Privacy Notice
Last updated: June 30, 2026
1. Who we are
Navrio is operated by Mayank Kumar Pathak, an individual sole proprietor based in India ("we", "us"). We act as the data controller for the personal data we collect through the Service.
2. Data we collect
- Account data: name, email, hashed password, login credentials.
- Customer content: clients, projects, invoices, documents, AI chats you create.
- Support messages: emails or chats you send us.
- Usage and telemetry: pages visited, features used, error logs.
- Device data: IP address, browser, OS, device identifiers.
- Billing identifiers: a reference to your subscription and customer record at Paddle. Payment card details are collected and stored by Paddle, not by us.
3. Why we use it
- Create and operate your account (legal basis: contract performance).
- Provide the Service and its AI features (contract performance).
- Protect against fraud, abuse, and security threats (legitimate interests).
- Improve and debug the Service (legitimate interests).
- Respond to support requests (contract performance).
- Send important service announcements (legitimate interests / legal obligation).
- Send marketing only with your consent, which you can withdraw at any time.
4. Who we share data with
- Paddle — our Merchant of Record, for sales, subscription management, payments, tax compliance, and invoicing.
- Hosting and infrastructure providers — for storing data and running the Service.
- AI model providers — when you use AI features, your prompts and relevant content are processed by AI providers to generate responses.
- Professional advisers — legal, accounting, where reasonably needed.
- Authorities — when required by law or to protect rights and safety.
5. Data retention
We keep your data while your account is active. After account closure, we delete or anonymise personal data within 90 days, except where we are required to retain it (for example, tax and accounting records). Backups are rotated on a regular schedule.
6. Your rights
Subject to applicable law (including the Indian DPDP Act and, where relevant, GDPR/UK GDPR), you can request access, correction, deletion, restriction, portability, and object to certain processing. You can withdraw consent at any time. If you are in the UK or EEA, you also have the right to lodge a complaint with your local supervisory authority. We respond to requests within one month.
7. International transfers
Some of our service providers may process data outside your country, including outside the UK/EEA. Where this happens for users in the UK/EEA, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.
8. Security
We use appropriate technical and organisational measures including encryption in transit, access controls, and least-privilege role separation. No system is perfectly secure; please use a strong, unique password.
9. Cookies
We use essential cookies needed to sign you in and keep your session secure. We do not use third-party advertising cookies. You can clear or block cookies in your browser; some Service features may stop working.
10. Children
The Service is not directed to children under 16. We do not knowingly collect personal data from them.
11. Changes
We may update this Notice. Material changes will be communicated via the Service or by email.
12. Contact
To exercise your rights or ask privacy questions, email support@navrio.lovable.app.