Data Policy

Last Updated: June 2025

1. Data Ownership

All inventory data you create and upload to NavStock remains your property. You retain full ownership of:

• Product information and catalogs
• Transaction records and sales history
• Employee and supplier data
• Financial records and reports

2. How We Store Your Data

On-Device Storage

NavStock uses SQLite for local offline storage on your device. Your data remains on your device unless you choose to sync with the cloud.

Cloud Storage

When you enable cloud sync, data is stored on secure servers in India using MongoDB and PostgreSQL. We use:

• AES-256 encryption for data at rest
• TLS 1.2+ for data in transit
• Regular automated backups
• Access controls and authentication

3. Data Synchronization

NavStock uses delta sync technology:

• Only changed data syncs to the cloud every 10 seconds when connected
• Server timestamps validate all changes
• Offline-first architecture means full operations without internet
• Changes are queued and synced when connectivity returns

4. Data Access and Permissions

Your data is accessible only by:

• You (account owner) and authorized users in your organization
• NavStock engineers only for support purposes with explicit consent
• No third parties without your written permission

Multi-user organizations follow single-session enforcement (one active session per organization at a time).

5. Data Backups

NavStock provides:

• Automatic daily cloud backups
• Manual export options (Excel, JSON formats)
• Device-level SQLite backups
• Backup retention for 30 days minimum

You are responsible for maintaining additional backups if desired.

6. Data Usage for Analytics

We may use anonymized, aggregated data to:

• Improve app performance and features
• Create usage analytics and reports
• Identify and fix bugs
• Develop new features based on usage patterns

This data cannot identify you personally and never includes sensitive information like prices, quantities, or employee details in identifiable form.

7. Data Retention Upon Account Deletion

When you request account deletion:

• All cloud data is deleted within 7 days
• You should export data locally before deletion if needed
• We retain aggregated, anonymized data for analytics
• Some data may be retained for legal compliance (7 years)

8. Data Transfers and Portability

You can export your data in:

• Excel format (.xlsx multi-sheet)
• JSON format (complete data structure)
• CSV format (individual tables)

Request data portability at any time by contacting support.

9. Data Security Incidents

In case of a security breach:

• We will notify affected users within 72 hours
• We will provide details of the incident and steps taken
• We will offer free account recovery assistance

10. Third-Party Data Sharing

We do NOT sell your data. We may share data with:

• Payment processors (Google Play, Razorpay) for billing
• Cloud infrastructure providers for storage and delivery
• Law enforcement only with valid legal orders

11. GDPR and Data Protection Compliance

For users in GDPR-compliant jurisdictions, we comply with:

• Lawful basis for processing (legitimate business interest, consent)
• Data minimization principles
• Right to access, rectification, and erasure
• Data processing agreements with third parties

12. Your Data Rights

You have the right to:

• Access all your data in exportable format
• Request correction of inaccurate data
• Request deletion of your account and associated data
• Withdraw consent to data processing
• Opt-out of analytics data collection

13. Contact Us

For data-related inquiries, contact:

• Email: navneettechlabs@gmail.com
• Address: Satna, Madhya Pradesh, India