PRIVACY POLICY

Last Updated: 12 January 2026

Controller: NAVI TRADE AND LOGISTICS - FZCO

Address: IFZA Business Park, DDP Dubai, United Arab Emirates

Contact: info@navitt.com

1. Scope

This Privacy Policy explains how we collect, use, disclose, store, and protect personal data when you use SmartChart — AI Freight Manager Assistant (the “Service”), including when you choose to connect your Google account and authorize access to Google user data via OAuth (“Google Integration”).

2. Definitions

  • Personal Data: information that identifies or can be linked to an individual.
  • Google User Data: data received from Google APIs after you authorize access via OAuth (e.g., Gmail/Workspace data and/or basic Google account information), limited to the scopes you grant.
  • Content: prompts, files, and other materials you submit to the Service, including any text you choose to bring into the Service from external systems.
  • Sub-processor: a third-party service provider that processes data on our behalf under contractual confidentiality and data-protection terms.
  • Google Connector Data: Google user data stored by the Service specifically to operate a Google connector (e.g., connector configuration, cached API responses, indexed metadata needed for search, and OAuth tokens).
  • Conversation Data: chat history, prompts, messages, files, and AI-generated outputs stored in the Service. Conversation Data may include information that you or the Service brought into a conversation (for example, excerpts, summaries, or structured outputs).

A) General Data Practices (all users)

3. What We Collect

We collect the following categories of data:

3.1 Account Data

Name, email address, authentication credentials (stored as a password hash where applicable), account identifiers.

3.2 Usage & Technical Data

Timestamps, device/browser metadata, IP address, session identifiers, request metadata, and resource consumption counters.

3.3 Content You Submit (Conversation Data)

  • Prompts, chat messages, files, and configuration you choose to upload or generate within the Service.
  • If you connect external services (including Google), some information retrieved from those services may be displayed, summarized, or referenced inside conversations. Once included in conversation history, it becomes part of Conversation Data.

.

3.4 Geolocation Signals

High-level geolocation signals used solely for sanctions/export-control compliance (we do not create precise location profiles).

3.5 Cookies

Strictly necessary cookies only (session/auth, load balancing, and security).

4. How We Use Data

We use personal data to:

-Provide, secure, operate, and maintain the Service.

- Authenticate users and manage accounts.

- Provide billing, subscription management, and payment-related operations.

- Enforce our Acceptable Use Policy, investigate abuse, and ensure Service integrity.

- Comply with applicable laws and regulatory requirements (including sanctions/export control).

- Provide support and respond to your requests.

- Generate aggregated, de-identified analytics to improve performance and reliability.

5. Model Training

We do not use your Content to train our models.

6. Legal Bases (where applicable)

  • Contract performance;
  • Legitimate interests (security, fraud prevention, service integrity);
  • Legal obligations (including sanctions/export compliance);
  • Consent where required.

7. Sharing (General)

We may share personal data with:

  • Sub-processors that provide infrastructure, hosting, AI model inference, billing, email delivery, and security monitoring, under written data-processing terms.
  • Compliance & Safety recipients where disclosure is required by law, or necessary to protect rights, safety, and the Service.

8. International Transfers

Personal data may be processed outside your country. We implement appropriate safeguards and require our sub-processors to do the same.

9. Retention (General)

  • Account and billing records: retained as required for legal/accounting obligations.
  • Logs and usage data: retained for security and billing verification for a period proportionate to those purposes.
  • Content you upload: retained only as necessary to provide the Service or as you direct.
  • On deletion: we delete or irreversibly anonymize data unless retention is required by law or for the establishment, exercise, or defense of legal claims.

10. Your Rights

Subject to applicable law, you may request access, correction, deletion, or export of your data.

Cancellation of subscription does not equal deletion.

Deletion Requests: send from your registered email to info@navitt.com; we process requests within 72 hours, subject to legal retention requirements.

Chat removal in the UI: if the Service offers a feature to remove chats from your view, this action removes chats from your account view (soft deletion) and does not necessarily erase underlying records from our backend systems where retention is required for legal/accounting, billing recordkeeping, security, or audit purposes.

11. Security (General)

We use appropriate technical and organizational measures to protect personal data, including access controls and secure communications. No method is 100% secure.

12. Children

The Service is not directed to individuals under 18.

13. Changes

We may update this Policy. Material changes will be announced within the Service prior to taking effect.

