Navio

Navio Privacy Policy

Last updated: April 25, 2026

Your privacy is important to us. This Privacy Policy explains how Navio Legal Inc. (“Navio,” “we,” “us”) collects, uses, and processes your personal information in relation to our website (naviolegal.com), our web app (app.naviolegal.com), and our interactions with you (collectively, the “Services”). Capitalized terms not defined here have the meanings given to them in our Terms of Use.

Summary

This summary is provided for convenience only. Please read each section in full below to fully understand your rights.

  • Data Controller: For individual accounts, Navio is the data controller. You can reach us at support@naviolegal.com or Navio Legal Inc., 1705-255 Village Green Square, Toronto, Ontario, M1S 0L7. For business accounts, the company linked to the account is the data controller; please direct all data-related concerns to that company.
  • Local Processing: Navio processes your documents entirely within your browser. We do not transmit, store, or retain your uploaded documents, generated output, or processing rules on our servers - they remain on your device.
  • Access to Your Data: We obtain your personal information from (i) you; (ii) third-party services we use to operate the Services; and/or (iii) information generated automatically when you use the Services.
  • Types of Data: We primarily collect account, billing, support, and analytics data. We do not collect the contents of your documents.
  • Who has Access: Your data is shared only with our service providers (such as payment, hosting, and analytics processors), all of whom are contractually obligated to protect it.
  • Retention: We retain your data for as long as your account is active, or up to two years if your account is inactive. To request earlier deletion, contact support@naviolegal.com.
  • Storage: Account data is typically stored on servers in Canada and the United States.
  • Your Rights: You have rights to access, correct, delete, restrict, port, and object to processing of your personal information, subject to legal limitations.
  • Complaints: You can contact the Office of the Privacy Commissioner of Canada or the supervisory authority in your country.
  • California Residents: See Section 14 for your specific rights under the CCPA.

1. Data Controller

Unless otherwise stated in this Privacy Policy, Navio Legal Inc. controls the personal information collected and processed through your use of the Services. For any data-related inquiries, you may contact us at support@naviolegal.com or Navio Legal Inc., 1705-255 Village Green Square, Toronto, Ontario, M1S 0L7.

If your use of the Services is linked to a Business User account, the associated company or legal entity (“Third Party Controller”) acts as the controller of your personal information. In this case, Navio serves as a processor and handles your personal information solely based on the Third Party Controller’s written requests and instructions. We can provide you with the contact details of the Third Party Controller upon request and direct any queries you have about your data to them. The Third Party Controller’s privacy policy will offer additional details on how your personal information is managed, including its usage, legal basis for processing, retention period, and your rights.

2. Local Processing of Your Documents

The Navio web app processes your documents entirely within your browser. When you upload a PDF, it is loaded into your browser’s memory and processed locally on your device. Navio does not transmit, store, retain, or back up your uploaded documents, generated output (such as bookmarked or linked PDFs), or any rules, preferences, or settings governing how documents are processed. All such User Content remains on your device, and you retain sole possession of and responsibility for storing, backing up, and securing it.

We do not have access to the contents of your documents. We cannot read, search, copy, share, or recover them, and we cannot restore them if they are lost from your device.

3. Access to Your Data

We obtain your personal information from (i) you, when you create an account, make a payment, contact support, or otherwise interact with the Services; (ii) third parties we use to operate the Services (such as payment processors and analytics providers); and/or (iii) information generated automatically when you use the Services (such as usage logs).

4. Types of Data We Collect and Why

4.1. Account and Subscription Data

  • Data: First and last name, email address, password (stored as a hashed value), and subscription details such as plan type, current and past subscription history, including start and end dates.
  • Purpose: Maintaining accurate account details, authenticating you, and supporting our subscription features.
  • Legal basis: Necessary for us to perform our obligations to you and to maintain an adequate account history.

4.2. Billing Data

  • Data: Billing name, billing address, last four digits of payment card, and transaction history. Full payment card numbers are collected and stored by our payment processor (Stripe) and are not retained by Navio.
  • Purpose: Processing payments, issuing receipts, and managing recurring subscriptions.
  • Legal basis: Necessary to fulfill our contractual obligations and comply with tax and accounting laws.

4.3. Account Security Data

  • Data: Login timestamps, IP address at sign-in, and other security signals related to your account.
  • Purpose: Maintaining and ensuring a secure environment, detecting unauthorized access, and protecting your account.
  • Legal basis: Necessary to keep our Services and your data secure.

