Privacy Policy

Last updated: April 5, 2026

Navda AI, a product of Navea Technology Group LLC ("Navda AI," "we," "us," or "our"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI virtual receptionist platform, website, and related services (collectively, the "Service").

Our Role: Data Controller and Data Processor

Navda AI acts in two capacities depending on the type of data involved:

• Data Controller: We are the data controller for information we collect directly from you as our customer — your account registration details, billing information, and usage of our website and dashboard.
• Data Processor: We act as a data processor on your behalf when handling calls, recordings, transcriptions, and appointment data related to your callers. In this capacity, you (our customer) are the data controller, and we process this data solely according to your instructions and configuration. Our obligations as a data processor are further defined in our Data Processing Agreement (DPA), available upon request.

1. Information We Collect

Information You Provide

• Account registration details (name, email address, phone number, business name)
• Billing and payment information processed through our third-party payment provider
• Business configuration data (greeting scripts, call handling preferences, appointment settings)
• Communications with our support team

Information Collected Automatically

• Call metadata (date, time, duration, caller phone number, call disposition)
• Call recordings and AI-generated transcriptions, when enabled by you
• Appointment booking details (caller name, requested service, scheduled time)
• Usage data (feature usage, dashboard interactions, login activity)
• Device and browser information (IP address, browser type, operating system)
• Cookies and similar tracking technologies on our website

Information from Third Parties

• Data from integrated calendar and scheduling platforms you connect
• Information from CRM or practice management systems you authorize

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the AI receptionist service
• Process and route inbound calls on your behalf
• Generate call summaries, transcriptions, and action items
• Book and manage appointments as configured by you
• Improve our AI models and service quality (using de-identified, aggregated data only — you may opt out of this use; see Section 10)
• Send service-related notifications and updates (these are transactional and cannot be opted out of while your account is active)
• Send occasional product announcements and marketing communications, only with your consent — you may opt out at any time by clicking the "unsubscribe" link in any marketing email or by contacting us at privacy@navda-ai.com
• Process payments and manage your account
• Respond to your support requests
• Comply with legal obligations

3. Call Data and Recordings

Our Service handles phone calls on behalf of your business. Call recordings and transcriptions are stored securely and are accessible only to you through your Navda AI dashboard. We do not listen to, review, or share your call recordings except as necessary to provide the Service, resolve technical issues at your request, or comply with legal requirements.

Recording Disclosure and Consent

Navda AI provides built-in tools to disclose call recording to callers at the start of every call. By default, the AI receptionist announces that the call may be recorded. You are responsible for ensuring this disclosure remains enabled and complies with applicable laws in your jurisdiction.

Eleven U.S. states require all-party consent before a call may be recorded (including California, Florida, Illinois, Washington, Pennsylvania, Maryland, Connecticut, Massachusetts, Montana, Nevada, and New Hampshire). Because caller location cannot always be determined in advance, we recommend keeping recording disclosure enabled for all calls as a safe default. The Service logs a timestamp for each recording disclosure to support your compliance records.

You are responsible for complying with applicable call recording consent laws in your jurisdiction, including providing appropriate notices to callers where required. Consent records should be retained for a minimum of four years in accordance with FCC guidance.

Voice Data

Navda AI does not use voice biometrics, voiceprints, or speaker identification technology. We do not create or store biometric identifiers derived from caller voice data. Call audio is used solely for real-time AI processing and, when recording is enabled, to generate transcriptions and summaries.

Caller Privacy Rights

If you are a caller who has interacted with a business using Navda AI, your call data (phone number, recording, transcription, and appointment details) is controlled by the business you called — not by Navda AI. To exercise your privacy rights regarding this data (access, correction, or deletion), please contact the business directly. The business may then instruct us to delete or modify the relevant data in their Navda AI account.

If you are unable to reach the business or believe your data is being mishandled, you may contact us at privacy@navda-ai.com and we will make reasonable efforts to assist in resolving your request in coordination with the business.

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information with:

• Service providers who assist us in operating the platform (cloud hosting, telephony, AI processing, payment processing), subject to contractual data protection obligations
• Integrated platforms you authorize (calendars, CRMs, practice management systems)
• Legal authorities when required by law, subpoena, or court order
• Business transfers in connection with a merger, acquisition, or sale of assets, with prior notice to you

5. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS 1.2+) and at rest (AES-256), access controls, regular security assessments, and monitoring. While no system is completely secure, we take reasonable measures to protect against unauthorized access, alteration, or destruction of your information.

Data Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users without unreasonable delay and no later than 72 hours after becoming aware of the breach, consistent with GDPR standards and applicable U.S. state breach notification laws. Notification will include the nature of the breach, the types of data affected, steps we are taking to address the breach, and recommended actions you can take to protect yourself.

Subprocessors

We use third-party service providers (subprocessors) to help operate the Service, including cloud infrastructure, telephony, AI processing, payment processing, and analytics. All subprocessors are bound by data processing agreements that require them to protect your data to the same standards described in this policy. A current list of our subprocessors is available upon request by contacting privacy@navda-ai.com. We will notify you of material changes to our subprocessor list.

