Privacy Policy
Last updated: 14 June 2026
This policy explains what personal data Navier collects, why we use it, who we share it with, how long we keep it, and the rights and duties you have over it under India's Digital Personal Data Protection Act, 2023 (DPDP Act) and the DPDP Rules. We've written it in plain language. As required by the DPDP Act, this notice can be made available in English or any of the scheduled Indian languages on request — if you'd like a translated copy, or if anything here is unclear, email us at hello@navier.in.
1.Who we are & what this covers
Navier is a travel-readiness product for Indian outbound travellers — it evaluates your profile to calculate a readiness score for international destinations and gives you personalised guidance to close documentary gaps. In this policy:
- "Navier", "we", "us", and "our" refer to the team operating the Navier platform.
- "You" refers to the person using our service — the Data Principal under the DPDP Act.
- Navier acts as the Data Fiduciary — we decide the purpose and means of processing your personal data.
Navier currently operates as an early-stage product managed by its founding team, who take responsibility as the Data Fiduciary in the interim. Formal corporate registration and incorporation details will be added to this section once incorporation is complete.
This policy applies to navier.in and the Navier web app. It does not cover third-party websites or services we link to (such as official embassy or consulate portals, or external booking engines), which have their own privacy policies.
2.The data we collect
We follow data minimisation and collect only what we need to run the product. That includes some sensitive information you choose to share during the assessment (such as financial details, passport validity, and past travel or immigration history) — we use it solely to calculate your score and guidance.
| Data category | Examples | Why we need it |
|---|---|---|
| Account identity | your name, email, and account password | to create your account, sign you in, and provide support. Your password is never stored in plain text — it is hashed by our authentication provider, so Navier never sees it |
| Assessment inputs | employment status & profession, finances (savings, ITR history), passport validity, past international travel, any prior visa overstays, any criminal-conviction history, age, and marital/sponsorship details | to calculate your destination-readiness score, map your profile-specific risk factors, and generate your preparation milestones and visa guidance |
| Metrics & progress | your NavScore, dimension scores, risk bands, and milestone history | to maintain your workspace and show your readiness over time |
| Payment records | your plan, transaction timestamps, and payment status | to provide and support the paid plan. Card/UPI/net-banking details are captured and processed directly by Dodo Payments — Navier never receives or stores your raw financial credentials |
| Consultation queries | the questions you type into "Ask Us", together with your score, dimension scores, and active milestones | to answer them with context tailored to your situation. Your question and this context are sent to our AI provider, Google Gemini (see §5) |
| Security signals | IP address, diagnostic and error logs, and form-verification interaction signals | to block bots and fraud, keep the platform secure, and troubleshoot errors |
| Roadmap requests | a country you ask us to add, and an email if you ask to be notified | to plan our roadmap and notify you when a requested country goes live |
If you start an assessment before signing up, your answers are preserved in a short-lived anonymous browser session so you can claim them when you create an account.
3.Why we use it
We process your personal data only for these defined purposes:
- To calculate your travel-readiness score and confidence level.
- To generate your personalised milestones, visa guidance, and report content.
- To answer your questions in "Ask Us" with context relevant to your profile.
- To provide, bill, and support the paid plan.
- To keep the service secure — preventing bots, fraud, and abuse — and to diagnose errors.
- To send essential account communications (for example, password resets or a re-engagement email before we delete an inactive account).
We do not sell your data, and we do not track you to serve targeted third-party advertising.
4.Consent & legal basis
We process your data based on the explicit consent you give when you create your Navier account and use the service, supplemented by the "certain legitimate uses" permitted by the DPDP Act (for example, keeping the service secure and providing a service you asked for). When you submit an assessment, you are consenting to us using those answers to compute your score and guidance.
You can withdraw your consent at any time by deleting your account from your settings. When you do, we stop processing your data and erase your records — except where we are legally required to keep certain data under other laws (for example, retaining transaction history for up to 7 years to meet Indian financial record-keeping obligations).
5.Who we share it with
We share data only with the trusted service providers ("Data Processors") that help us run Navier, and only to the extent each needs it. We do not sell your personal data or share it for advertising.
| Provider | What it does for us | Where |
|---|---|---|
| Supabase | our primary database, accounts/login, and file storage | Mumbai, India |
| Netlify | website hosting and server-side functions | Outside India |
| Dodo Payments | processes your payments (handles card/UPI/net-banking details directly) | Outside India |
| Resend | sends our transactional emails (e.g. password resets, verifications) | Outside India |
| hCaptcha | verifies human presence on our forms and defends against bots | Outside India |
| Google Gemini | generates the AI answers in "Ask Us" — it receives your question along with your score, dimension scores, and active milestones as context | Outside India |
Cross-border transfers. Your core account and assessment data is stored in India (Supabase, Mumbai). Some processors above operate outside India, so running the service involves transferring limited data abroad. In line with the DPDP Act, we only use providers in jurisdictions that are not restricted under prevailing Indian data-protection rules. We may also share data where the law requires it (for example, a valid legal order).