4.4. Support Data

  • Data: Your contact details, browser type, operating system, and information you provide when contacting us about the Services.
  • Purpose: Providing support and resolving issues.
  • Legal basis: Necessary to provide support and to ensure the Services work correctly.

4.5. Web App Analytics Data

  • Data: Click behaviour, feature usage, language preferences, time zone, IP address, browser type, operating system, and device characteristics. Analytics data does not include the contents of your documents.
  • Purpose: Understanding how the Services are used so we can research, develop, and improve them.
  • Legal basis: Necessary for our legitimate interest in developing and improving the Services.

4.6. Website Analytics Data

  • Data: Click behaviour, browser type, language preferences, time zone, IP address, referral source, and pages visited on naviolegal.com.
  • Purpose: Profiling for our research, development, and improvement of our Services.
  • Legal basis: Necessary for our legitimate interest in developing and improving the Services.

4.7. Contact Data

  • Data: The same name and email address you provided in connection with your account (Section 4.1), used additionally for the marketing purposes described below.
  • Purpose: Sending and analyzing direct marketing communications, including newsletters, surveys, and announcements about new features and events. Every marketing email contains an unsubscribe link, and you may withdraw your consent at any time by clicking that link or contacting us at support@naviolegal.com.
  • Legal basis: Consent.

Regardless of your marketing preferences, we may continue to send you transactional and service emails that are necessary to operate the Services, such as account confirmations, password resets, billing receipts, security alerts, and notices about material changes to these Terms or this Privacy Policy.

5. Profiling and Automated Decision-Making

We may analyze how you use the Services to identify usage patterns, predict feature interest, and improve the product. We do not use the contents of your documents for these purposes because we do not have access to them. We do not engage in automated decision-making that produces legal effects concerning you, or that similarly significantly affects you, within the meaning of Article 22 of the GDPR.

6. Who has Access to Your Data

Your data is always protected. In the course of delivering the Services to you, we only share your data with:

  • - The companies listed below, which are essential for providing the Services;
  • - Third Party Controllers in the case of business accounts; and,
  • - In the specific scenarios outlined in this policy.

Each entity with access to your data is contractually bound to protect it. The companies we currently work with include:

  • Navio Legal Inc. - Location: Canada. Purpose: To develop the Services, create analytical reports, and provide support.
  • Supabase - Location: United States. Purpose: To provide authentication and database services for user accounts and profile data.
  • Resend - Location: United States. Purpose: To deliver transactional and service emails (such as account verification, password reset, billing receipts, and security notifications) via SMTP integration with Supabase.
  • Stripe - Location: United States. Purpose: To process payments and manage recurring subscriptions.
  • Netlify - Location: United States. Purpose: To host the Navio website and web app.
  • PostHog - Location: United States. Purpose: To create product analytics and usage reports.
  • Google Analytics (Google LLC) - Location: United States. Purpose: To create website analytics reports.

If we act as a processor for a Third Party Controller (in the case of business accounts), the Third Party Controller has access to your personal information. Please refer to the Third Party Controller’s privacy policy for further information on how it handles your personal information.

Further, we may disclose or share your personal information if:

  • - We sell our company or part of it, or merge with another company. In such cases, we may share your personal information with the new party, but only to the extent necessary for the purpose for which it is processed;
  • - We are subject to insolvency proceedings, as part of the sale of our assets by a liquidator or similar; or,
  • - We are legally obliged to do so.

7. Third Party Sites

You may find links to external websites (such as LinkedIn, X, or others) on our website or in our web app. Please note that if you follow these links, you will be subject to that website’s privacy policy, not ours.

8. How Long We Hold Your Data

We only retain your data for as long as necessary.

For active subscriptions, your data is kept until your account is closed. For inactive free accounts, we may delete your data after two years of no login activity. If payments for a paid subscription are not made on time, your account may be downgraded to a free version, which would be subject to deletion under the same inactive terms.

You may send a request to have your account deleted via email to support@naviolegal.com. Where we act as a processor (for business accounts), the Third Party Controller determines the retention period.

We also retain data to comply with legal obligations, defend legal claims, or as required by authorities.

9. Where Your Data is Stored

Navio stores your account and related personal information on servers located in Canada and the United States, and possibly in other locations through our processors (please refer to Section 6). When sharing your personal information outside the European Economic Area, we use safeguards such as the Standard Contractual Clauses adopted by the European Commission (article 46(2)(c) GDPR).

We rely on industry-standard security measures provided by our service providers, including encryption in transit and at rest, to protect your information. Access to personal information is restricted to authorized personnel who need it to operate, develop, or improve the Services.

