sign-in

Legal & Trust

Privacy Policy

Last updated · July 16, 2026

This Policy explains what data NarvixAI collects and how it is used. The Service is operated by OlunovaTech Labs LLC, a Georgia (USA) limited liability company, which is the controller of the personal data described here; you can reach us at support@narvixai.com. We follow a data-minimization principle: we collect only what is needed to operate the Service.

1. Data we collect

Account data: your email address, authentication metadata, assigned role, and basic profile information. Settings: preferences you save (e.g. theme and reading position). Assistant conversations: if you use the “Ask” assistant, the questions you ask and the answers you receive are saved to your account so you can revisit them; they are visible only to you, and you can delete any conversation — or your entire chat history — at any time from within the tool. Notes you write in the Notepad tool are stored only in your browser (local storage) and are never sent to our servers. Usage/operational data: limited logs (such as request metadata, rate-limit counters, and per-account AI usage counts) needed for security, abuse prevention, cost control, and reliability. Billing data (when paid plans launch): handled by our payment processor — see “Payments” below. We do not sell your personal data.

2. How we use data

To authenticate you, enforce role- and tier-based access, operate and secure the Service, prevent abuse and control costs, and communicate about your account. Intelligence content is generated on a shared schedule and is not personalized from your private data.

3. Processors & infrastructure

We use third-party providers to run the Service. As of the “Last updated” date they are: Vercel (application hosting and deployment), Supabase (authentication, database, and file storage), OpenAI (AI content and audio generation — under API terms that do not use our data to train their models), Resend (transactional email delivery), Google (optional “Sign in with Google”), Cloudflare (DNS, network, and inbound email routing), and Stripe (payment processing — see “Payments” below). Market and social data feeds (e.g. CoinGecko, the X API) supply content to the Service and do not receive your personal data. API keys and secrets used for content generation are held server-side and are never exposed in the application frontend or in any mobile bundle. These providers process data on our behalf under their own security and privacy commitments, and we will keep this list current as our infrastructure changes.

4. Payments

Payments are processed by a third-party payment processor, Stripe. We follow a processor-first model: card and payment details are entered with and stored by the processor, not by NarvixAI. We retain only limited subscription metadata (such as plan, status, and renewal date) needed to provision your access.

5. Cookies & analytics

We use strictly necessary cookies/local storage to keep you signed in and to remember preferences (such as your theme and reading position). If we introduce analytics or non-essential cookies, we will update this Policy and provide any disclosures or controls required in your jurisdiction.

6. Security

Access is restricted to approved roles and protected by authentication and row-level security. Exposed API routes use authentication, authorization, and rate limiting. We do not embed secret API keys in client code or mobile bundles. No method of transmission or storage is perfectly secure, but we take reasonable measures to protect data.

7. Your rights

Depending on your location, you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. You can export your data and permanently delete your account yourself, at any time, from Account settings → Your data. For access or correction requests you can also reach us via the Support page; we action reasonable requests consistent with legal and operational obligations.

8. Data retention & deletion

We retain account data for as long as your account is active and as needed to comply with legal obligations, resolve disputes, and enforce agreements. When you delete your account from Account settings, we permanently remove your authentication record and the personal data linked to it — your profile, role, saved settings, and your assistant conversations — right away; any content you authored is kept with your identity removed. Notepad notes, which live only in your browser, are cleared from this device when you delete your account.

Typical retention periods: account and profile data — deleted immediately on account deletion; assistant conversations — kept until you delete them in the tool, and deleted immediately when you delete your account; security, rate-limit, and usage logs — up to 24 months, for abuse prevention and cost auditing; encrypted database backups — deleted data rolls out of backups within about 30 days; email delivery logs — held briefly by our email provider; billing and subscription records (once paid plans launch) — retained for up to 7 years where required for tax, accounting, and audit purposes. We may retain specific information longer where the law requires it.

9. Children

The Service is not directed to children and is intended for users 18 and older. We do not knowingly collect personal information from children. If you believe a child has provided us personal data, contact us via Support.

10. International users

The Service may be operated from, and data processed in, the United States or other countries. By using the Service you understand your information may be transferred to and processed in locations with different data-protection laws than your own.

11. Changes & contact

We may update this Policy; the “Last updated” date reflects the latest version. Privacy questions can be sent via the Support page or to support@narvixai.com.