Privacy Policy

Last updated: January 22, 2026

1. Introduction

Welcome to Navryn ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our personality assessment platform and related services.

2. Information We Collect

2.1 Information You Provide

  • Account Information: When you create an account, we collect your email address and authentication credentials.
  • Assessment Responses: Your answers to our 78-question personality assessment.

2.2 Information Collected Automatically

  • Usage Data: Information about how you interact with our platform, including pages visited, features used, and time spent on the platform.
  • Device Information: Browser type, operating system, and device identifiers.
  • Analytics Data: We use PostHog and Google Analytics to understand how users interact with our service.

2.3 AI Processing and Memory

To provide AI-powered coaching, we process your data through third-party AI services. This includes:

  • Assessment responses and personality profile used to personalize AI coaching conversations
  • Chat messages and conversation history to maintain context across sessions
  • Goals and preferences you share with your AI coach

Important: Your data is not used to train AI models. We use AI services solely to generate responses during your coaching sessions.

3. How We Use Your Information

We use the information we collect to:

  • Provide and maintain our personality assessment services
  • Calculate and display your personality scores across dimensions inspired by established psychological frameworks
  • Generate AI-powered personality insights and recommendations
  • Improve and optimize our platform and user experience
  • Communicate with you about your account and our services
  • Ensure the security and integrity of our platform

4. Data Storage and Security

Your data is stored securely using Neon PostgreSQL, a secure serverless database platform. We implement industry-standard security measures including:

  • Encryption of data in transit and at rest
  • Row-level security (RLS) policies to ensure users can only access their own data
  • Regular security audits and updates
  • Secure authentication protocols

5. Data Sharing and Third-Party Services

We do not sell your personal information. We share your information only with service providers who assist us in operating our platform. These providers are contractually obligated to protect your data:

AI and Machine Learning Services

  • OpenRouter: Routes AI requests to language models (OpenAI, Anthropic, Google) to power your AI coach. OpenRouter does not retain your data after processing.
  • Mem0: Stores conversation memory to enable your AI coach to remember context across sessions.
  • Langfuse: Provides AI observability for quality assurance and debugging purposes.

Infrastructure and Operations

  • Neon: PostgreSQL database hosting for storing your account and assessment data.
  • Vercel: Hosting and deployment of our web application.
  • PostHog: Product analytics to understand how users interact with our platform.
  • Resend: Email delivery for account notifications and communications.
  • Stripe: Payment processing for subscriptions. Payment details are handled directly by Stripe and never stored on our servers.

For a complete list of our subprocessors with their purposes and locations, see our Subprocessor List.

Other Disclosures

  • Legal Requirements: When required by law, court order, or to protect our rights
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

6. Your Rights and Choices

You have the following rights regarding your personal data:

  • Access (GDPR Art. 15): Request a copy of your personal data in a portable format
  • Correction (GDPR Art. 16): Update or correct inaccurate information
  • Deletion (GDPR Art. 17): Request deletion of your account and associated data ("right to be forgotten")
  • Restriction (GDPR Art. 18): Request restriction of processing in certain circumstances
  • Portability (GDPR Art. 20): Download your assessment results, scores, and chat history
  • Objection (GDPR Art. 21): Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent for marketing communications at any time

How to Exercise Your Rights: You can exercise most rights through your account settings. For deletion requests or data exports, email us at support@navryn.com. We will respond within 30 days as required by GDPR.

If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.

7. Data Retention

We retain your data for the following periods:

  • Account data: Retained while your account is active, plus 30 days after deletion request
  • Assessment results: Retained for 3 years or until account deletion, whichever comes first
  • Chat history: Retained for 2 years or until account deletion
  • Analytics data: Aggregated data retained for 26 months; identifiable data deleted after 14 months
  • Payment records: Retained for 7 years as required by tax and accounting regulations

When you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law.

8. Cookies and Tracking

We use cookies and similar tracking technologies to enhance your experience. These include:

  • Essential Cookies: Required for the platform to function properly
  • Analytics Cookies: Help us understand how users interact with our platform
  • Preference Cookies: Remember your settings and preferences

You can manage cookie preferences through your browser settings.

9. Children's Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where our service providers are located.

GDPR Compliance: For transfers outside the EEA, we rely on the following safeguards:

  • Standard Contractual Clauses (SCCs): We have executed EU-approved SCCs with our subprocessors to ensure adequate protection
  • Data Processing Agreements: All service providers have signed agreements that meet GDPR requirements
  • Adequacy Decisions: Where applicable, we rely on EU adequacy decisions for certain jurisdictions

You can request a copy of the safeguards we use by contacting us at support@navryn.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

  • Email: support@navryn.com
  • Privacy inquiries: privacy@navryn.com
  • Data protection requests: Through your account settings or by emailing support@navryn.com

We aim to respond to all inquiries within 30 days.