As described in Section 2, your User Content (uploaded documents, generated output, and processing rules) is processed locally on your device and is not stored by Navio.

10. Data Breach Notification

If we become aware of a security incident that has resulted, or is reasonably likely to have resulted, in unauthorized access to, disclosure of, or loss of your personal information, we will notify you and the relevant supervisory authority without undue delay, where and as required by applicable law.

11. What are Your Rights?

  • - Access: You can ask if we are processing your data and request access to see what data we have about you.
  • - Correction: You can request corrections to any inaccurate or incomplete data we have on you.
  • - Erasure: You can ask us to delete your data in certain situations, though we may deny the request if the data is needed for legal reasons.
  • - Restriction: You can request that we temporarily stop processing your data while its accuracy or the reasons for processing it are being verified.
  • - Data portability: You can request a transfer of your data to you or another party in a readable format, where technically feasible.
  • - Objection: You can object to us processing your data based on our legitimate interests, although we may continue if the law allows.

You can withdraw your consent for us to process your personal information at any time, but this will not affect any processing that happened before you withdrew consent. To exercise this right or any other data rights, contact us at support@naviolegal.com. If we are processing your data on behalf of a Third Party Controller, please refer to their privacy notice and contact them directly to exercise your rights. If you contact us, we will forward your request to them.

We will respond to your request regarding your rights within one month, but we may extend this to two months if needed and will inform you if we do. If your request is unreasonable or excessive, we may charge a fee or refuse to comply.

12. How to File a Complaint

If you have a complaint regarding how we have processed your data, you may contact the Office of the Privacy Commissioner of Canada by telephone (1-800-282-1376) or on their website, or the supervisory authority in your country.

13. Children’s Privacy

The Services are intended for legal professionals and are not directed to children. We do not knowingly collect personal information from individuals under the age of 13, or under the age of 16 in the European Economic Area and the United Kingdom. If we become aware that we have collected personal information from a child, we will delete it as soon as reasonably practicable. If you believe a child has provided us with personal information, please contact us at support@naviolegal.com.

14. California Residents

All phrases used under this heading have the same meaning as those defined under the California Consumer Privacy Act (“CCPA”).

For details on the categories of personal information we have collected from California residents in the past year, how we collected it, and how we use and share it, please refer to Sections 1-5 above. For information on the personal information we have disclosed for business purposes about California residents in the past year, refer to Section 4 above.

We do not sell the personal information of California residents, including those under 16 years of age.

Rights

California residents have the following rights under the CCPA:

  • - Right to know: Twice a year, you can request details about the personal information we have collected from you over the last 12 months, including the categories and sources of that information, the purpose for collecting or sharing it, the third parties with whom it was shared, and specific details of the information collected.
  • - Right to delete: You can ask us to delete your personal information, although there are exceptions, such as when the information is needed to complete a transaction, comply with legal obligations, address errors and security concerns, protect against fraud, and other recognized legal reasons.
  • - Right to anti-discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise your rights to know or delete, you can contact us at support@naviolegal.com. You may also designate an authorized agent to make these requests on your behalf. We will acknowledge and respond to your request promptly according to the law.

Before fulfilling your request, we will verify your identity using reasonable methods based on the nature and sensitivity of the requested information. For sensitive information, this might include additional steps such as requesting further details or requiring a signed declaration under penalty of perjury.

If you are under 18 and live in California, you can request the removal of content or information you have posted on our Services or social media, though removal might not be complete or comprehensive. To request this, email support@naviolegal.com.

15. Cookie Policy

Navio uses essential cookies to maintain your session and preferences, and analytics cookies (via PostHog and Google Analytics) to understand how visitors use our site so we can improve it. We may also use marketing or advertising cookies to measure the effectiveness of our marketing campaigns and reach prospective users on third-party platforms. You can configure your browser to reject cookies, but some features of the Services may not function properly without them.

16. Governing Law

This Privacy Policy is governed by the laws of the Province of Ontario, Canada, without regard to conflict of law principles. Where the mandatory privacy laws of your country of residence offer you greater protection, those laws shall apply to the extent required.

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for operational, legal, or regulatory reasons. The most current version will always be available at naviolegal.com/privacy, and the “Last updated” date at the top of this page reflects the latest revision. If we make material changes, we will provide more prominent notice, which may include posting a notice on our website or notifying account holders by email. Your continued use of the Services after the effective date of the updated Privacy Policy will constitute acceptance of the changes.

Contact

If you have any questions about this Privacy Policy or how we handle your data, please contact us at support@naviolegal.com.