← Back to Home

Privacy Policy

Last updated: February 25, 2026

Introduction

Welcome to Navia ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services for product authenticity verification.

By using our services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

Information We Collect

Personal Information

When you register for our services, we collect the following information:

  • Email Address: Required for account creation and authentication
  • Full Name: Required for account creation
  • Password: Encrypted and stored securely for account authentication

Note: We only collect your email address, full name and encrypted password during registration. We do not require or collect your phone number, or other personal identifiers during the registration process.

When you use our services, we may also automatically collect:

  • Usage Data: We use your email, full name and encrypted password to register user. We're saving scanned QR codes against each user based on their uniqe id.

QR Code Scan Data

When you scan QR codes to verify product authenticity, we collect the following information:

  • QR Code Values: The scanned QR code identifier and verification timestamp
  • Verification Results: Whether the product is authentic, invalid, or already scanned
  • Product Information: Product details associated with the QR code (if available)

Authentication and Session Data

To maintain your session and secure your account, we collect:

  • Authentication Tokens: JWT tokens for secure session management
  • Session Information: Login timestamps and session duration
  • Security Logs: Failed login attempts and suspicious activity for fraud prevention

How We Use Your Information

We use the collected information for the following purposes:

  • Service Provision: To provide, maintain, and improve our product verification services
  • Authentication: To verify your identity and manage your account
  • Product Verification: To process QR code scans and verify product authenticity
  • Communication: To send you important updates, notifications, and respond to your inquiries
  • Security: To detect, prevent, and address technical issues, fraud, or security threats
  • Compliance: To comply with legal obligations and enforce our terms of service

Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

  • Service Providers: With trusted third-party service providers who assist us in operating our services, including:
    • Cloud hosting providers (Firebase/Google Cloud)
    • Authentication and security services
    • Analytics services (if used)
    These service providers are contractually obligated to protect your data and use it only for the purposes we specify.
  • Legal Requirements: When required by law, court order, or government regulation, or to protect our rights, property, or safety, or that of our users or others
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, where your information may be transferred as part of that transaction
  • With Your Consent: When you explicitly authorize us to share your information for specific purposes
  • Product Manufacturers: Only aggregated and anonymized scan statistics may be shared with product manufacturers for quality control and anti-counterfeiting purposes. No personally identifiable information is included in these reports.

We do not sell your personal information to third parties.

Data Security

We implement industry-standard security measures to protect your personal information:

  • Encryption: All data is encrypted in transit using TLS/SSL and at rest using industry-standard encryption methods
  • Password Security: Passwords are hashed using bcrypt before storage and are never stored in plain text
  • Authentication: Secure JWT token-based authentication with token expiration
  • Access Controls: Strict access controls and authentication requirements for accessing user data
  • Regular Updates: Regular security updates and vulnerability assessments
  • Secure Infrastructure: Data stored on secure, compliant cloud infrastructure (Firebase/Google Cloud)

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security. If you become aware of any security breach, please contact us immediately.

Data Retention

We retain your personal information only for as long as necessary to:

  • Provide our services to you
  • Comply with legal obligations and regulatory requirements
  • Maintain security and prevent fraud

Account Deletion: When you delete your account, we will permanently delete your personal information (email, password, scan history, and all associated data) from our active systems within 30 days, except where we are required to retain it for legal, regulatory, or fraud prevention purposes. Some anonymized data may be retained for analytics purposes.

Scan History: Your QR code scan history is retained while your account is active. Upon account deletion, all scan records associated with your account are permanently deleted.

HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

You may have the following rights regarding your personal information:

  • Access: Request access to your personal information
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal information
  • Objection: Object to processing of your personal information
  • Restriction: Request restriction of processing
  • Withdraw Consent: Withdraw consent for data processing where applicable

To exercise these rights, you can:

  • Delete Your Account: Visit our Account Deletion Page to permanently delete your account and all associated data
  • Request Data Access: Contact us using the information provided in the "Contact Us" section below to request a copy of your data

We will respond to your requests within 30 days, or as required by applicable law.

Account Deletion

You have the right to delete your account at any time. When you delete your account, we will permanently remove:

  • Your account profile and personal information
  • All QR code scan history and verification records
  • All authentication sessions and tokens
  • Any linked OAuth accounts
  • All preferences and settings

Warning: Account deletion is permanent and cannot be undone. Please ensure you have exported any data you wish to keep before proceeding.

To delete your account:

Visit the Account Deletion Page →

Children's Privacy

Our services are not intended for children under the age of 13 (or the applicable age of consent in your jurisdiction, such as 16 in the European Union). We do not knowingly collect personal information from children under the age of 13.

If you are a parent or guardian and believe that your child under 13 has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete such information from our servers promptly.

If you are between the ages of 13 and 18 (or the applicable age of majority in your jurisdiction), you must have your parent or guardian's permission to use our services.

Third-Party Services

Our services use the following third-party services:

  • Firebase/Google Cloud: For data storage, authentication, and hosting services. Google's privacy policy applies to data processed by Firebase. View Google Privacy Policy

These third-party services have their own privacy policies governing the collection and use of your information. We encourage you to review their privacy policies.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: