Privacy Policy

Last updated: March 2026

1. Information We Collect

Navil collects the minimum data necessary to operate the service: email address and organization name at registration, API usage telemetry (request counts, threat events), and standard server logs (IP addresses, timestamps).

2. How We Use Your Data

We use collected data to operate and improve the Navil security gateway, generate anonymized threat intelligence for the community blocklist, send service notifications and security alerts, and process billing through Stripe.

3. Threat Intelligence Sharing

Community tier users contribute anonymized threat data (source IPs, attack types) to the shared blocklist. No payload content, API keys, or personally identifiable information is ever shared. Pro and above tiers include private telemetry options.

4. Data Retention

Telemetry events are retained for 90 days. Threat intelligence entries expire after 24 hours. Account data is retained for the duration of your subscription and deleted within 30 days of account closure upon request.

5. Contact

For privacy inquiries, contact privacy@navil.dev.