Privacy Policy

• Account data — email address, hashed password (via Supabase Auth). We do not store passwords in plain text.
• Conversation data — messages you send and receive within NavOrb. Used to maintain conversation history and train the orb's memory for you.
• Voice data — audio is streamed to Deepgram for speech-to-text transcription. We do not store raw audio files. Transcripts are stored as conversation messages.
• Orb configuration — personality settings (soul.md), appearance, physics, scheduled tasks, and skills. Stored in your user profile.
• API keys (BYOB) — if you provide your own API keys, they are stored encrypted server-side and only used to route requests to your chosen providers. Never returned to the browser.
• Payment data — processed by Stripe. We never see or store full card numbers. We store Stripe customer IDs and subscription status.
• Usage analytics — page views, feature usage, and session data via PostHog. No personally identifiable information is sent to analytics.
• Device info — browser type, OS, screen resolution for rendering optimization. Stored in the devices table if you enable push notifications.
• Long-term memory — facts the AI learns about you during conversations (preferences, goals, relationships) are stored as semantic embeddings for future recall. You can view and delete these in Settings.

• To operate the Service — routing messages to AI providers, maintaining conversation history, personalizing the orb.
• To process payments and manage subscriptions.
• To improve the Service — aggregate, anonymized analytics. We never sell your data or use individual conversations for training third-party models.
• To prevent abuse — content moderation on external bridge inputs.
• To communicate with you — account confirmations, billing receipts, critical service updates. No marketing emails unless you opt in.

• Supabase — database hosting, authentication, file storage (US)
• Vercel — application hosting, serverless functions (US)
• OpenRouter — AI model routing (US). Your messages are sent to the AI model you select. Refer to OpenRouter's privacy policy for their data retention practices.
• Deepgram — speech-to-text transcription. Audio is processed in real-time and not stored by Deepgram after transcription.
• Stripe — payment processing (US/EU). PCI-DSS Level 1 compliant.
• Resend — transactional email delivery.
• Upstash — rate limiting (Redis). Stores only anonymized request counters.
• PostHog — product analytics. Anonymized event data only.

• Conversations — retained until you delete them or close your account.
• Memory — semantic memories persist until you delete them in Settings or close your account.
• Skills — retained until you delete them or close your account.
• Account data — retained for 30 days after account closure, then permanently deleted.
• Billing records — retained for 7 years as required by tax law.
• Audit logs — retained for 90 days for security investigation.

• Access — request a copy of all data we hold about you.
• Correction — update inaccurate data.
• Deletion — request permanent deletion of your account and all associated data.
• Portability — receive your data in a machine-readable format.
• Objection — opt out of analytics tracking.

To exercise any of these rights, email Build@KnightAIAV.com. We respond within 30 days.

• Authentication — Supabase session cookie (sb-*). Required for sign-in.
• Analytics — PostHog cookie. Can be blocked without affecting functionality.

We do not use advertising cookies or trackers.

• HTTPS (TLS 1.3) on all connections
• Row-Level Security (RLS) on every database table — users can only access their own data
• API keys stored encrypted server-side, never returned to the browser
• Bridge tokens stored as SHA-256 hashes — raw token shown once at creation
• Rate limiting on all API endpoints
• Content moderation on external bridge inputs

If you discover a security vulnerability, report it to Build@KnightAIAV.com. We do not pursue legal action against good-faith security researchers.