Last Updated: February 18, 2026

Privacy Policy

This Privacy Policy describes how Navigent.io ApS (CVR: 46285395), with registered address at Nørre Voldgade 70, 1358 København K, Denmark ("Navigent", "we", "us", or "our"), collects, uses, and protects personal data when you use the Navigent platform at navigent.io (the "Service").

1. Data Controller

Navigent is the Data Controller for personal data collected directly from you in relation to your use of the Service (e.g., account registration, billing, support communications).

When you use the Service to process personal data of your own leads, contacts, or email recipients, you are the Data Controller and Navigent acts as a Data Processor on your behalf. This processing relationship is governed by our Data Processing Agreement.

2. Data We Collect

2.1 Account Data

When you register, we collect: name, email address, company name, billing address, and payment information. This data is necessary for the performance of our contract with you (GDPR Article 6(1)(b)).

2.2 Usage Data

We automatically collect data about how you interact with the Service, including: pages visited, features used, timestamps, IP addresses, browser type, device information, and referral URLs. This processing is based on our legitimate interest in improving the Service (GDPR Article 6(1)(f)).

2.3 Customer Data

You may upload or input data into the Service, such as lead information, email templates, campaign content, and contact lists. We process this data solely on your instructions as Data Processor.

2.4 Communication Data

When you contact support or provide feedback, we collect the contents of your communications along with associated metadata.

3. How We Use Your Data

We use your personal data for the following purposes:

• Providing, operating, and maintaining the Service.
• Processing payments and managing subscriptions.
• Sending transactional communications (account confirmations, invoices, security alerts).
• Improving the Service, including analytics and feature development.
• Detecting and preventing fraud, abuse, and security incidents.
• Complying with legal obligations.

4. Sub-Processors

We engage the following third-party sub-processors to deliver the Service. Each sub-processor has been vetted for GDPR compliance:

Where sub-processors are located outside the EU/EEA, transfers are safeguarded by Standard Contractual Clauses (SCCs) adopted by the European Commission, or other approved transfer mechanisms.

5. Legal Bases for Processing (GDPR Article 6)

• Contract Performance (Art. 6(1)(b)): Processing necessary to provide the Service you have subscribed to.
• Legitimate Interest (Art. 6(1)(f)): Analytics, fraud prevention, and service improvement.
• Legal Obligation (Art. 6(1)(c)): Compliance with tax, accounting, and regulatory requirements.
• Consent (Art. 6(1)(a)): Where applicable, for optional marketing communications. You may withdraw consent at any time.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Upon account termination, we retain data for a maximum of 90 days to allow for data export, after which it is permanently deleted. Billing records are retained for up to 5 years to comply with Danish bookkeeping obligations (Bogføringsloven).

7. Your Rights (GDPR Articles 15–22)

If you are located in the EU/EEA, you have the following rights:

• Access (Art. 15): Request a copy of the personal data we hold about you.
• Rectification (Art. 16): Request correction of inaccurate or incomplete data.
• Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten").
• Restriction (Art. 18): Request restriction of processing under certain conditions.
• Portability (Art. 20): Receive your data in a structured, commonly-used, machine-readable format.
• Objection (Art. 21): Object to processing based on legitimate interest.
• Automated Decision-Making (Art. 22): Right not to be subject to decisions based solely on automated processing.

To exercise any of these rights, contact us at info@navigent.io. We will respond within 30 days.

8. Cookies & Tracking

Navigent uses essential cookies required for authentication and session management. We do not use third-party advertising trackers. Analytics cookies, if any, are deployed only with your prior consent via our cookie banner.

9. Security

We implement industry-standard technical and organizational measures to protect your data, including: encryption in transit (TLS 1.2+), encryption at rest (AES-256), access controls, regular security audits, and incident response procedures. Despite these measures, no method of transmission or storage is 100% secure.

10. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that a child has provided personal data, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 14 days before taking effect. The "Last Updated" date at the top of this page reflects the most recent revision.

12. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet): www.datatilsynet.dk.

13. Contact