Privacy Policy

1. Data We Collect

We collect personal data that is necessary to provide, secure, and improve Navix. Depending on your use of the service, this may include:

• Identity and account data: Name, role, email, authentication details, and account preferences.
• Business and operational data: Shipment records, quote history, customer contact data, trade lane details, and workflow settings uploaded or synced by your organization.
• Communication data: Support requests, demo requests, feedback, and correspondence.
• Technical and usage data: Device identifiers, browser and OS data, IP address, log files, session telemetry, feature usage, and diagnostics.
• Security data: Access logs, fraud indicators, abuse-prevention signals, and audit trails.
• Cookie and similar technology data: Cookie IDs, consent status, and session preferences.

2. Sources of Data

We receive data from the following sources:

• Directly from you and authorized users in your organization.
• From integrations you enable (such as email systems, TMS tools, or CRM platforms).
• From public sources and commercially available datasets where permitted by law.
• From security, analytics, and infrastructure providers acting on our behalf.

3. Purposes of Processing and Lawful Bases

We process personal data for legitimate business purposes and in accordance with applicable legal bases, including performance of contract, legitimate interests, compliance with legal obligations, and consent where required.

• Service delivery: Provisioning accounts, running workflows, generating outputs, and enabling integrations.
• Security and abuse prevention: Detecting unauthorized access, enforcing platform integrity, and mitigating fraud.
• Customer support: Troubleshooting, incident response, and technical communications.
• Service improvement: Product analytics, reliability, and performance optimization.
• Legal compliance: Tax, accounting, sanctions screening, and lawful requests from authorities.
• Marketing and communications: Product updates and event/news information, subject to consent and opt-out rights where required.

4. Controller and Processor Roles

For account management, website analytics, security, and direct customer relationships, Navix generally acts as a data controller. For customer-uploaded business records processed through our platform workflows, Navix may act as a data processor under a Data Processing Addendum (DPA) with the customer.

5. AI and Automated Processing

Navix uses machine-assisted and rule-based processing to classify documents, generate recommendations, and support commercial workflows. AI outputs may contain errors and must be reviewed by authorized personnel before operational or contractual reliance. We do not intentionally use customer confidential data to train shared public models unless explicitly agreed in writing.

6. Data Sharing and Disclosure

We do not sell personal data. We may disclose data only as reasonably necessary to:

• Service providers supporting hosting, security, support, communications, analytics, and payment operations.
• Integration partners enabled by the customer.
• Professional advisors, auditors, and insurers under confidentiality obligations.
• Law enforcement or regulatory authorities when legally required.
• A successor entity in connection with a merger, acquisition, financing, or corporate restructuring.

7. International Data Transfers

Navix may process data in multiple jurisdictions. Where personal data is transferred across borders, we use recognized safeguards appropriate to the transfer context, including contractual transfer mechanisms (such as Standard Contractual Clauses), supplementary security controls, and vendor due diligence procedures.

8. Data Retention

We retain personal data only for as long as necessary to provide services, satisfy legal and contractual obligations, resolve disputes, and enforce agreements. Retention periods vary by data type, sensitivity, and regulatory requirements. Where feasible, data is deleted, anonymized, or de-identified after the applicable retention period.

9. Security Measures

Navix maintains a risk-based security program including administrative, technical, and physical controls. These controls include encryption in transit and at rest, access controls, audit logging, environment segmentation, monitoring, incident response processes, and periodic security testing. No method of transmission or storage is absolutely secure, and security obligations are shared between Navix and customer administrators.

10. Your Privacy Rights

Depending on your location and applicable law, you may have rights to access, correct, delete, restrict, object to processing, portability, withdraw consent, and lodge complaints with supervisory authorities.

• EEA/UK/Switzerland: Rights under GDPR and related frameworks, including objection and portability rights.
• United States: Rights under applicable state laws (for example, access, deletion, correction, and appeal rights where available).
• Other regions: Comparable rights where recognized under local law.

To exercise rights, contact us using the details below. We may verify identity and authority before completing requests.

11. Children's Privacy

Navix is intended for business use and is not directed to children. We do not knowingly collect personal data from children where prohibited by law. If you believe such data has been submitted, contact us so we can investigate and delete it where appropriate.

12. Third-Party Services

Our services may link to or integrate with third-party products. Those third parties are independently responsible for their own privacy and security practices. We recommend reviewing their policies before enabling integrations.

13. Policy Updates

We may revise this Privacy Policy to reflect legal, technical, or operational changes. Material updates will be communicated through the website, in-product notice, or direct account communication as required by law.