NAVIMATE PRIVACY POLICY

1. Introduction Navimate Inc. (“Navimate,” “we,” “us,” or “our”) provides a B2B field sales execution platform via our websites (navimateinc.com, navimate.io) and related applications (the “Services”). This Privacy Policy outlines our strict limitations on how data is handled. By accessing the Services, you consent to these practices.

2. Definitions & Roles

  • The Customer (Data Controller): The corporate entity that purchases the Navimate subscription and retains ultimate ownership and legal responsibility for all data inputted into the system.

  • The Authorized User: Any individual (including field representatives, territory managers, and system administrators) who is provisioned login credentials by the Customer to access the Services.

  • Navimate (Data Processor): Navimate acts exclusively as a data processor. We do not own Customer or User data. We route and store data on our designated secure servers strictly to facilitate the Services.

3. Strict Prohibition on Data Misuse Navimate operates under a zero-monetization data model. We explicitly guarantee that we will never:

  • Sell, rent, or lease Customer or User data to any third party.

  • Use the data for external marketing, benchmarking, or any purpose outside the direct operational delivery of the Navimate Services to that specific Customer.

4. Information Handled a. Account & Administrative Data

  • Account details (names, emails, corporate details) required to maintain access for Authorized Users.

  • Billing and subscription data, processed securely by authorized third-party payment gateways.

b. Field Execution Data To enforce field operations, the Services process:

  • GPS location data and drive-time metrics.

  • Timestamped, geotagged photo verifications.

  • Task completion and store-level execution logs.

5. Transient Data Processing for Trade Coverage Plans (TCP) Navimate employs a strict "use and purge" protocol for the generation of Trade Coverage Plans.

  • Data Provisioning: When a Customer requires a new TCP, they must provide the necessary raw account and geographic data to Navimate.

  • Processing: Navimate will process this data solely to execute the algorithmic routing and output the final TCP.

  • Immediate Deletion: Upon the successful generation and delivery of the TCP, Navimate will immediately and permanently delete the raw source data provided by the Customer.

  • Subsequent Revisions: Because the source data is destroyed post-generation, Customers must re-supply the necessary data for any future TCP rebuilds or massive territory realignments.

6. Data Storage & Security All persistent operational data (such as active TCPs, historical field photos, and User accounts) is stored on secure, encrypted servers of Navimate's choosing. Access is strictly limited to authorized personnel required to maintain system uptime.

7. Data Retention & Account Termination

  • Field Execution Data is retained only while the Customer maintains an active, paid subscription.

  • Upon account suspension or cancellation, Navimate retains the data in a frozen state for exactly thirty (30) calendar days.

  • If the account is not reactivated within this 30-day window, all associated Customer and User data is permanently and irreversibly deleted from our servers.

8. User Rights & Legal Inquiries Because Navimate is a Data Processor, all Authorized Users must direct privacy inquiries, data access requests, or tracking disputes directly to their employer (the Customer). Navimate will only act on data deletion or export requests authorized directly by the Customer's primary administrator or as required by binding legal orders.

9. Policy Modifications We reserve the right to update this policy. Material changes will be communicated to the Customer's designated administrative email address.