Legal Obligation
Communications To send service updates, alerts, and relevant product information. Consent / Contract
Analytics & Research To understand usage patterns and improve user experience. Legitimate Interest
Marketing All marketing communications include a one-click unsubscribe link. You may opt out at any time by emailing privacy@navtech.io. Opt-out requests are processed within 10 business days. Consent

5. How We Use Your Data

Your data is used only for the purposes stated and in ways that are compatible with the original collection intent. We do not use personal data for automated decision-making that produces legally significant effects without human review.

5.1 Service Operations

  • Authenticating users and maintaining secure, personalized access.
  • Processing service requests, project deliverables, and client communications.
  • Generating usage reports, dashboards, and insights for enterprise clients.

5.2 AI System Operations

  • Running inference pipelines on inputs submitted to Navtech AI tools.
  • Monitoring AI outputs for safety, bias, and regulatory compliance.
  • Conducting model evaluation and fine-tuning using anonymized or consented datasets.

5.3 Business Improvement

  • Aggregating anonymized usage data to identify usability issues and prioritize new features.
  • Conducting A/B testing and product experiments using de-identified data only.
  • Generating market insights and internal analytics reports.

6. Who We Share Your Data With

Navtech does not sell personal data. We share data only under the conditions described below and only with parties bound by appropriate data protection agreements.

Where Navtech provides AI-enabled services that rely on third-party foundation models or large language model (LLM) providers, client prompts, inputs, context data, and inference requests may be transmitted to such providers solely for the purpose of generating outputs and delivering contracted services. Navtech will identify applicable foundation model providers used in service delivery and maintain appropriate contractual protections governing such processing.

All third-party data processors are vetted for compliance, bound by data processing agreements, and prohibited from using personal data for their own purposes.

7. How We Protect Your Data

Navtech employs a defense-in-depth security strategy aligned with industry best practices and applicable security standards. Our security program covers technical, organizational, and physical safeguards.

7.1 Technical Safeguards

  • End-to-end encryption (TLS 1.3) for all data in transit.
  • AES-256 encryption for all data at rest across storage systems.
  • Zero-trust network architecture with least-privilege access controls.
  • Multi-factor authentication (MFA) enforced for all internal systems.
  • Regular penetration testing and vulnerability assessments.
  • Web Application Firewalls (WAF) and DDoS mitigation systems.

7.2 Organizational Safeguards

  • Designated Data Protection Officer (DPO) overseeing all privacy activities.
  • Navtech is a domain-specific AI development and enterprise software engineering company founded in 2013, headquartered at 1201 N Market St Ste 111 M76, Wilmington, DE 19801. Email: sales@navtech.io.
  • Mandatory privacy and security training for all employees.
  • Strict need-to-know access policies and role-based access control (RBAC).
  • Documented incident response plan with defined SLAs for breach notification.
  • Regular internal audits and third-party security reviews.

7.3 AI-Specific Security

  • AI model outputs are monitored for harmful, biased, or sensitive content.
  • Training datasets are stored in isolated, access-controlled environments.
  • Prompt injection and adversarial attack mitigations are implemented at the API layer.

8. Your Rights as a Data Subject

Depending on your jurisdiction and applicable law, you may exercise the following rights with respect to your personal data.

Navtech will not discriminate against individuals for exercising applicable privacy rights. Requests may be submitted through the contact methods identified in this Privacy Policy. Navtech may take reasonable steps to verify identity before fulfilling requests.

Sale or Sharing of Personal Information

Navtech does not sell personal information and does not share personal information for cross-context behavioral advertising purposes as those terms are defined under the CCPA/CPRA.

Sale or Sharing of Personal Information (California Residents)

Under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the "CCPA/CPRA"), certain disclosures of information may constitute a "sale" or "sharing" of Personal Information, even where no monetary payment occurs.

For purposes of this section:

  • "Personal Information" means information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household.
  • "Sell," "Selling," "Sale," or "Sold" generally means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating Personal Information to another business or third party for monetary or other valuable consideration.
  • "Share," "Shared," or "Sharing" means disclosing, making available, transferring, or otherwise communicating Personal Information to a third party for purposes of cross-context behavioral advertising, whether or not monetary or other valuable consideration is exchanged.
  • "Cross-Context Behavioral Advertising" means targeted advertising to a consumer based on Personal Information obtained from that consumer's activity across businesses, distinctly branded websites, applications, services, or platforms, other than advertising based solely on interactions with a single business.
  • Right of Access: Request a copy of all personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your personal data (subject to legal obligations).
  • Right to Restriction: Request we limit how we use your data in certain circumstances.
  • Right to Portability: Receive your data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interest or direct marketing.
  • Right to Withdraw Consent: Withdraw consent at any time without affecting prior processing.
  • Right Not to be Profiled: Object to purely automated decision-making with legal effects.

UK GDPR applies to Navtech's processing activities. Individuals in the United Kingdom have the right to reach the Information Commissioner's Office (ICO), which is the supervisory authority responsible for data protection and privacy regulation in the United Kingdom. Navtech encourages individuals to contact Navtech first so concerns can be addressed directly; however, this does not affect an individual's right to contact the ICO at any time.

To exercise any of the above rights, please submit a request to privacy@navtech.io. We will respond within one calendar month. For complex or multiple requests, this period may be extended by up to two further months; we will notify you of any extension within the initial one-month period. For California residents, we will respond within 45 days, extendable by a further 45 days where required.

