Privacy Policy

Last Updated: January 2026

1. Overview

NavVault is a local-first application. We believe your data belongs to you. We do not track your usage, sell your data, or store your information on our servers.

The Simple Version: Your prompts, folders, and settings never leave your device unless YOU choose to sync them.

2. Data Collection & Storage

NavVault stores data locally in your browser's IndexedDB.

We do NOT:

Operate servers that store your content
Track analytics or telemetry
Collect personally identifiable information (PII)
Use crash reporting services (Sentry, LogRocket, etc.)

We DO:

Store your prompts, folders, and settings locally on your device
Use browser APIs solely to provide the extension's functionality

3. Third-Party Services & Integrations

Chrome Sync API

If enabled, limited preference data (settings, folder names, pinned items) may sync across your signed-in browsers via Chrome's native sync mechanisms (using chrome.storage.sync). This is an optional feature and is Pro-only. Full conversation content is NOT synced.

Google Docs API (Export Feature)

You may optionally choose to export conversations to Google Docs.

NavVault transfers data directly from your browser to the Google Docs API
We only create new documents—we cannot read or access your existing Google Docs
Use of this feature is subject to Google's Privacy Policy

Payment Processing (Dodo Payments)

⏳ Coming Soon - Dodo Payments Integration

If you purchase a Pro or Lifetime subscription:

Payments are processed securely by Dodo Payments, our Merchant of Record
We do NOT store your credit card details—all financial data is handled by Dodo Payments
We receive only your email and subscription status for license verification
Use of payment services is subject to Dodo Payments' Privacy Policy

4. Data Control & Deletion

Because we do not have servers, we cannot "delete" your account for you—you already control it.

To delete local data: Uninstall the extension or clear your browser's site data (Settings → Privacy → Clear browsing data)
To delete exported content: Manually delete any documents you created in third-party services
To revoke Google access: Visit Google Account Permissions

5. Your Rights & Data Control

Because NavVault operates on a local-first architecture, you inherently have complete control over your data without needing to submit requests to us:

Access: Your data is stored locally—open the extension anytime to view it
Correction: Edit any prompt, folder name, or setting directly in the extension
Deletion: Delete individual items or clear all data via browser settings
Portability: Export your data to JSON, Markdown, PDF, or other formats at any time
No Tracking: We don't profile you or make automated decisions based on your behavior

In Short: Traditional data rights (GDPR, CCPA) typically require you to contact companies to exercise them. With NavVault, you already have full control—no requests needed.

6. Security

Your data security is maintained through multiple layers:

Local Storage: Data is stored in your browser's IndexedDB, which is sandboxed per-origin and inaccessible to other websites or extensions
No Server Transmission: Your content never passes through our servers, eliminating server-side breach risks
HTTPS Only: All external API communications (Google Docs export, payment processing) occur over encrypted HTTPS connections
Chrome Security: The extension operates within Chrome's security model, with permissions explicitly declared and reviewed

7. Law Enforcement

Because we do not operate servers that store your content, we have no user data to provide to law enforcement agencies. If we receive a valid legal request:

We can only confirm whether a license key exists (for Pro/Lifetime users)
We cannot provide conversation content, prompts, or folder structures—we simply don't have access to them
Any data disclosed would be limited to basic transaction records held by our payment processor (Dodo Payments)

8. Data Location

Your NavVault data resides in the following locations:

Primary Storage: Your local device, in your browser's IndexedDB (typically in your Chrome user profile folder)
Chrome Sync (Optional): If enabled (Pro-only), limited settings and metadata may sync via Google's infrastructure, subject to Google's Privacy Policy
Exported Data: Any Google Docs or files you export are stored on the respective platform (Google Drive, your local filesystem, etc.)

We do not operate data centers or servers that store user content. Our website and license validation services may use standard web hosting infrastructure, but this contains no user-generated content.

9. Permissions

We request only the permissions necessary for the application to function:

storage - To save your prompts and settings locally
activeTab / tabs - To detect which AI platform you're using
sidePanel - To display the NavVault interface
scripting - To read chat content from AI platforms
contextMenus - For right-click menu features
identity - For Google OAuth (Google Docs export only)
notifications - To notify you of completed exports
alarms - For scheduled backup reminders

These permissions are used strictly to provide the extension's functionality and for no other purpose.

10. Changes to this Policy

We may update this policy to reflect changes in our service or regulations. The latest version will always be available at this URL.

11. Contact

For privacy concerns, please contact us at:

vault@navvault.com

Transparency Commitment: We are committed to protecting your privacy. If you have any questions about how your data is handled, please contact us.