{"format":"markdown","content":"# Navigator Platform — Privacy Policy\n\n**Effective Date:** January 1, 2026  \n**Last Updated:** January 1, 2026\n\n---\n\n## Our Commitment\n\nNavigator is built on a simple principle: **your data belongs to you.** We collect only what is necessary to operate the Service, we never sell your personal data, and we give you full control over your privacy settings.\n\n---\n\n## 1. Information We Collect\n\n### 1.1 Information You Provide\n| Data | Purpose | Stored |\n|------|---------|--------|\n| Email address | Account creation, notifications | Encrypted at rest |\n| Username & display name | Profile identity | Plaintext |\n| Password | Authentication | Argon2id hash (never stored in plaintext) |\n| Profile info (bio, location, website) | Public profile | Per your privacy settings |\n| Posts, messages, comments | Social features | Encrypted in transit; messages can be end-to-end encrypted |\n| Payment information | Subscription billing | Processed by Stripe — we never see or store full card numbers |\n\n### 1.2 Information Collected Automatically\n| Data | Purpose | Retention |\n|------|---------|-----------|\n| IP address | Rate limiting, abuse prevention | Hashed; retained 30 days |\n| Device identifier | Multi-device session management | Retained until logout |\n| Timestamps (login, last seen) | Service operation | Retained with account |\n| Subscription tier & billing events | Billing | Retained per tax law requirements |\n\n### 1.3 Information We Do **NOT** Collect\n- We do **not** track you across other websites\n- We do **not** build advertising profiles\n- We do **not** sell or share data with data brokers\n- We do **not** use your content to train AI models without explicit opt-in\n- We do **not** read your end-to-end encrypted messages\n\n## 2. How We Use Your Information\n\nWe use your information **only** for:\n\n1. **Operating the Service** — authentication, delivering messages, displaying profiles\n2. **Security** — rate limiting, abuse detection, fraud prevention\n3. **Billing** — processing payments via Stripe, sending receipts\n4. **Communication** — service announcements, security alerts (you can opt out of non-essential emails)\n5. **Improving the Service** — anonymous, aggregated usage statistics\n\n## 3. Data Sharing\n\nWe share your data **only** in these limited circumstances:\n\n| Recipient | Data Shared | Why |\n|-----------|-------------|-----|\n| **Stripe** | Email, subscription tier | Payment processing |\n| **AI Providers** (if you use AI features) | Your prompts | AI response generation (not stored by us after delivery) |\n| **Law enforcement** | As required by law | Only with valid legal process |\n| **You** | All your data | Via data export (see Section 7) |\n\n**We never sell your personal data. Period.**\n\n## 4. Data Security\n\nWe implement industry-standard security measures:\n\n- **Passwords:** Argon2id hashing (never stored in plaintext)\n- **Tokens:** SHA-256 hashed before storage\n- **Transport:** TLS 1.2+ required for all connections\n- **Headers:** Security headers on all responses (CSP, HSTS, X-Frame-Options, etc.)\n- **Rate limiting:** Per-endpoint rate limits to prevent abuse\n- **Access control:** Subscription tier enforcement on all protected endpoints\n- **Infrastructure:** Database encryption at rest when using PostgreSQL with managed hosting\n\n## 5. Data Retention\n\n| Data Type | Retention Period |\n|-----------|-----------------|\n| Account data | Until you delete your account |\n| Posts & messages | Until you delete them or your account |\n| Auth tokens | 30 days or until logout |\n| IP addresses (hashed) | 30 days |\n| Billing records | As required by tax law (typically 7 years) |\n| Backups | 30 days after deletion |\n\n## 6. Your Privacy Controls\n\nNavigator gives you granular privacy controls:\n\n- **Profile visibility:** Public, Friends Only, or Private\n- **Post visibility:** Per-post privacy (public, friends, private)\n- **Online status:** Show or hide your online status\n- **Friend list:** Public or private\n- **Message encryption:** Optional end-to-end encryption\n- **Data export:** Download all your data at any time\n- **Account deletion:** Permanently delete your account and all associated data\n\n## 7. Your Rights\n\nDepending on your jurisdiction, you may have the right to:\n\n- **Access** your personal data\n- **Correct** inaccurate data\n- **Delete** your data (\"right to be forgotten\")\n- **Export** your data in a portable format\n- **Restrict** processing of your data\n- **Object** to processing of your data\n- **Withdraw consent** at any time\n\nTo exercise these rights, contact us at privacy@navigator.app or use the in-app privacy controls.\n\n### GDPR (EU/EEA Users)\nWe process your data under the following legal bases:\n- **Contract performance** (Art. 6(1)(b)) — operating your account\n- **Legitimate interest** (Art. 6(1)(f)) — security, abuse prevention\n- **Consent** (Art. 6(1)(a)) — optional features like AI interactions\n- **Legal obligation** (Art. 6(1)(c)) — tax and billing records\n\n### CCPA (California Users)\n- You have the right to know what data we collect and why.\n- You have the right to delete your data.\n- You have the right to opt out of the \"sale\" of your data — **we don't sell your data, so there's nothing to opt out of.**\n- We will not discriminate against you for exercising your rights.\n\n## 8. Children's Privacy\n\n- The Service is not intended for children under 13 (or the minimum age in your jurisdiction).\n- We do not knowingly collect data from children.\n- If you believe a child has provided data to us, contact us and we will delete it.\n\n## 9. Cookies & Tracking\n\n- We use **only essential cookies** for authentication and session management.\n- We do **not** use advertising cookies or third-party trackers.\n- We do **not** use analytics services that track individual users.\n\n## 10. International Data Transfers\n\nIf you access the Service from outside our hosting region, your data may be transferred internationally. We ensure appropriate safeguards (Standard Contractual Clauses or equivalent) are in place.\n\n## 11. Changes to This Policy\n\nWe may update this Privacy Policy from time to time. We will:\n- Notify you via email or in-app notification of material changes\n- Provide at least 14 days' notice before changes take effect\n- Keep previous versions available for review\n\n## 12. Contact Us\n\nFor privacy questions or data requests:\n\n- **Email:** privacy@navigator.app\n- **Website:** https://navigator.app/privacy\n- **Data Protection Officer:** dpo@navigator.app\n\n---\n\n*Navigator Technologies — Your Data, Your Choice.*\n"}