B) Google User Data (OAuth / Google APIs) — Required Disclosures

14. Data Accessed (Google User Data)

If you connect your Google account, the Service accesses only the Google user data covered by the OAuth scopes you grant. Depending on the integration(s) you enable, this may include:

14.1 Basic Google Account Information (commonly requested by OAuth)

  • Email address
  • Basic profile information (e.g., name, profile image)
  • Google Account identifier

14.2 Google Workspace / Gmail Data (only if you grant the relevant scopes)

  • Email message metadata (e.g., sender/recipient fields, subject, date/time, message/thread identifiers, labels)
  • Email message content/body
  • Attachments (only to the extent your authorized scopes and your requested actions require)

14.3 Other Google Workspace Data (only if you grant the relevant scopes)

  • Calendar data (event details and metadata)
  • Contacts data (contact details)
  • Drive data (file metadata and/or file content)

14.4 OAuth Technical Data

  • OAuth access/refresh tokens and authorization metadata required to maintain the connection.

If you do not grant a scope, we do not access that category of Google user data.

15. Data Usage (How We Use Google User Data)

We use Google user data strictly to provide the functionality you request within the Service, such as:

  • Connecting your Google account to the Service and maintaining the integration.
  • Retrieving and displaying Google data inside SmartChart as requested by you (e.g., showing messages or extracting relevant details).
  • Processing Google user data to generate outputs you request (e.g., summaries, structured extraction, workflow automation), including via AI-based processing where enabled in the Service.
  • Troubleshooting, security monitoring, abuse prevention, and maintaining Service reliability.
  • Outputs generated from Google user data (such as summaries or extracted fields) may be presented inside the Service and may be stored as Conversation Data as part of chat history.

We do not use Google user data for advertising, and we do not sell Google user data.

16. Data Sharing (Google User Data)

We share Google user data only in the following circumstances:

16.1 Service Providers / Sub-processors

We may share Google user data with our sub-processors strictly to operate the Service (e.g., hosting/infrastructure, security monitoring, and AI inference providers where applicable). Sub-processors are bound by contractual confidentiality and data-processing obligations and may not use the data for their own purposes.

16.2 Legal & Safety

We may disclose Google user data if required by law or to protect rights, safety, and the Service.

We do not allow third parties to use Google user data for their independent marketing or advertising purposes.

17. Data Storage & Protection (Google User Data)

  • We store Google user data only as needed to provide the Service and the features you use.
  • OAuth credentials (tokens) are handled as confidential secrets, with access restricted to authorized systems and personnel as necessary to operate the integration.
  • We use secure communications (HTTPS/TLS) for data transmitted between your device, our Service, and Google APIs.
  • We apply access controls and monitoring designed to reduce the risk of unauthorized access.

18. Data Retention & Deletion (Google User Data)

18.1 What is deleted on “Disconnect”

If you disconnect a specific Google connector inside the Service (e.g., Gmail, Google Drive, or Google Calendar) using the Disconnect button, we will automatically:

  • disable that connector and stop further access to the associated Google API scopes;
  • remove the connector’s authorization credentials (such as OAuth tokens) associated with that connector; and
  • delete Google Connector Data stored by the Service that is necessary to operate that specific connector (for example: connector configuration, cached API responses, and indexed metadata created for that connector).

If you have multiple Google connectors enabled, disconnecting one connector deletes only the Google Connector Data required for that connector. We retain only the minimum Google Connector Data necessary to operate any other Google connector(s) that remain active.

18.2 What may remain after “Disconnect” (Conversation Data)

Disconnecting a connector does not automatically delete Conversation Data (chat history, prompts, messages, files, and AI-generated outputs) stored in the Service. Conversation Data may include content that references or contains information that was previously retrieved via the connector (for example, excerpts, summaries, or structured outputs).

Because conversation history may contain mixed content, we may not be able to reliably identify and remove only Google-derived fragments inside Conversation Data without deleting the entire conversation.

18.3 Deletion of Google-related data requires full account deletion

We do not provide partial deletion of Google user data as a standalone request. If you request deletion of Google user data, this can be fulfilled only through full deletion of your account and all associated Service data.

18.4 How to request full deletion

To request full deletion, email info@navitt.com

from your registered email address. We process requests within 72 hours, subject to legal retention requirements. Where retention is required by law or for security/audit or billing recordkeeping, we will retain only the minimum data necessary for those purposes.

18.5 Revoking Access via Google

You may revoke the Service’s access at any time in your Google Account settings. Revocation stops further access but does not delete data already stored in the Service. To remove stored data, request full deletion as described above.