Legal

Privacy Policy

How we collect, use, and protect your personal data.

Last updated: 16 March 2026

Summary

Nava is committed to protecting your privacy. We collect only the data needed to run the platform, never sell it to third parties, and store everything in compliance with the EU General Data Protection Regulation (GDPR). Read on for the full details.

1. Who We Are

Nava ("we", "us", "our") is the operator of the Nava mobile application and related services. If you have any questions about this policy or how we handle your data, contact us at privacy@nava.app.

2. Data We Collect

2.1 Account Information

When you register, we collect your name, email address, username, password (hashed), and the role you sign up as (Owner, Tenant, Buyer, or Seller). If you register via Google or Apple Sign-In, we receive your name and email from those providers.

2.2 Profile Data

You may optionally upload a profile photo, add a bio, and upload identity or tenancy documents. These are stored securely on encrypted S3-compatible storage.

2.3 Property & Tenancy Data

Owners and property managers provide property details (address, size, type, images). We link tenant accounts to properties via a private relationship — this linkage is never publicly visible.

2.4 Financial Data

Nava does not store your card details. Payment card information is handled entirely by Stripe, a PCI-DSS Level 1 certified payment processor. We store only wallet balances, transaction records, and Stripe payment intent IDs for reconciliation purposes.

2.5 Communications

Messages sent in private or group chats are stored in our database to enable message history. We do not read your messages except where required by law or to investigate a reported abuse incident.

2.6 Device & Technical Data

We collect device tokens to deliver push notifications, your IP address, device type, and app version for security and debugging. We also log API requests for fraud detection and uptime monitoring.

2.7 Usage Data

We collect anonymous analytics on feature usage (e.g. how often certain screens are visited) to improve the product. This data is aggregated and never tied to your identity.

3. How We Use Your Data

4. Legal Basis for Processing (GDPR)

5. Data Sharing

We do not sell your personal data. We share data only with:

All sub-processors are bound by data processing agreements consistent with GDPR requirements.

6. Data Retention

7. Your Rights (GDPR)

If you are in the EU or EEA, you have the following rights:

To exercise any of these rights, email privacy@nava.app or use the in-app data tools under Settings → Privacy. We will respond within 30 days.

8. Cookies

The Nava mobile app does not use cookies. Our web portal uses strictly necessary session cookies to keep you logged in. We do not use advertising or tracking cookies. You can clear session cookies at any time by logging out.

9. Security

All data is transmitted over TLS 1.2+. Data at rest is AES-256 encrypted. Access to production systems is restricted to authorised personnel only, with multi-factor authentication required. We conduct regular security reviews and maintain audit logs of all sensitive operations.

10. Children's Privacy

Nava is not directed at children under 16. We do not knowingly collect data from anyone under 16. If you believe a child has provided us with personal data, contact us immediately at privacy@nava.app.

11. Changes to This Policy

We may update this policy from time to time. When we make significant changes, we will notify you via the app or email at least 14 days before the change takes effect. The "Last updated" date at the top of this page reflects the most recent revision.

12. Contact & Complaints

For privacy questions: privacy@nava.app

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority. In Ireland, that is the Data Protection Commission (DPC).