Privacy Policy

 

Navia AI Assistant / naviaassist.com

Last updated: 20.05.2026

This Privacy Policy explains how Navia EOOD / Navia LTD, UIC/EIK 208760135, operating the website naviaassist.com and the service Navia AI Assistant, collects, uses, stores, and protects personal data.

For the purposes of this Privacy Policy, “Navia”, “we”, “us”, or “our” refers to Navia EOOD / Navia LTD.

Contact email: info@naviaassist.com

1. Who we are

Navia is a digital technology company providing AI-powered business assistant solutions, website integrations, lead qualification tools, automation systems, and related digital services.

Our product, Navia AI Assistant, is an AI-powered chat assistant that can be integrated into websites in order to:

  • answer user questions;
  • guide website visitors;
  • collect inquiries;
  • qualify potential leads;
  • help businesses respond to customer needs more efficiently;
  • provide structured lead information through an admin dashboard.

Navia AI Assistant is not a human operator. It is an artificial intelligence-based system that generates responses based on user input, business-specific instructions, and external AI technology.

2. Scope of this Privacy Policy

This Privacy Policy applies to:

  • visitors of naviaassist.com;
  • users who interact with the Navia AI Assistant chat;
  • clients who use Navia AI Assistant on their websites;
  • client representatives who access the Navia admin panel;
  • persons who contact us by email or through forms;
  • business leads generated through the Navia AI Assistant.

If Navia AI Assistant is embedded on a client’s website, the website owner may also have their own Privacy Policy. In such cases, the client is responsible for informing its own website visitors about the use of Navia AI Assistant and the processing of personal data through the chat.

3. What personal data we may collect

Depending on how you use Navia AI Assistant or naviaassist.com, we may collect the following categories of data:

3.1. Contact data

We may collect:

  • name;
  • email address;
  • phone number;
  • company name;
  • website;
  • social media profile;
  • other contact details voluntarily provided in the chat or through a form.

3.2. Inquiry and communication data

We may collect:

  • messages sent through the AI chat;
  • questions asked by users;
  • information about requested services;
  • project details;
  • budget range;
  • business needs;
  • preferences;
  • conversation summaries;
  • lead qualification data.

3.3. Technical data

We may collect:

  • IP address;
  • browser type;
  • device type;
  • operating system;
  • website domain where the chat is used;
  • timestamps;
  • visitor/session identifiers;
  • error logs;
  • rate-limit logs;
  • language selection;
  • chat interaction history.

3.4. Admin panel data

For users with access to the Navia admin panel, we may process:

  • username;
  • hashed password;
  • assigned role;
  • client access permissions;
  • login/session data;
  • administrative actions performed inside the system.

Passwords are stored in hashed form and are not stored as plain text.

3.5. AI-generated data

The system may generate:

  • lead summaries;
  • lead scores;
  • suggested lead status;
  • inferred user intent;
  • structured lead fields;
  • conversation analysis.

AI-generated information may not always be complete or fully accurate and should be reviewed before being used for important business decisions.

3.6. Billing and subscription data

When a customer purchases a subscription or paid service through naviaassist.com, we may process billing and subscription-related information, including: subscription status, selected plan, billing cycle, payment status, invoice-related information, transaction identifiers, subscription renewal dates, cancellation status;
refund-related information.

Payments are processed securely through third-party payment providers such as Stripe. Navia does not store full payment card details on its own servers.

4. How we collect personal data

We may collect personal data when:

  • you use the Navia AI Assistant chat;
  • you submit information through a website form;
  • you contact us by email;
  • you request a demo, offer, consultation, or service;
  • you interact with Navia Assistant on a client website;
  • a client creates or manages an admin account;
  • the system generates technical logs for security and functionality.

We do not intentionally collect sensitive personal data unless you voluntarily provide it in the chat. Users should not submit sensitive information such as health data, legal case details, financial account data, government identification numbers, passwords, or confidential third-party information through the chat.

