Privacy Policy

Last updated: April 27, 2026

NavoOS ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the NavoOS mobile application ("App"). Please read this policy carefully. If you disagree with its terms, please discontinue use of the App.

1. Information We Collect

We may collect the following categories of information:

Account Information: Email address and display name when you register.
Profile Information: Optional profile photo and any details you choose to add.
Vault Content: Documents, notes, photos, audio, video, and any other files you store in your vault. This content is encrypted on your device before upload — NavoOS staff cannot read the contents of your vault.
Sensitive Personal Data: Because NavoOS is a digital-legacy platform, your vault may contain sensitive categories of personal information, including advance directives, personal letters, will documents, funeral wishes, and medical records. You choose what you store; we never require this information. By storing such content you consent to its processing under the terms of this policy.
Keyholder & Verifier Relationships: The names and email addresses of people you designate as keyholders (who receive your files) and verifiers (who confirm your passing).
Subscription Information: Subscription tier and transaction records, processed by Apple App Store and managed via RevenueCat. We do not store your payment card details.
Usage Data: Inactivity timer settings, warning preferences, and app configuration.
Device Information: Device type and operating system version, used for compatibility and support.
Diagnostic Data: Anonymous crash reports to help us fix bugs. No vault content is ever included.

2. How We Use Your Information

To provide, operate, and maintain the NavoOS App and its features.
To manage your account, subscription, keyholders, and verifiers.
To send inactivity check-in notifications as configured by you.
To notify keyholders and verifiers when your inactivity timer fires or when you choose to share access.
To respond to support requests and inquiries.
To improve the App and develop new features.
To comply with legal obligations.

3. Encryption & Security

Plain-English summary: Your files are locked on your phone before they leave it. Only you and the people you choose can ever unlock them. We cannot read your vault.

All vault files, notes, and media are encrypted on your device using AES-256-CBC before upload. The server stores only ciphertext — never the original content. Your vault key is stored in our database and protected by Row-Level Security (RLS), meaning database queries are enforced at the server level so only authorised users can retrieve it.

All data in transit is protected by TLS 1.2 or higher. Supabase encrypts all data at rest using AES-256, including daily backups. No method of internet transmission is 100% secure; we implement industry-standard measures to minimise risk.

Security incident notification: In the event of a confirmed data breach, Supabase is contractually obligated to notify us within 48 hours. We will in turn notify affected users as required by applicable law.

4. Third-Party Services

We use the following third-party services. Each has its own privacy practices:

Supabase – Database, authentication, and file storage. Data is hosted on AWS infrastructure in the United States. Privacy Policy
OpenAI – Supabase uses OpenAI for certain internal natural language processing features. This is governed by Supabase's Data Processing Agreement with OpenAI and does not involve your vault content. Privacy Policy
RevenueCat – Subscription and in-app purchase management. Privacy Policy
Apple App Store – Payment processing for subscriptions. Privacy Policy
Google AdMob – Banner advertising (when enabled on free tier). AdMob uses standard mobile ad identifiers. Your vault content is never shared with AdMob. Privacy Policy

5. Keyholders, Verifiers & Legacy Features

NavoOS allows you to designate:

Keyholders – Trusted people who receive access to files you have shared with them, but only after your verifiers confirm your passing or your inactivity timer fires and they unlock access.
Verifiers – Trusted people who confirm your passing to trigger the unlock process. A minimum number of verifiers must confirm before files are released.
Emergency Contacts – People with immediate access to your emergency vault (a separate, always-accessible space for time-sensitive documents).

You control exactly what each person can access. We do not independently verify the identities of people you add — you are responsible for the email addresses you provide.

6. Data Retention & Deletion

We retain your account and vault data for as long as your account is active.

In-app deletion: You can permanently delete your account directly from the NavoOS app (Profile → Delete Account). This immediately and permanently removes your encrypted files, vault keys, journal entries, keyholder and verifier relationships, and your profile. This action cannot be undone. Your keyholders will lose all access to your legacy.

By email: You may also request account deletion by contacting privacy@navoos.com. Removal will occur within 30 days, except where retention is required by law.

7. Children's Privacy

NavoOS is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately at privacy@navoos.com.

8. Your Rights

Depending on your location (including rights under GDPR, CCPA, and other applicable laws), you may have the right to:

Access the personal data we hold about you.
Request correction of inaccurate data.
Request deletion of your data (also available in-app).
Object to or restrict processing of your data.
Data portability — export your vault content.
Withdraw consent for processing of sensitive personal data at any time.

To exercise these rights, contact us at privacy@navoos.com or use the in-app controls.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last updated" date at the top of this page. Continued use of the App after changes constitutes your acceptance of the revised policy.

10. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:

Email: privacy@navoos.com
Website: navoos.com