Privacy policy
Last updated: May 25, 2026
This policy explains what personal data we collect when you use Naveo at naveo.space, how we handle it, who we share it with, and what rights you have. It is part of the terms and conditions of the service.
1. Data controller
The data controller is Naveo. For any privacy question, write to [email protected].
2. Data we collect
Account data: email, name, photo, and sign-in provider managed by Clerk. Usage data: lesson progress, prompts you write, answers you submit, completed exercises, XP, streak, hearts, gems, and shop purchases. Technical data: IP address, device type, browser, language, and date and time of requests. Cookies: strictly necessary ones to sign you in and remember your language.
3. Why we use your data
To deliver the service: authenticate you, save your progress, show you the next lesson, run your prompts, and return the model output. To improve content: review in aggregate which lessons work best, which evaluation criteria fail, which errors appear. To talk with you: account notices, important changes, replies to your messages. For security: detect abuse, prevent fraud, and protect the platform.
4. Legal basis
We process your data to perform the contract you accept when using Naveo (the terms and conditions), to comply with legal obligations, and in some cases under our legitimate interest in maintaining and improving the service. When the law requires it, we ask for explicit consent (for example, optional marketing emails).
5. Who we share data with
Only with the providers strictly needed for the service to work: Clerk (authentication and user management), OpenRouter together with Anthropic, OpenAI, and other language model providers (they process the prompts you send to generate the response), the PostgreSQL database provider, and the hosting infrastructure. Each one processes your data under its own data protection agreements. We do not sell your personal information.
6. International transfers
Some providers are located outside your country (mainly in the United States and the European Union). In those cases we rely on standard contractual clauses and other safeguards approved by data protection authorities.
7. Retention
We keep your data while your account is active. If you close the account, we erase identifying data within a maximum of 90 days, keeping only the records the law forces us to retain (for example, billing) and fully anonymized usage metrics.
8. Your rights
You can access, rectify, delete, object to, or restrict the processing of your data, and request portability. Write to [email protected] to exercise any of these rights. You can also file a complaint with the data protection authority in your country if you believe we did not handle your request properly.
9. Cookies
We use only functional cookies: one to keep your session signed in (Clerk) and another to remember your language. We do not use advertising or third-party tracking cookies for marketing purposes.
10. Minors
Naveo is not aimed at children under 13. If we discover that an account was created without the proper consent of a parent or guardian, we will delete it along with the associated data.
11. Security
We apply reasonable technical and organizational measures to protect your data: encryption in transit, hashed passwords managed by the authentication provider, role-restricted access, and audit logs. No system is 100% bulletproof, so we recommend using unique passwords and enabling two-step verification with your sign-in provider.
12. Changes to this policy
If we update this policy, we will change the date at the top and, if the change is significant, notify you by email or from the dashboard before it takes effect.
13. Contact
For any question about privacy or to exercise your rights, write to [email protected].