5. Why we process personal data

We process personal data for the following purposes:

5.1. To provide the Navia AI Assistant service

This includes:

  • enabling the chat functionality;
  • generating AI responses;
  • storing conversation history;
  • maintaining context during a conversation;
  • identifying returning visitors;
  • creating lead records;
  • displaying leads and conversations in the admin panel.

5.2. To respond to inquiries

We may use your contact details and inquiry information to:

  • respond to your questions;
  • prepare offers;
  • provide consultations;
  • contact you regarding your request;
  • follow up on business opportunities.

5.3. To qualify leads

Navia AI Assistant may analyze conversations to identify:

  • user needs;
  • requested service;
  • contact details;
  • urgency;
  • budget information;
  • lead quality;
  • potential business relevance.

5.4. To notify clients about new leads

When a valid lead is detected, Navia may send an email notification to the relevant client or website owner.

5.5. To improve and maintain the service

We may use technical and conversation data to:

  • fix bugs;
  • improve system performance;
  • monitor errors;
  • improve prompt quality;
  • optimize user experience;
  • prevent misuse or abuse;
  • detect suspicious activity.

5.6. To secure the service

We may process technical data to:

  • apply rate limits;
  • prevent spam;
  • protect OpenAI/API usage;
  • protect client data;
  • prevent unauthorized access;
  • investigate system misuse.

5.7. To comply with legal obligations

We may process and store certain information where required by applicable law, accounting rules, contractual obligations, or regulatory requirements.

5.8. To manage subscriptions and billing

We may process billing and subscription-related information in order to: manage recurring subscriptions, process payments;
handle renewals and cancellations, manage refunds, prevent payment fraud, maintain billing records, communicate regarding subscription status and payment-related matters.

6. Legal basis for processing

Depending on the context, we process personal data on one or more of the following legal bases:

6.1. Consent

When a user continues using the chat after being informed through the chat notice, the user may consent to the processing of data provided through the chat.

Example chat notice:

“By continuing, you agree to our Terms and Privacy Policy.”

6.2. Contractual necessity

We may process data where necessary to provide services requested by a client or user, including responding to inquiries, preparing offers, and delivering Navia AI Assistant functionality.

6.3. Legitimate interest

We may process data based on our legitimate interest in:

  • operating and improving the service;
  • securing the platform;
  • preventing misuse;
  • generating business leads;
  • supporting clients;
  • maintaining technical logs;
  • improving service quality.

6.4. Legal obligation

We may process data when required by law, including accounting, tax, compliance, legal claims, or regulatory obligations.

7. Use of artificial intelligence

Navia AI Assistant uses artificial intelligence to generate responses, analyze conversations, and structure lead information.

Users should understand that:

  • the assistant is not a human;
  • responses are AI-generated;
  • AI output may be incomplete, outdated, inaccurate, or unsuitable for a specific situation;
  • users should verify important information;
  • AI-generated responses should not be treated as professional advice.

Navia AI Assistant does not provide medical, legal, financial, tax, psychological, safety-critical, or other regulated professional advice.

If a user requires professional advice, they should consult a qualified expert.

The EU has introduced transparency expectations around AI systems that interact with natural persons; official EU materials for virtual assistants emphasize transparency, accountability, and explainability when AI tools interact with users.

8. OpenAI API and external AI providers

Navia AI Assistant may use third-party AI service providers, including OpenAI API, to generate answers and process user messages.

When a user sends a message through the chat, the content of the message and relevant conversation context may be transmitted to the AI provider in order to generate a response.

We aim to send only the information necessary for the functioning of the service.

Users should not submit sensitive or confidential information through the chat unless strictly necessary.

9. Data controller and data processor roles

Depending on the situation, Navia may act either as a data controller or as a data processor.

9.1. Navia as data controller

Navia acts as data controller when it determines the purposes and means of processing, for example:

  • when processing inquiries submitted directly through naviaassist.com;
  • when managing customer relationships;
  • when managing admin accounts;
  • when processing data for our own service security, support, billing, and business operations.

9.2. Navia as data processor

When Navia AI Assistant is installed on a client’s website and processes visitor data on behalf of that client, the client is usually the data controller and Navia acts as data processor.

In this case:

  • the client determines why the data is collected;
  • the client is responsible for informing its website visitors;
  • the client must include appropriate information in its own Privacy Policy;
  • Navia processes the data only for the purpose of providing the service.

9.3. Client responsibility

Clients using Navia AI Assistant must ensure that their own websites include appropriate privacy information, including:

  • that an AI assistant is used;
  • what data may be collected;
  • why the data is collected;
  • that conversations may be temporarily stored;
  • how users can exercise their rights.

10. Data storage and retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required by law.

10.1. Chat logs

Chat conversations may be stored for up to 60 days, unless a longer period is required for:

  • security investigation;
  • technical troubleshooting;
  • legal claims;
  • contractual obligations;
  • client-requested retention.

10.2. Lead data

Lead data may be stored for as long as necessary to support the client relationship, respond to inquiries, manage sales opportunities, or comply with contractual obligations.

Clients may request deletion of lead data related to their own account, subject to legal and technical limitations.

10.3. Admin account data

Admin account data is stored for as long as the account remains active or as long as necessary for security and audit purposes.

10.4. Technical and rate-limit logs

Technical logs may be stored for a limited period necessary to protect the service from abuse, spam, excessive requests, or unauthorized access.

11. Who has access to personal data

Access to personal data is limited to authorized persons and systems on a need-to-know basis.

Data may be accessed by:

  • Navia authorized administrators;
  • technical support personnel;
  • the relevant client or website owner;
  • authorized client admin users;
  • hosting providers;
  • AI/API service providers;
  • email service providers;
  • legal/accounting advisors where necessary.

We do not sell personal data.

European Commission privacy materials also describe access restrictions based on the “need to know” principle as a standard privacy practice for controlled access to personal data.

12. Sharing of personal data

We may share personal data only where necessary for the purposes described in this Privacy Policy.

This may include sharing data with:

12.1. Clients

If a user interacts with Navia AI Assistant on a client website, the inquiry and lead data may be shared with that client.

12.2. AI service providers

Messages and relevant context may be transmitted to AI service providers to generate responses.

12.3. Hosting and infrastructure providers

Data may be stored or processed through hosting infrastructure used to operate Navia AI Assistant.

12.4. Email providers

Lead notifications may be sent by email to relevant recipients.

12.5. Legal or regulatory authorities

We may disclose data where required by law, court order, regulatory request, or to protect our legal rights.

12.6. Payment providers

Payment and billing-related information may be processed through third-party payment providers such as Stripe in order to process transactions, recurring subscriptions, refunds, payment verification, and fraud prevention.

Navia does not store full payment card details on its own infrastructure.

13. International data transfers

Some third-party service providers, including AI and infrastructure providers, may process data outside the European Economic Area.

Where personal data is transferred outside the EEA, we aim to rely on appropriate safeguards such as:

  • adequacy decisions;
  • Standard Contractual Clauses;
  • contractual safeguards;
  • technical and organizational measures.

EU data protection guidance recognizes that international transfers require appropriate safeguards such as adequacy decisions, Standard Contractual Clauses, or other approved mechanisms.

14. Security measures

We apply technical and organizational measures intended to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure.

These measures may include:

  • access control;
  • role-based permissions;
  • hashed passwords;
  • domain restrictions;
  • rate limiting;
  • server-side API key protection;
  • log separation by client;
  • restricted admin access;
  • external configuration storage;
  • HTTPS connections;
  • regular technical review.

However, no online service can guarantee absolute security.

Users and clients are responsible for protecting their own login credentials and for ensuring that only authorized persons access the admin panel.

