What Navi Is
Navi is an AI agent platform. When you sign up, we provision a dedicated server instance running an AI assistant on your behalf. This assistant can access services you connect (like Gmail, Google Calendar, or Google Drive) to help you with tasks.
Data We Collect
- Account info: Your name and email address when you sign up.
- Payment info: Processed by Stripe. We store your Stripe customer ID but never see your card number.
- Connected services: When you connect Google services, OAuth tokens are stored encrypted on your dedicated server instance — not in our central database.
- Conversations: Your chats with your Navi agent are stored on your dedicated instance. We do not access or read them.
- Vault data: Passwords and credentials you store in Navi Vault are end-to-end encrypted. We cannot decrypt them.
How We Use Your Data
- To provision and maintain your Navi instance
- To process payments via Stripe
- To send you important service emails (welcome, billing, outages)
- To improve Navi based on aggregate, anonymized usage patterns
We do not sell your data. We do not use your data to train AI models.
Google API Data
Navi's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
When you connect Google services, your Navi agent may access the following data types depending on which services you connect:
- Google Calendar: Calendar events, event details, attendees, and scheduling data
- Google Drive: Files you create or open through Navi (per-file access only — Navi cannot browse your entire Drive)
- Google Contacts: Contact names, email addresses, and phone numbers (read-only)
- Google Sheets: Spreadsheet data for analysis, reporting, and automation tasks
- Google Docs: Document content for drafting, editing, and collaboration
- Gmail: Email reading and sending is handled via IMAP with a Google App Password — not through Google OAuth. No Gmail OAuth tokens are stored.
OAuth tokens are stored encrypted on your dedicated server instance — not in our central database. You can disconnect any service at any time from your dashboard, which deletes the stored tokens.
For more information about how Google handles your data, see Google's Privacy Policy.
Data Security
Each user gets a dedicated, isolated server instance. Your data is not co-mingled with other users. Connections use SSH and HTTPS encryption. Vault data uses X25519 end-to-end encryption.
Data Retention & Deletion
Your data persists on your instance as long as your subscription is active. If you cancel, we retain data for 30 days (in case you resubscribe), then delete your instance and all associated data. You can request immediate deletion by emailing us.
Third-Party Services
- Stripe — Payment processing
- Clerk — Authentication
- Hetzner — Server infrastructure (EU/US)
- OpenAI — AI model provider (via your connected ChatGPT account)
- Supabase — Account metadata database