Your story stays your story.

Privacy Policy v0.3 · Effective May 28, 2026 · NaviaCAIR LLC

This policy describes how NaviaCAIR LLC ("we," "us") handles information you provide when using naviacair.com, the NaviaCAIR demo, or the real-data early access program. NaviaCAIR is an informational tool. It is not a substitute for professional medical advice.

01What we collect

We collect only what's needed to give you a useful Care Story and improve the product.

Account data

• Name and email address
• Hashed password (we never store your password in plain text)
• Optional profile information: your role (patient, caregiver, or both) and care context

Health documents and records

• Medical records, discharge summaries, clinical notes, and other health documents you choose to upload
• These are used solely to generate the summaries, timelines, and insights you request

Chat history

• Questions you ask and responses generated within care events
• Chat history is tied to the care event it belongs to

Usage and audit logs

• Access events, feature usage, and security logs
• Used for security, troubleshooting, and service improvement
• Retained for up to 12 months

Optional sensitive identifiers

• Certain structured identifiers (such as medical record numbers) that you optionally enter are encrypted and never passed to AI processing

02How we use it

• Service delivery: To generate plain-language summaries, care timelines, next steps, and appointment preparation materials from your uploaded documents.
• Shared access: To support access by caregivers or trusted contacts you explicitly designate within the platform.
• Shareable reports: When you create a shared report, a time-limited link is generated. Share links expire automatically after 30 days.
• Service improvement: We may use aggregated, de-identified data to improve the quality and accuracy of our service. This data cannot be traced back to any individual.
• Communications: Account-related communications only (access credentials, security alerts, product updates). We do not send marketing emails without your explicit consent.

We do not use your personal information or uploaded documents to train external AI models.

03AI processing

NaviaCAIR uses managed artificial intelligence services to generate summaries, insights, and responses based on the information you provide.

Your data is processed solely for the purpose of delivering these features. We configure AI services with no-training controls — your content is never used to train or improve external AI models. Our vendor agreements include data protection terms that prohibit model training on your data.

Data is transmitted securely for processing. Some AI providers may retain request data briefly for safety and abuse monitoring under their standard terms; this is distinct from model training and governed by our vendor data protection agreements. Your content is not stored for purposes beyond completing your request.

04Data security

NaviaCAIR is built on secure cloud infrastructure designed to protect your information. We implement safeguards including:

• Encryption of data in transit using industry-standard protocols (TLS 1.2 or higher)
• Encryption of stored data at rest
• Access controls restricting system access to authorized personnel only
• Audit logging of system access and activity

While we take reasonable measures to protect your data, no system can guarantee absolute security. Users should exercise discretion when uploading sensitive information.

05Redaction & control

Before any analysis of your records begins, NaviaCAIR detects identifiers using Safe Harbor–aligned best practices and suggests redactions. You review every box. You decide what stays private. Nothing is analyzed until you approve the redaction set.

NaviaCAIR provides automated tools designed to help reduce the presence of identifying information in generated summaries and outputs. These tools are intended to assist in organizing information, but no automated system can guarantee complete or accurate removal of all identifying information in every case.

You can re-open and revise redactions at any time. The audit log notes every change.

Safe Harbor identifiers (18 categories)

• Names, geographic data smaller than a state, dates (other than year) related to an individual, phone numbers, fax numbers, email addresses, social security numbers, medical record numbers, health plan beneficiary numbers, account numbers, certificate/license numbers, vehicle identifiers, device identifiers, web URLs, IP addresses, biometric identifiers, full-face photographs, and any other unique identifying number or code.

06Retention & deletion

We retain data only as long as necessary to provide the service or as required for security purposes.

You can delete a document — and every derivative it produced — at any time. Deletion takes effect immediately in the platform. Encrypted backups containing that data are purged within 30 days on a rotating schedule.

07Sharing your data

We do not sell, rent, or trade your personal information to third parties, advertisers, or data brokers. Your information is used solely to provide and improve the NaviaCAIR service.

If you explicitly share access with a caregiver or trusted contact using the platform's sharing feature, that person will have access to the content you've shared, subject to the expiration and revocation controls you set.

08Your rights

• Access your data: You may request a copy of the personal data we hold about you.
• Delete your data: You may request deletion of your account and all associated data at any time within 30 days. Contact contact@naviacair.com.
• Revoke shared access: You may revoke caregiver or shared-user access at any time within the platform.
• Unsubscribe: You may opt out of email communications by replying "Unsubscribe" to any email or contacting us directly.

09Medical disclaimer

NaviaCAIR is an informational and organizational tool. It does not provide medical advice, diagnosis, or treatment recommendations. AI-generated summaries and insights are intended to help you organize and understand your medical information — not to replace the judgment of a qualified healthcare provider.

Always consult a qualified healthcare professional before making any healthcare decision.

10Contact

For questions, data access requests, or deletion requests, write to contact@naviacair.com. A real person reads every message.

11HIPAA & Security Reports

NaviaCAIR operates with HIPAA-aligned data handling practices. Where third-party AI or infrastructure vendors are used to process protected health information, we maintain Business Associate Agreements (BAAs) with those vendors.

We understand that patients, caregivers, healthcare professionals, and enterprise partners may require additional information before entrusting NaviaCAIR with sensitive health data. For inquiries related to:

• HIPAA compliance and Business Associate Agreements
• Security architecture and controls
• Security audit reports or penetration test summaries
• Vendor security questionnaires

Please contact us at contact@naviacair.com with the subject line "Security Inquiry." We will respond within 5 business days.

---

© 2026 NaviaCAIR LLC. Last revised May 28, 2026. NaviaCAIR™ is a trademark of NaviaCAIR LLC. Patent pending.