Navira

Legal

Privacy Policy

Last updated: June 22, 2026

1. Who We Are

Navira is operated by Octavian Maradin, an individual based in Romania. For the purposes of the EU General Data Protection Regulation (GDPR), Octavian Maradin is the data controller responsible for your personal data. You can reach us at contact@naviraguides.com for any privacy-related question, including data-subject requests.

2. Information We Collect

When you create an account, we collect your name, email address, and authentication credentials. When you use our services, we collect itinerary preferences, chat messages with the AI explorer, and location data when you opt into the walking guide feature. When you use turn-by-turn navigation, we also record and save the route you walk to your trip history so you can revisit past walks; these recorded walks are stored in AWS EU (Frankfurt) and you can delete any walk — or all of them — at any time. We do not sell your personal data.

3. How We Use Your Data

We use your data to provide and improve our services, including generating personalized itineraries, powering the AI chat explorer, and delivering walking guide navigation. Your preferences and history help us create better travel recommendations.

4. Data Storage & Security

All data is stored in AWS EU-Central-1 (Frankfurt, Germany) using encrypted connections. Authentication is managed through AWS Cognito with industry-standard security protocols. We use DynamoDB for data storage with encryption at rest enabled.

5. Third-Party Services

We use the following third-party services to deliver our product:

  • Amazon Web Services (AWS) — application hosting + database (EU-Central-1, Frankfurt)
  • AWS Cognito — authentication
  • AWS CloudFront — content delivery
  • Google Maps API — map rendering and directions
  • Mapbox GL — walking guide map tiles and navigation
  • Google Generative AI (Gemini) — AI chat explorer
  • OpenAI API — itinerary generation, document analysis, and place extraction
  • Stripe — web payment processing
  • RevenueCat — mobile in-app purchase management
  • Apple App Store / Google Play — receipts and entitlement for mobile subscriptions
  • Firebase Cloud Messaging — push notification delivery
  • Google Analytics 4 — web analytics on this marketing site only (consent required)

These services process only the minimum data needed to deliver their function. We never sell your data.

6. International Data Transfers

Several of our third-party processors (notably OpenAI, Google, Stripe, RevenueCat, Firebase, Mapbox) operate from the United States. When your personal data is transferred outside the European Economic Area, we rely on the European Commission's Standard Contractual Clauses (SCCs) and each provider's own adequacy mechanisms (including the EU-U.S. Data Privacy Framework where applicable) to ensure your data continues to receive GDPR-level protection.

7. AI Data Processing

When you use AI-powered features (chat explorer, itinerary generation, document analysis, place extraction), your input data is processed by third-party AI providers (Google Generative AI, OpenAI). Data is sent in real-time for processing and is subject to each provider's privacy policy. We do not use your data to train AI models.

8. Automated Processing

When you request an AI itinerary or chat with our AI explorer, your inputs are processed by automated systems to generate the response. You are free to accept, edit, modify, or discard the AI output — the decisions about your trip remain entirely yours. Because human-meaningful choice is preserved at every step, this processing does not constitute solely automated decision-making within the meaning of GDPR Article 22.

9. Your Rights (GDPR)

As a user in the European Economic Area, you have the right to (i) access the personal data we hold about you, (ii) rectify inaccurate data, (iii) erase your data ("right to be forgotten"), (iv) restrict or object to certain processing, (v) receive your data in a portable format, and (vi) withdraw consent where processing is based on consent. To exercise any of these rights, contact us at contact@naviraguides.com. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority — for users in Romania, that is the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP, dataprotection.ro).

10. Cookies & Analytics

We use essential cookies required for authentication and session management. We use Google Analytics 4 with consent mode enabled — analytics data is only collected after you grant consent via the in-app cookie banner. We do not use third-party advertising cookies.

11. Data Retention

Your account data is retained as long as your account is active. Chat messages, itineraries, and recorded walks are stored until you delete them or your account. Upon account deletion, all associated data is removed within 30 days.

12. Age Requirement

You must be at least 16 years old to create a Navira account, in accordance with GDPR Article 8.

13. Contact

For privacy-related questions or to exercise your data rights, contact us at contact@naviraguides.com.