Privacy Policy

1. Introduction

Navasana, Inc. ("Navasana," "we," "us," or "our") is a Delaware corporation providing cyber insurance products and services through our AI-driven risk assessment platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our platform, or engage with our services.

By accessing or using our services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our services.

2. Information We Collect

2.1 Personal Information

We may collect personally identifiable information that you voluntarily provide to us, including:

• Name, email address, phone number, and mailing address
• Job title and company information
• Account credentials (username and password)
• Payment and billing information
• Communications you send to us

2.2 Business Information

To provide cyber insurance quotes and services, we collect business-related information, including:

• Company name, size, industry, and revenue
• Business contact information
• Insurance history and claims information
• Risk management policies and procedures

2.3 Security Assessment Data

With your authorization, our platform may collect or access:

• Security posture information from integrated security tools (e.g., endpoint detection, email security, identity management)
• Technical infrastructure details relevant to risk assessment
• Vulnerability scan results and security ratings
• Compliance certifications and audit reports

2.4 Automatically Collected Information

When you access our platform, we automatically collect certain information:

• Device information (browser type, operating system, device identifiers)
• Log data (IP address, access times, pages viewed)
• Usage patterns and platform interactions
• Cookies and similar tracking technologies

3. How We Use Your Information

We use the information we collect for the following purposes:

• Insurance Services: To underwrite policies, assess risk, process applications, issue quotes, and manage claims
• Platform Operation: To provide, maintain, and improve our platform and services
• Risk Assessment: To analyze security posture and provide risk insights using our AI-driven technology
• Communication: To respond to inquiries, provide customer support, and send service-related notifications
• Legal Compliance: To comply with applicable laws, regulations, and insurance industry requirements
• Security: To detect, prevent, and address fraud, security incidents, and technical issues
• Analytics: To understand how our services are used and improve user experience

4. Information Sharing and Disclosure

We may share your information in the following circumstances:

4.1 Insurance Partners

We share information with capacity providers, reinsurers, and other insurance partners as necessary to underwrite, bind, and service insurance policies.

4.2 Service Providers

We engage third-party service providers who assist us in operating our platform, conducting business, or servicing you, subject to confidentiality obligations.

4.3 Security Tool Integrations

With your authorization, we integrate with third-party security platforms to assess risk. Data shared is limited to what is necessary for risk assessment purposes.

4.4 Legal Requirements

We may disclose information when required by law, subpoena, court order, or other legal process, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction, subject to standard confidentiality arrangements.

5. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

• Encryption of data in transit and at rest
• Access controls and authentication mechanisms
• Regular security assessments and monitoring
• Employee training on data protection
• Incident response procedures

While we strive to protect your information, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. For insurance-related records, we adhere to applicable regulatory retention requirements.

7. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

• Access: Request access to the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information, subject to legal retention requirements
• Portability: Request a copy of your information in a portable format
• Opt-Out: Opt out of marketing communications at any time
• Withdraw Consent: Withdraw consent for processing where consent is the legal basis

To exercise these rights, please contact us using the information provided below.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience on our platform. These technologies help us:

• Remember your preferences and settings
• Understand how you use our platform
• Improve our services and user experience
• Provide secure authentication

You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of our platform.

9. Third-Party Links

Our platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

10. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete such information.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Effective Date" above. We encourage you to review this Privacy Policy periodically.

13. California Privacy Rights

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete your information, and the right to opt out of the sale of your personal information. We do not sell personal information.

14. Contact Us