6.How long we keep it
We keep your data only as long as your account is active, or as Indian law requires.
| Data | Retention |
|---|---|
| Active accounts | kept until you delete your account |
| Inactive accounts | after 24 months of no activity we email you; if you don't return, the account is flagged for deletion |
| Deleted accounts | fully purged from our production systems within 30 days of deletion |
| Error / diagnostic logs | up to 90 days (and your identity is removed from them immediately when you delete your account) |
| Payment records | up to 7 years, to meet financial record-keeping obligations |
| Anonymous assessments (before signup) | a short-lived session record so you can claim your score when you sign up |
7.Your rights as a Data Principal
Under the DPDP Act you have these enforceable rights over your personal data:
- Access — ask for a summary of the personal data we hold about you and how we use it.
- Correction & update — edit your details in Account, or ask us to correct inaccurate data.
- Erasure — delete your account yourself in Account → Danger Zone, or ask us. We purge your data within 30 days (except records we must keep by law).
- Grievance redressal — raise a complaint about our data practices with our Grievance Officer (see §12).
- Nomination — nominate another person to exercise your rights on your behalf in the event of death or incapacity.
- Withdraw consent — as described in §4.
How to exercise them. Use the in-app Delete account and profile controls, or email hello@navier.in. We acknowledge requests within 3 working days and resolve them within 30 days.
8.Your duties as a Data Principal
The DPDP Act also places certain duties on you as a Data Principal. When using Navier, you agree to:
- Provide identity and profile information that is accurate and genuine, and not suppress any material fact relevant to your assessment.
- Not impersonate another person, use a false or another person's email, or hide material identity details when registering or being assessed.
- Not register false, malicious, or frivolous grievances with us or with the Data Protection Board.
Because Navier's score depends entirely on the answers you give, inputting deliberately false data undermines your own result — and the DPDP Act makes accurate disclosure your legal responsibility.
9.Children's data
Navier accounts are for adults: you must be 18 or older to create an account or submit an assessment. We do not knowingly create accounts for, or collect data directly from, anyone under 18.
Your assessment may involve a minor — for example, if you are planning a trip for your child, or completing a step like a minor's No-Objection Certificate. In that case, you (the adult account holder) provide that information and are responsible for it, and you confirm that, as the parent or authorised legal guardian, you have the authority to share it. If you believe a child's data has reached us without proper authority, contact us and we will delete it.
10.How we protect it
We use reasonable security safeguards appropriate to the data we handle, including:
- Row-Level Security at the database layer (Supabase), so your records can only be read or changed by your own authenticated account.
- Encryption in transit (HTTPS) for everything between your device and our servers.
- Server-side isolation of privileged operations and scoring logic, so sensitive actions never run with your browser's permissions.
- Infrastructure hardening — routine security reviews across our database access, serverless functions, and content-security policies.
No system is perfectly secure, but if a personal-data breach affecting you occurs, we will act to contain it and notify you and the Data Protection Board of India as required by the DPDP Act.
11.Cookies & local storage
Navier stores small amounts of data in your browser (using localStorage and sessionStorage) to keep you signed in, hold your workspace state, and load your score quickly across tabs. These are first-party and functional — not advertising trackers. Our bot-protection provider, hCaptcha, may set its own cookies to tell humans from bots.
We do not use any third-party analytics, cross-site tracking pixels, or ad-retargeting networks. If that ever changes, we will update this policy before we do so.
12.Grievance redressal & the Data Protection Board
If you have a question or complaint about how your personal data is handled, contact our Grievance Officer:
Grievance Officer: The Navier Team
Email: hello@navier.in
We acknowledge grievances within 3 working days and aim to resolve them within
30 days.
Please raise your concern with us first. If our resolution does not satisfactorily address it, you have the right to escalate to the Data Protection Board of India, the authority that oversees the DPDP Act.
13.Changes to this policy
We may update this policy as Navier evolves or as the law requires. When we do, we'll change the "Last updated" date at the top, and for significant changes we'll make a reasonable effort to notify you by email before they take effect. Your continued use of Navier after an update means you accept the revised policy.
14.Payments & refunds
Navier plans and destination workspaces are one-time purchases, billed in Indian Rupees (INR). Prices are shown in full before you pay, with any applicable taxes included or itemised at checkout. Payments are processed securely by our payment partner, Dodo Payments — Navier never sees or stores your card details.
One-time, permanent access. There is no subscription, nothing recurring, and nothing to cancel. Your access does not expire.
No refunds. Your score, report and workspace are delivered in full the moment a purchase completes, so payments are non-refundable. You can complete the full assessment and see your NavScore for free before you buy — please review it first.
Failed or duplicate charges. If you are charged for a payment that failed, or charged twice for the same purchase, we refund the incorrect charge to your original payment method — typically within 5–7 working days of confirmation, in line with RBI norms.
Wrong destination. If you bought a workspace for the wrong destination, message us — where possible we will help you switch it to the destination you meant, instead of a refund.
Chargebacks. Please contact us before raising a chargeback with your bank; we will resolve genuine payment errors directly. Chargebacks raised without contacting us first may pause access while we investigate.
This section is governed by the laws of India, including the Consumer Protection Act, 2019 and the Indian Contract Act, 1872. Nothing here limits any rights you have under applicable law.
15.Contact
For anything about this policy, your data, or a payment, email us at hello@navier.in.