Overview
Navos SaaS AB ("Navos", "we", "us") operates the Navos AI customer support platform, including the Shopify app and associated services. This Privacy Policy explains how we collect, use, store, and protect personal data in connection with our services.
By using Navos AI, you agree to the practices described in this policy.
Data We Collect
When merchants install and use Navos AI, we may process the following categories of data:
- Store information (shop domain, Shopify store ID)
- Product data (names, descriptions, prices, inventory)
- Order data (order number, status, line items, shipping info)
- Customer data submitted via the chat widget (messages, name, email when provided)
- Usage data (number of AI responses, conversation counts, timestamps)
We only collect the minimum data necessary to provide the service. We do not sell personal data to third parties.
How We Use Your Data
We use the data we collect exclusively to:
- Provide AI-powered customer support responses on behalf of merchants
- Look up order information in real time to answer customer questions
- Display analytics and usage statistics in the merchant dashboard
- Process billing through the Shopify Billing API
- Improve the accuracy and performance of our AI models
Data Storage & Security
All data is stored on servers located within the European Union. We use the following measures to protect your data:
- Encryption in transit (TLS/HTTPS) for all API communications
- Encryption at rest for stored data
- Access controls limiting staff access to production data
- Separate test and production environments
- Regular security reviews
We use Supabase (EU-West region) as our database provider and a privately managed VPS for our API infrastructure.
Data Retention
We retain conversation and order data for a maximum of 12 months. Merchants may request deletion of their data at any time by contacting us at hello@navos-ai.com.
When a merchant uninstalls the Navos AI app, we process a data deletion request within 30 days in accordance with Shopify's GDPR requirements.
GDPR Compliance
Navos SaaS AB is based in Sweden and complies with the General Data Protection Regulation (GDPR). As a data processor acting on behalf of merchants (data controllers), we:
- Process data only for the purposes instructed by the merchant
- Respond to customer data requests and erasure requests
- Maintain records of processing activities
- Notify merchants of any data breaches within 72 hours
Third-Party Services
Navos AI integrates with the following third-party services:
- Shopify – for store, product, and order data via the Admin API
- Anthropic (Claude) – for AI response generation. Messages are processed but not stored by Anthropic.
- Supabase – for database storage (EU-West region)
Your Rights
Under GDPR and applicable privacy laws, you have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data
- Object to or restrict processing
- Data portability
To exercise any of these rights, contact us at hello@navos-ai.com.
Contact
For privacy-related questions or requests: