Navoura Privacy Policy

Last updated: May 25, 2026 Effective: May 25, 2026

This is Navoura’s privacy policy. We’ve tried to write it in plain English. If anything is unclear, email us at privacy@navoura.app.

The short version

Your reflections, journal entries, and notes about other people stay on your device by default. We don’t see them.
When you tap Fathom or Translator, the text of that one item is sent to Anthropic (the company that makes Claude AI) to be read. It is not stored by us or used to train any AI.
We collect your email and basic usage counts (how many reads you’ve done this month) so the app works and we can bill you correctly.
We don’t sell your data. Ever. To anyone.
You can export everything we have on you, or delete your account entirely, from the You tab.

1. Who we are

Navoura is operated by Welcome Lane LLC (“we,” “us,” “our”). Mailing address:

Welcome Lane LLC PO Box 530361 St Petersburg, FL 33747 United States

For privacy questions: privacy@navoura.app For general support: support@navoura.app

If you’re in the European Union, this policy is provided under the EU General Data Protection Regulation (GDPR). If you’re in California, additional rights under the California Consumer Privacy Act (CCPA) apply — see Section 9.

2. What we collect, and why

What we collect from everyone

Data	Why	Where it lives
Email address	Account login, billing receipts, account recovery, important service notices	Supabase (our database provider)
First name	To greet you in the app	Supabase
Account creation date, last active date	To know if an account is dormant and eligible for auto-deletion	Supabase
Subscription tier (Free / Plus / Pro)	To know what features you have access to	Supabase
Usage counters — number of Translator and Fathom calls per day	To enforce free-tier limits and to bill paid tiers correctly	Supabase
Crash reports (anonymized)	To find and fix bugs	Sentry

What we collect ONLY when you use AI features

When you tap Translator on a conversation, or Fathom on a reflection, the text of that specific item is sent to Anthropic’s Claude API for analysis. We do not store this text on our servers. We log only metadata: which feature, which model, how many tokens, how long the call took, what it cost us.

What we do NOT collect

Your reflections. They are stored only on your device unless you explicitly enable cloud sync (a future feature, not active in v0.1).
Your notes about people in your life. Same — local-only.
Your conversations or message contents. Same — local-only unless sent through Translator.
Your contacts, photos, location, microphone, camera, or any device sensors. We don’t ask for permission to access these.
Advertising identifiers (IDFA). We don’t show ads and we don’t track for advertising.

What Apple collects

If you subscribe through the App Store, Apple handles your payment. We never see your credit card. Apple gives us an anonymous customer ID and a signed receipt. Their privacy policy applies to that transaction: https://www.apple.com/legal/privacy/

3. How your reflections stay private

This is the part of the product we care most about. Three layers:

Default storage is local. Your phone’s storage holds your reflections. Nothing leaves the device automatically.
AI calls are explicit. You tap “Fathom” on a specific reflection. Only that reflection is sent, only at that moment, only to Anthropic.
No training, ever. Anthropic’s API terms guarantee that data sent through their API is not used to train Claude or any future model. We rely on that contract and review it annually.

If you enable cloud sync in a future version of the app, you will be able to enable end-to-end encryption with a passphrase you control. We will not be able to read your reflections even if compelled by court order. That’s the design goal.

4. Who we share data with

We share the minimum necessary with these service providers. Each is contractually required to protect your data:

Provider	What they get	Why
Anthropic (Claude AI)	The text you send through Translator or Fathom, when you send it	Powers the AI features
Apple	Your subscription and payment	Handles App Store billing
Supabase	Your email, name, tier, usage counters	Hosts our database
Cloudflare	Encrypted network traffic between your app and our backend	Hosts our backend at api.navoura.app
Sentry	Anonymized crash reports	Helps us fix bugs

We do not share data with advertisers, data brokers, marketing companies, or any other third party. Ever.

We may disclose data if legally required (a valid subpoena, court order, or other lawful demand). When we can legally do so, we will notify you before complying.

5. Where your data lives

Most data lives on your device (local storage on your phone)
Account and billing data lives on Supabase servers (US-based, AWS)
Backend lives on Cloudflare Workers (globally distributed)
AI calls route through Anthropic servers (US-based)

If you are in the EU/UK, your data may be transferred to and processed in the United States. These transfers are governed by the EU Standard Contractual Clauses and equivalent UK terms. We do not transfer data to countries lacking adequate protections.

6. How long we keep your data

Data type	Retention
Account info while account is active	As long as you have the account
Account info after deletion	Removed within 30 days
Account info if dormant (no login for 2 years)	Account is auto-deleted; you’re emailed 30 days beforehand
Usage counters and billing records	Kept 7 years (US tax requirement)
Crash reports	90 days, then purged
AI call metadata (no content)	1 year, then aggregated
Reflection content sent to Anthropic	Not retained by us; not retained by Anthropic for training

7. Your security

We take security seriously, but no system is perfectly secure. What we do:

All data in transit is encrypted with TLS
All data at rest is encrypted (Supabase AES-256)
API keys are stored in encrypted secret managers, never in app code
Multi-factor authentication on every operator account
Rate limiting and abuse protection at the network edge
Regular backups, tested quarterly
Quarterly key rotation

In the unlikely event of a breach affecting your data, we will notify you within 72 hours of discovery, as required by GDPR.

8. Your rights

You have the right to:

Access the data we hold about you (export from the You tab)
Correct anything that’s wrong (edit in the app, or email us)
Delete your account and all associated data (You tab → Delete account)
Export your data in machine-readable format (You tab → Export)
Object to specific processing
Restrict processing in certain circumstances
Withdraw consent at any time

Exercising these rights is free and we will respond within 30 days. If you’re not satisfied with our response, you can complain to your local data protection authority.

9. California residents (CCPA)

In addition to the rights above, California residents have the right to:

Know what personal information we collect about you (this policy)
Request deletion of personal information
Opt out of “sale” of personal information (we don’t sell data, so this is automatic — but we honor Global Privacy Control signals anyway)
Non-discrimination for exercising your privacy rights

Categories of personal information we collected in the last 12 months: identifiers (email, name), commercial information (subscription tier), internet activity (usage counters), inferences (none — we don’t profile).

To exercise CCPA rights, email privacy@navoura.app or use the controls in the You tab.

10. Children

Navoura is not intended for users under 16. We do not knowingly collect data from children under 16. If you believe a child has created an account, email us and we will delete it immediately.

11. Changes to this policy

We may update this policy. If we make material changes (changes that affect what data we collect, who we share it with, or how it’s used), we will:

Notify you in the app on next launch
Email you at least 30 days before the change takes effect

Continued use of Navoura after a change means you accept the new policy. If you don’t accept it, delete your account from the You tab — your data will be removed.

The “Last updated” date at the top of this policy shows when it was last changed.

12. Contact

Privacy questions: privacy@navoura.app
General support: support@navoura.app
Mail: Welcome Lane LLC, PO Box 530361, St Petersburg FL 33747, USA

This policy is written to comply with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), Apple’s App Store privacy requirements, and equivalent regulations in the United Kingdom, Brazil (LGPD), and Canada (PIPEDA). It is not legal advice. Have an attorney review before relying on it for a public launch beyond TestFlight beta testing.