Privacy Policy
Naviooai ("we", "us") provides an AI chat platform that businesses use to build and embed assistants on their websites. This policy explains what personal data we process, why, and the rights you have. It covers our website, the dashboard and the embeddable chat widget.
1. Who is responsible for your data
For our own customers (account holders), Naviooai is the data controller. For end-user conversations that flow through a customer's chatbot, the customer is the controller and Naviooai acts as a data processor on their behalf.
2. Data we collect
- Account data: name, work email, company name and a hashed password.
- Content you provide: knowledge base material, bot configuration, and uploaded files used to train assistants.
- Conversation data: messages exchanged with a bot, timestamps, the page the visitor was on, and any details a visitor volunteers (for example via a lead form).
- Usage & log data: server logs including IP address and browser type, used for security and reliability.
- Cookies & local storage: this website sets no cookies and runs no analytics or tracking. The dashboard keeps your login session in your browser's local storage.
3. How we use data
To provide and secure the service; to generate AI responses using retrieval over your own content; to provide support; to send service communications and, where you signed up for them, product updates (which you can opt out of at any time); and to comply with legal obligations. Our lawful bases are contract, legitimate interests, consent (for the newsletter) and legal obligation.
4. AI processing
Assistant replies are generated by large-language-model providers acting as our sub-processors. We send the relevant conversation context and retrieved knowledge to produce a response. We do not use your or your end-users' content to train third-party foundation models, and our model providers commit to not training on API data.
5. Sharing & sub-processors
We share data only with the sub-processors that help us run the service: cloud hosting and database infrastructure, AI model and embedding providers, and email delivery. The current list is on the GDPR page. We never sell personal data.
6. International transfers
Our primary infrastructure is hosted in the EU. Where data is transferred outside the EEA (for example to AI model providers), we rely on adequacy decisions or Standard Contractual Clauses with appropriate safeguards.
7. Retention
Account data is kept for the life of your account and deleted or anonymised after closure, unless we must retain it for legal reasons. Conversation retention is configurable so conversations can expire automatically after a period you choose.
8. Your rights
Subject to applicable law, you may access, correct, delete, restrict or object to processing of your personal data, and request portability. Reach us via the contact page. You may also lodge a complaint with your local data-protection authority.