Privacy Policy

Last Updated: January 2026

1. Overview

NavVault is a local-first application. We believe your data belongs to you. We do not track your usage, sell your data, or store your information on our servers.

NavVault does not load or execute remote code. All extension code is bundled with the extension; network requests are used only for APIs (e.g., exports and license validation).

The Simple Version: Your prompts, folders, and settings never leave your device unless YOU choose to sync them.

2. Data Collection & Storage

NavVault stores data locally in your browser's IndexedDB.

We do NOT:

Operate servers that store your content
Track analytics or telemetry
Collect or sell your chat content
Use crash reporting services (Sentry, LogRocket, etc.)

We DO:

Store your prompts, folders, and settings locally on your device

Browser Sync (Chrome / Edge)

If enabled, limited preference data (settings, folder names, pinned items) may sync across your signed-in browsers via the browser's built-in extension sync (using chrome.storage.sync). In Google Chrome, this is tied to the Google account you're signed into; in Microsoft Edge, it's tied to your Microsoft (or work/school) account. This is an optional feature and is Pro-only. Full conversation content is NOT synced.

Google Docs API (Export Feature)

You may optionally choose to export conversations to Google Docs.

NavVault transfers data directly from your browser to the Google Docs API
We only create new documents—we cannot read or access your existing Google Docs
Use of this feature is subject to Google's Privacy Policy

Payment Processing (Dodo Payments)

If you purchase a Pro or Lifetime subscription:

Payments are processed securely by Dodo Payments, our Merchant of Record
We do NOT store your credit card details—all financial data is handled by Dodo Payments
Dodo Payments may collect personal information such as your email address and billing details to process your purchase and provide receipts/invoices
We use a license validation service to verify your Pro/Lifetime access
Use of payment services is subject to Dodo Payments' Privacy Policy
You can manage billing (cancel, update payment method, view invoices) in the customer portal: Manage subscription

License Activation & Validation

To activate and validate your license, the extension sends your license key and activation identifiers (such as a device ID and license instance ID) to our license validation service. This data is used only to check your entitlement and enforce an activation limit of up to 3 active device activations per license key. If you reach this limit, please contact support to request an activation reset. We do not receive or store your chat content for licensing.

4. Data Control & Deletion

Because we do not have servers, we cannot "delete" your account for you—you already control it.

To delete local data: Uninstall the extension or clear your browser's site data (Settings ? Privacy ? Clear browsing data)
To delete exported content: Manually delete any documents you created in third-party services
To revoke Google access: Visit Google Account Permissions

5. Your Rights & Data Control

Because NavVault operates on a local-first architecture, you inherently have complete control over your data without needing to submit requests to us:

Access: Your data is stored locally—open the extension anytime to view it
Correction: Edit any prompt, folder name, or setting directly in the extension
Deletion: Delete individual items or clear all data via browser settings
Portability: Export conversations to common formats (Markdown/PDF/etc.). Pro includes full data backup export/import.
No Tracking: We don't profile you or make automated decisions based on your behavior

In Short: Traditional data rights (GDPR, CCPA) typically require you to contact companies to exercise them. With NavVault, you already have full control—no requests needed.

6. Security

Your data security is maintained through multiple layers:

Local Storage: Data is stored in your browser's IndexedDB, which is sandboxed per-origin and inaccessible to other websites or extensions
No Server Storage of Chat Content: We do not run servers that store your chat content. When you export to third-party services (Google Docs), your content is sent directly from your browser to those services
HTTPS Only: All external API communications (Google Docs export, payment processing) occur over encrypted HTTPS connections
Chrome Security: The extension operates within Chrome's security model, with permissions explicitly declared and reviewed

7. Law Enforcement

Because we do not operate servers that store your content, we have no user data to provide to law enforcement agencies. If we receive a valid legal request:

We can only confirm whether a license key exists (for Pro/Lifetime users)
We cannot provide conversation content, prompts, or folder structures—we simply don't have access to them
Any data disclosed would be limited to basic transaction records held by our payment processor (Dodo Payments)

8. Data Location

Your NavVault data resides in the following locations:

Primary Storage: Your local device, in your browser's IndexedDB (typically in your Chrome user profile folder)
Browser Sync (Optional): If enabled (Pro-only), limited settings and metadata may sync via your browser account's sync service (Google for Chrome; Microsoft for Edge), subject to the browser provider's privacy policy
Exported Data: Any Google Docs or files you export are stored on the respective destination (your Google account, your local filesystem, etc.)

We do not operate data centers or servers that store user content. Our website and license validation services may use standard web hosting infrastructure, but this contains no user-generated content.

9. Permissions

We request only the permissions necessary for the application to function:

storage — To save your prompts and settings locally
activeTab / tabs — To detect which AI platform you're using
sidePanel — To display the NavVault interface
scripting — To read chat content from AI platforms
contextMenus — For right-click menu features
identity — For Google OAuth (Google Docs export only)
notifications — To notify you of completed exports
alarms — For scheduled license revalidation and optional auto-backup scheduling

Host permissions (Websites we can access)

NavVault requests access only on supported AI chat websites to enable sidebar features (indexing/search/navigation/export) on those pages. We also request access to Google APIs for optional Google Docs export, and NavVault's domain for license activation/validation. We do not use host access to track general browsing history.

https://chatgpt.com/*, https://gemini.google.com/*, https://claude.ai/*, https://grok.com/*
https://docs.googleapis.com/*, https://www.googleapis.com/* (Google Docs export)
https://navvault.com/*, https://www.navvault.com/* (license activation/validation and support links)

These permissions are used strictly to provide the extension's functionality and for no other purpose.

10. Changes to this Policy

We may update this policy to reflect changes in our service or regulations. The latest version will always be available at this URL.

11. Contact

For privacy concerns, please contact us at:

vault@navvault.com

Transparency Commitment: We are committed to protecting your privacy. If you have any questions about how your data is handled, please contact us.