15. Cookies and local storage

Navia AI Assistant may use browser local storage or similar technologies to:

  • remember selected language;
  • remember visitor/session ID;
  • maintain conversation continuity;
  • store previous messages locally in the browser;
  • improve the user experience.

This allows the chat to continue working smoothly during a user session or when the user returns to the website.

Users can clear local storage through their browser settings.

If cookies or similar tracking tools are used on naviaassist.com or client websites, they may be subject to a separate Cookie Policy or cookie notice.

16. User rights

Depending on applicable law, users may have the following rights:

  • right of access;
  • right to rectification;
  • right to erasure;
  • right to restriction of processing;
  • right to object;
  • right to data portability;
  • right to withdraw consent;
  • right to lodge a complaint with a supervisory authority.

To exercise rights related to data processed directly by Navia, users may contact:

info@naviaassist.com

If the data was submitted through Navia AI Assistant on a client website, users may also need to contact the website owner, because the website owner may be the data controller.

17. Children’s data

Navia AI Assistant is intended for business and general website communication purposes.

We do not knowingly collect personal data from children.

If we become aware that a child has submitted personal data without appropriate consent, we will take reasonable steps to delete such data.

18. Sensitive data

Users should not submit sensitive personal data through the chat.

Sensitive data may include:

  • health information;
  • legal case details;
  • financial account information;
  • passwords;
  • government identification numbers;
  • biometric data;
  • data revealing political opinions;
  • religious beliefs;
  • sexual orientation;
  • trade union membership;
  • confidential business secrets.

If such information is submitted voluntarily, it may be processed as part of the conversation unless deletion is requested and technically possible.

19. AI output limitation

Navia AI Assistant may generate responses based on available instructions, user input, and AI model behavior.

We do not guarantee that AI-generated responses are:

  • always accurate;
  • complete;
  • up to date;
  • suitable for a specific purpose;
  • legally reliable;
  • medically reliable;
  • financially reliable;
  • technically error-free.

Users and clients should verify important information before relying on it.

Navia is not responsible for decisions made solely based on AI-generated responses.

20. Client admin panel

Clients may receive access to an admin panel where they can view:

  • leads;
  • chat logs;
  • contact details submitted by users;
  • lead summaries;
  • lead score;
  • conversation history;
  • lead status;
  • client-specific activity.

Clients are responsible for ensuring that their own admin users process personal data lawfully and securely.

Client admin users must not share login credentials with unauthorized persons.

21. Email notifications

When a valid lead is detected, Navia AI Assistant may send an email notification to the client’s designated email address.

The notification may include:

  • name;
  • phone;
  • email;
  • requested service;
  • budget;
  • summary;
  • conversation context;
  • lead status.

Clients are responsible for securing their email inboxes and handling received lead data lawfully.

22. Data deletion requests

Users or clients may request deletion of personal data by contacting:

info@naviaassist.com

Requests should include enough information to identify the relevant data, such as:

  • website/domain;
  • approximate date of conversation;
  • email or phone used;
  • visitor/session identifier if available.

We may refuse or limit deletion where retention is required for legal, security, contractual, or legitimate business reasons.

23. Data breach notification

If we become aware of a personal data breach that is likely to result in a risk to affected individuals, we will take appropriate steps in accordance with applicable data protection law.

This may include:

  • investigating the incident;
  • limiting further exposure;
  • notifying affected clients;
  • notifying competent authorities where required;
  • documenting the incident.

24. Third-party websites

naviaassist.com or Navia AI Assistant may contain links to third-party websites.

We are not responsible for the privacy practices, security, or content of third-party websites.

Users should review the Privacy Policy of any third-party website they visit.

25. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

The updated version will be published on naviaassist.com with a revised “Last updated” date.

Continued use of the website or service after changes are published means that users acknowledge the updated Privacy Policy.

26. Contact

For questions, requests, or privacy-related concerns, contact us at:

Navia EOOD / Navia LTD
UIC/EIK: 208760135
Email: info@naviaassist.com
Website: naviaassist.com