9. AI-Specific Data Practices

As an AI software development company, Navtech applies additional safeguards and transparency measures for AI-related data processing.

9.1 Training Data Governance

  • Training datasets are sourced from licensed, public, or consented data sources only.
  • Personally identifiable information (PII) is removed or pseudonymized before use in training.
  • We maintain records of training data provenance and conduct regular bias audits.
  • Users who contribute data for model training must provide separate, explicit consent.

9.2 AI Inference and Inputs

  • Inputs submitted to our AI tools may be stored for quality assurance and safety review.
  • Inputs are not used to train foundation models without explicit user consent.
  • Sensitive data submitted inadvertently to AI systems is flagged, isolated, and not processed further.

9.3 Automated Decision-Making

  • Navtech does not make automated decisions with significant legal or personal consequences without human oversight.
  • Where AI-generated recommendations influence business outcomes, a human review layer is required.
  • Users may request a human review of any AI-generated output that has affected them.

9.4 Responsible AI Commitments

  • We adhere to principles of fairness, accountability, transparency, and explainability (FATE).
  • We conduct regular algorithmic impact assessments for high-risk AI applications.
  • We maintain an AI Ethics Committee responsible for reviewing and approving new AI use cases.

10. Data Security Program

Navtech maintains a formal Information Security Management System (ISMS) aligned with ISO/IEC 27001 principles.

Key Security Controls

  • Asset Classification: All data assets are classified by sensitivity (Public, Internal, Confidential, Restricted).
  • Access Management: RBAC, MFA, privileged access management (PAM), and session monitoring.
  • Incident Response: 24-hour on-call security team, defined P1–P4 severity tiers, and 72-hour breach notification SLA.
  • Vulnerability Management: Monthly automated scanning, quarterly manual penetration tests, and a responsible disclosure program.
  • Business Continuity: Geo-redundant backups, RPO < 4 hours, RTO < 8 hours for critical systems.
  • Supplier Security: All vendors undergo security assessment prior to onboarding and annually thereafter.
  • Data Loss Prevention (DLP): Controls preventing unauthorized extraction of sensitive data assets.

10.1 Data Breach Response

In the event of a data breach, Navtech will:

  • Contain the breach and conduct an immediate impact assessment within 24 hours.
  • Notify the relevant supervisory authority within 72 hours where required (e.g., under GDPR).
  • Notify affected individuals without undue delay if the breach poses a high risk to their rights.
  • Document the breach in our Breach Register and conduct a post-incident review.

11. Compliance & Regulatory Framework

Navtech is committed to operating in full compliance with applicable privacy, data protection, and AI regulations across the jurisdictions in which we operate. Navtech complies with applicable US state privacy laws, including but not limited to the Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), and Connecticut Data Privacy Act (CTDPA). Residents of these states may exercise rights equivalent to those described for California residents by contacting privacy@navtech.io.

Regulation / Standard Applicability Status
GDPR (EU/UK) Applicable to EU/UK residents & data transfers Compliant
DPDP Act 2023 (India) Applicable to Indian users & cross-border transfers Compliant
CCPA / CPRA (California) Applicable to California residents Compliant
ISO/IEC 27001 Information Security Management System framework Aligned*
SOC 2 Type II Security, availability & confidentiality controls In Progress
EU AI Act (2024) High-risk AI systems classification & obligations Assessment Ongoing
NIST AI RMF AI Risk Management Framework for responsible AI Aligned*
PCI DSS Payment card data security standards Via Certified Processors
UAE PDPL (Federal Decree-Law No. 45) Personal Data Protection Aligned*
UK GDPR Brexit/ICO Aligned*

* "Aligned" indicates Navtech's controls and practices are designed to meet the relevant standard. Certification is in progress where noted.

11.1 International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA) or India, Navtech ensures appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Binding Corporate Rules (BCRs) for intra-group transfers where applicable.
  • Transfer Impact Assessments (TIAs) conducted for high-risk destination countries.
  • Compliance with India's Digital Personal Data Protection Act (DPDP) cross-border transfer provisions.

12. Data Retention

Navtech retains personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law.

  • AI inference logs and inputs: Retained for 90 days for security and quality assurance purposes, or longer where a client's contractual agreement specifies an extended retention period, in which case the client's schedule governs.

13. Cookies & Tracking Technologies

Navtech uses cookies and similar tracking technologies on www.navtech.io. You can manage your cookie preferences through our Cookie Consent banner or browser settings.

  • Essential Cookies: Required for site functionality and security. Cannot be disabled.
  • Analytics Cookies: Help us understand how visitors interact with our website (e.g., Google Analytics). Require consent.
  • Preference Cookies: Remember your language, region, and display preferences. Require consent.
  • Marketing Cookies: Used to deliver relevant advertisements. Require explicit opt-in consent.

14. Policy Updates

Navtech reserves the right to update this Privacy Policy at any time. When we make material changes, we will:

  • Post the updated policy on www.navtech.io with the revised effective date.
  • Notify registered users via email at least 14 days prior to material changes taking effect.
  • Request renewed consent where changes affect how we use your personal data.

For processing activities based on legitimate interest or contractual necessity, continued use following notification of changes constitutes acknowledgement of the updated policy. Where changes affect processing based on consent, we will seek your renewed consent before those changes take effect.

© 2026 Navtech.io. All rights reserved. | www.navtech.io
This document is for informational purposes. For legal advice, consult a qualified attorney.