Privacy Policy

1. Scope of This Policy

This Privacy Policy applies to information collected by Navedas Intelligence, Inc. ("Navedas," "we," "us," or "our") through our website at navedas.ai, the CSAT.AI website at csat.ai, and the Navedas Intelligence platform (collectively, the "Services").

This policy covers two categories of data: (a) information about you as a visitor, prospect, or account holder, and (b) data that your organization processes through the Platform. For Platform data, your organization is the data controller and Navedas Intelligence acts as the data processor. The processing of Platform data is governed by your Data Processing Agreement (DPA) in addition to this policy.

2. Information We Collect

Information You Provide

Account information: Name, email address, company name, job title, and phone number when you create an account or request a demo
Billing information: Payment method details processed through our third-party payment provider (we do not store full card numbers)
Communications: Messages you send us through contact forms, email, or support channels
Survey responses: Feedback you provide through customer satisfaction surveys or product feedback forms

Information Collected Automatically

Usage data: Pages visited, features used, session duration, and interaction patterns on our websites and Platform
Device information: Browser type, operating system, screen resolution, and device identifiers
Network information: IP address, approximate location (city/country level), and referring URL
Cookies and similar technologies: As described in Section 7 below

Platform Data (Processed on Your Behalf)

When your organization uses the Platform, we process the data categories defined in your service agreement. This may include customer interaction records, transaction data, agent activity logs, policy documents, and compliance records. We process this data solely as instructed by your organization.

3. How We Use Your Information

We use the information we collect for the following purposes:

Delivering services: Operating the Platform, processing your transactions, and providing customer support
Account management: Creating and managing your account, authenticating users, and processing billing
Communication: Sending service notifications, security alerts, and responding to your inquiries
Product improvement: Analyzing usage patterns to improve Platform performance and user experience (using aggregated, non-identifiable data only)
Marketing: Sending product updates, industry insights, and event invitations (you can opt out at any time)
Legal compliance: Meeting regulatory obligations, responding to legal requests, and enforcing our Terms of Use

We do not use your data to train machine learning models. We do not sell your personal information to third parties.

4. Platform Data Processing

The Navedas Intelligence platform processes your organization's operational data in real time to evaluate decisions against your Context Graph (your structured policy rules). This section describes how that processing works.

What Happens During Processing

When a decision event enters the Platform, the system evaluates it against the relevant policies in your Context Graph. Each evaluation produces a Reasoning Ledger entry that records the decision inputs, the policies consulted, the reasoning steps, and the outcome. This processing is deterministic: the same inputs and policies always produce the same result.

Data Isolation

Each customer's data is logically isolated within the Platform. Your policies, transaction data, and Reasoning Ledger entries are never accessible to other customers. We use role-based access controls, encryption at rest, and encryption in transit to protect your data.

No Model Training

We do not use customer Platform data to train, fine-tune, or improve machine learning models. Your data is processed solely to deliver the governance services you contracted for.

5. Data Retention

Data Type	Retention Period
Account information	Duration of account plus 12 months
Billing records	7 years (tax and regulatory compliance)
Platform data	As defined in your service agreement, plus 30-day deletion window
Reasoning Ledger entries	As defined in your service agreement (immutable during retention period)
Website analytics	26 months
Support communications	Duration of account plus 24 months

Upon account termination, we provide a 30-day data export window. After that, Platform data is permanently deleted from our production systems within 90 days. Backup copies are purged within 180 days.

6. When We Share Information

We do not sell, rent, or trade your personal information. We share information only in these circumstances:

Service providers: With trusted third parties who help us operate the Platform (cloud hosting, payment processing, email delivery). These providers are contractually bound to use your data only for the services they provide to us
Legal requirements: When required by law, subpoena, court order, or government regulation. We will notify you when legally permitted to do so
Business transfers: In connection with a merger, acquisition, or sale of assets, where your data may be transferred. We will notify you before your data becomes subject to a different privacy policy
With your consent: When you explicitly authorize us to share information with a specific third party

We maintain a list of sub-processors used to deliver the Platform. This list is available upon request and is included in our Data Processing Agreement.

7. Cookies and Tracking

We use cookies and similar technologies on our websites. Here is what we use and why:

Cookie Type	Purpose	Duration
Essential	Authentication, security, session management. Required for the Platform to function.	Session / 30 days
Functional	Remembering your preferences, language settings, and display options.	12 months
Analytics	Understanding how visitors use our websites. We use privacy-focused analytics that do not track users across sites.	26 months
Marketing	Measuring the effectiveness of our marketing campaigns. Only set with your consent.	12 months

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect Platform functionality. Marketing cookies are only set with your explicit consent.

8. How We Protect Your Information

We implement technical and organizational measures to protect your data, including:

AES-256 encryption at rest and TLS 1.3 encryption in transit
SOC 2 Type II certified infrastructure and operations
ISO 27001 certified information security management
Role-based access controls with principle of least privilege
Regular penetration testing and vulnerability assessments
24/7 infrastructure monitoring and incident response
Employee background checks and security training

No method of transmission or storage is 100% secure. If we become aware of a security breach affecting your personal data, we will notify you and the relevant authorities as required by applicable law.

For details on our security program, visit our Security & Compliance page.

9. GDPR Rights (EEA Residents)

If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation:

Right of access: Request a copy of the personal data we hold about you
Right to rectification: Request correction of inaccurate or incomplete data
Right to erasure: Request deletion of your personal data, subject to legal retention requirements
Right to restrict processing: Request that we limit how we use your data
Right to data portability: Receive your data in a structured, machine-readable format
Right to object: Object to processing based on legitimate interests or for direct marketing
Right to withdraw consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, contact us at privacy@navedas.ai. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

Legal basis for processing: We process personal data based on contractual necessity (account management, service delivery), legitimate interests (product improvement, security), consent (marketing communications), and legal obligations (regulatory compliance).

10. CCPA Rights (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following rights:

Right to know: Request information about the categories and specific pieces of personal information we have collected about you
Right to delete: Request deletion of your personal information, subject to certain exceptions
Right to opt out: We do not sell personal information, so this right does not apply. If our practices change, we will provide a "Do Not Sell My Personal Information" link
Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights

To submit a CCPA request, contact us at privacy@navedas.ai. We will verify your identity before processing the request and respond within 45 days.

11. International Data Transfers

Navedas Intelligence is headquartered in San Francisco, California, with operations in Bhubaneswar, India. Your data may be transferred to and processed in the United States or other countries where our service providers operate.

For transfers of personal data from the EEA, UK, or Switzerland, we rely on:

Standard Contractual Clauses (SCCs) as approved by the European Commission
The UK International Data Transfer Agreement where applicable
Adequacy decisions where available

We conduct transfer impact assessments for each data transfer mechanism to ensure your data receives an adequate level of protection regardless of where it is processed.

12. Children's Privacy

The Platform is designed for business use and is not directed at individuals under 16 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, contact us at privacy@navedas.ai and we will promptly delete it.

13. Third-Party Websites

Our websites may contain links to third-party websites or services that are not operated by Navedas Intelligence. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party site you visit.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will post the updated policy on this page with a revised "Last updated" date.

For material changes, we will notify you by email or through a prominent notice on our website at least 30 days before the changes take effect. Your continued use of the Services after the effective date constitutes acceptance of the updated policy.

15. Contact Us

If you have questions about this Privacy Policy or want to exercise your data rights, contact us at:

Navedas Intelligence, Inc.
San Francisco, California
Email: privacy@navedas.ai
General inquiries: hello@navedas.ai

For GDPR-related inquiries, you may also contact our Data Protection Officer at dpo@navedas.ai.

Contents