Legal

Privacy Policy

Last updated: May 2026  ·  Effective: April 2026

Plain language commitment: We wrote this policy to be read by real people, not lawyers. If something is unclear, email us and we will explain it. This document should be reviewed by qualified legal counsel before relying on it in a jurisdiction-specific context.
Section 01

Who We Are

NavPax ("we," "us," or "our") is an AI-powered platform designed to help patients and caregivers better understand the most up-to-date medical literature, prepare for provider appointments, and find relevant clinical trials.

NavPax is not a medical practice, nor does it represent one. NavPax is not a healthcare provider or covered entity under HIPAA. The information and data provided by Navi is for educational purposes only. Navi does not diagnose, treat, or prescribe.

Because we handle health-related conversations, we take privacy seriously and have written this policy to be as transparent as possible about what we collect, how we use it, and how we protect it.

Section 02

AI Disclosure

When you interact with Navi, you are interacting with an artificial intelligence system, not a human being. Navi is powered by Claude, a large language model developed by Anthropic. This disclosure is provided in compliance with applicable state laws including California AB 489, Texas TRAIGA, and similar statutes requiring transparency about AI interactions in health-adjacent services.

Navi cannot replace the judgment of a licensed healthcare provider. AI-generated health information has inherent limitations and may contain errors, omissions, or outdated information. Always verify important health information with a qualified medical professional before acting on it.

Section 03

Consumer Health Data

The health-related information you share with Navi — including descriptions of your condition, symptoms, medications, and treatment history — may constitute "Consumer Health Data" as defined under Washington State's My Health My Data Act, Nevada's Consumer Health Data Privacy Law, and similar state statutes.

We treat all health-related information you share with Navi as sensitive data, regardless of whether it meets the legal definition in your state. This means:

Your health conversations are processed by Anthropic's API to generate Navi's responses. Anthropic's data handling practices are governed by their own privacy policy and API terms. See Section 6 for more detail.

Section 04

Information We Collect

Information you provide directly

Information collected automatically

What we do not collect

Section 05

How We Use Your Information

We do not use your information for automated decision-making that produces legal or similarly significant effects on you. We do not use your information for targeted advertising.

Section 06

AI Processing — Anthropic

Navi is powered by Claude, developed by Anthropic, PBC. When you send a message to Navi, that message is transmitted to Anthropic's servers to generate a response. This transmission is encrypted in transit using industry-standard TLS encryption.

Anthropic processes your messages in accordance with their own privacy policy and API usage terms. We encourage you to review Anthropic's Privacy Policy.

Important: Do not share highly sensitive personal identifiers in your NavPax conversations, including Social Security numbers, full insurance account numbers, complete medical record numbers, or financial account details. Navi does not need this information to help you.

NavPax does not store the content of your chat conversations on our own servers. Conversations are stored locally in your browser until you clear them or start a new chat. Anthropic's data retention practices for API interactions are governed by their own terms and may differ from ours.

Section 07

Data Sharing

We do not sell your data. Ever. This is a core promise of NavPax, not a legal technicality. We do not sell, rent, lease, or trade your personal information or health data to any third party for any purpose.

We share data only in the following limited circumstances:

Section 08

Cookies and Local Storage

NavPax uses browser local storage to save your conversation history during and between sessions. This data stays on your device and is not transmitted to our servers.

We use HTTP-only session cookies for security purposes only. We do not use advertising cookies, cross-site tracking pixels, or third-party analytics that follow you across the web.

Do Not Track

Some browsers send a "Do Not Track" signal. Because we do not track users across websites for advertising purposes, our practices are consistent with Do Not Track preferences regardless of whether this signal is detected.

Clearing your data

You can clear your NavPax conversation history at any time using the "New Chat" button in the app, or by clearing your browser's local storage and cookies through your browser settings.

Section 09

Data Retention

Section 10

Your Privacy Rights

Depending on where you live, you may have rights regarding your personal data. We honor these rights regardless of your location.

Rights available to all users

California residents (CCPA/CPRA)

California residents have the right to know what personal information we collect and how it is used, the right to delete personal information, the right to opt out of the sale or sharing of personal information (we do not sell or share personal information), the right to correct inaccurate personal information, and the right to limit the use of sensitive personal information. We do not discriminate against users who exercise these rights. To submit a request, contact privacy@navpax.ai.

Washington and Nevada — Consumer Health Data

If you reside in a state with consumer health data privacy laws (including Washington's My Health My Data Act or Nevada's Consumer Health Data Privacy Law), you have the right to confirm whether we process your consumer health data, access that data, withdraw consent to processing, and request deletion. Contact privacy@navpax.ai to exercise these rights.

Virginia, Colorado, Connecticut, and similar states

Residents of states with comprehensive consumer data protection laws have the right to access, correct, delete, and obtain a portable copy of personal data, as well as to opt out of certain processing activities. We will respond within 45 days.

To exercise any privacy right, email privacy@navpax.ai. We will never penalize you for exercising your rights.

Section 11

Children's Privacy

NavPax is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with information, please contact us immediately and we will delete it promptly.

Users between the ages of 13 and 18 may use NavPax only with parental or guardian involvement. Parents and caregivers who use NavPax on behalf of a minor child are the account holder and are responsible for appropriate use of the service.

If you are under 18 and interacting with Navi about your own health, please make sure a trusted adult is involved in any decisions based on information you receive.

Section 12

Security

We implement reasonable technical and organizational measures to protect your information, including encrypted connections (HTTPS/TLS), HTTP-only session cookies, rate limiting, and input validation.

Conversation content is not stored on our servers and is therefore not at risk in the event of a NavPax server breach. The primary data we store is your email address and account information if applicable.

No system is perfectly secure. If we become aware of a security breach affecting your personal data, we will notify you as required by applicable law and take prompt steps to mitigate any harm.

If you discover a security vulnerability in NavPax, please report it responsibly to privacy@navpax.ai.

Section 13

Third-Party Links and Services

NavPax surfaces links to ClinicalTrials.gov and may reference external research sources. These third-party sites have their own privacy policies and we are not responsible for their practices. We encourage you to review the privacy policy of any external site you visit.

We do not integrate third-party advertising networks, social media trackers, or data brokers into NavPax.

Section 14

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and notify you by email if we have your address on file. For significant changes affecting how we handle health-related data, we will provide at least 30 days notice before the changes take effect.

Continued use of NavPax after changes take effect constitutes acceptance of the updated policy. If you do not agree with a material change, you may request deletion of your data before the change takes effect.

Section 15

Contact Us

Questions, concerns, data requests, or privacy complaints:

NavPax — Privacy

Email: privacy@navpax.ai

Website: navpax.ai

We aim to respond to all privacy inquiries within 30 days. For urgent matters involving potential data breaches or misuse, please mark your subject line "URGENT."