6. Data Retention

We retain your data for as long as your account is active and as needed to provide the Service. Call recordings and transcriptions are retained according to the retention period you configure in your account settings. Upon account termination, we will delete your data within 90 days, except where retention is required by law.

7. International Data Transfers

Navda AI's Service is hosted in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Service, you consent to the transfer of your information to the United States. Where required by applicable law, we will implement appropriate safeguards for cross-border data transfers, such as Standard Contractual Clauses approved by the European Commission.

8. Legal Basis for Processing (EEA/UK Users)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data on the following legal bases under the General Data Protection Regulation (GDPR):

• Contractual necessity: Processing required to provide the Service, manage your account, process payments, and deliver call handling, transcription, and appointment booking features (Articles 6(1)(b)).
• Legitimate interest: Processing for security monitoring, fraud prevention, service improvement using aggregated/de-identified data, and analytics to maintain and improve the Service (Article 6(1)(f)). We balance these interests against your rights and only proceed where our interests do not override your fundamental rights.
• Consent: Processing of optional features you choose to enable, such as call recording, and for marketing communications (Article 6(1)(a)). You may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.
• Legal obligation: Processing required to comply with applicable laws, regulations, or legal proceedings (Article 6(1)(c)).

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on individuals, as defined under GDPR Article 22.

If you are located in the EEA or UK and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EU supervisory authorities is available at edpb.europa.eu. UK residents may contact the Information Commissioner's Office (ICO) at ico.org.uk.

9. Healthcare and Sensitive Data

If you use Navda AI in a healthcare setting where Protected Health Information (PHI) may be involved, additional terms may apply. Please contact us to discuss a Business Associate Agreement (BAA) if your use case involves PHI under HIPAA. We also offer a Data Processing Agreement (DPA) for customers who require one under GDPR or other data protection regulations. Contact privacy@navda-ai.com to request a BAA or DPA.

10. Your Rights

Depending on your location, you may have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to or restrict certain processing activities
• Data portability (receive your data in a structured, machine-readable format)
• Withdraw consent where processing is based on consent
• Opt out of AI model training — you may request that your de-identified data not be used to improve our AI models by contacting us or adjusting your account settings

To exercise these rights, contact us at privacy@navda-ai.com. We will respond to verified requests within 30 days (or 45 days if an extension is needed, with notice to you).

California Residents — Your CCPA Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information:

• Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collecting it, and the categories of third parties with whom we share it.
• Right to Delete: You may request that we delete personal information we have collected from you, subject to certain exceptions.
• Right to Opt-Out of Sale or Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
• Right to Correct: You may request that we correct inaccurate personal information we maintain about you.
• Right to Limit Use of Sensitive Information: You may request that we limit the use or disclosure of your sensitive personal information to what is necessary to provide the Service.

To submit a CCPA request, email privacy@navda-ai.com with the subject line "CCPA Request." We will verify your identity before processing your request.

In the preceding 12 months, we have collected the following categories of personal information: identifiers (name, email, phone number), commercial information (billing data, subscription details), internet or electronic network activity (usage data, device information), audio information (call recordings, when enabled), and professional information (business name, industry). We collect this information for the business purposes described in Section 2 of this policy.

11. Cookies and Do Not Track

Our website uses cookies and similar technologies. We use the following categories of cookies:

• Essential cookies: Required for core website functionality such as navigation, authentication, and security. These cannot be disabled. Duration: session or up to 1 year.
• Analytics cookies: Help us understand how visitors interact with our website by collecting usage data in aggregate form. Duration: up to 2 years.
• Functional cookies: Remember your preferences and settings to improve your experience. Duration: up to 1 year.

We do not use marketing or advertising cookies. You can manage cookie preferences through your browser settings. Disabling non-essential cookies will not affect core website functionality but may limit some personalization features.

Some web browsers transmit "Do Not Track" (DNT) signals. Because there is no universally accepted standard for how to respond to DNT signals, our website does not currently respond to DNT signals. However, you may opt out of analytics tracking by adjusting your cookie preferences in your browser settings or by contacting us.

12. Additional U.S. State Privacy Rights

In addition to the California-specific rights described in Section 10, residents of the following states have privacy rights under their respective state laws:

• Virginia (VCDPA): Right to access, correct, delete, and obtain a copy of your personal data; right to opt out of targeted advertising and sale of personal data.
• Colorado (CPA): Right to access, correct, delete, and port your personal data; right to opt out of targeted advertising, sale of personal data, and profiling.
• Connecticut (CTDPA): Right to access, correct, delete, and port your personal data; right to opt out of targeted advertising and sale of personal data.
• Utah (UCPA): Right to access and delete your personal data; right to opt out of sale of personal data and targeted advertising.

As additional states enact consumer privacy legislation, we will extend equivalent rights to residents of those states. To exercise any of these rights, contact privacy@navda-ai.com. If we decline your request, you may appeal by replying to our response, and we will review your appeal within 60 days.

13. Children's Privacy

Our Service is designed for business use and is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service at least 30 days before they take effect, and by posting the updated policy on our website with an updated "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Navea Technology Group LLC
Email: privacy@navda-ai.com
Website: www.navda-ai.com