Privacy Policy
Effective date: June 22, 2026
Last updated: June 22, 2026
This Privacy Policy describes how Navi CoHost ("Navi," "we," "us," or "our") collects, uses, and shares information when you use cohostnavi.com or any related services (collectively, the "Service").
By using the Service, you agree to the practices described in this policy. If you do not agree, please do not use the Service.
1. Who we are
Navi CoHost is an operations dashboard built for short-term rental hosts. We help hosts manage bookings, guest messaging, and cleaner coordination across multiple platforms (Airbnb, VRBO, direct bookings, and others). For legal, privacy, or account requests, contact support@cohostnavi.com.
2. Information we collect
a. Information you provide
- Account information. Your name, email address, and optionally phone number when you sign up.
- Property information. Names, addresses, descriptions, photos, pricing, and operational notes for the rental properties you manage in Navi.
- Connection credentials. When you connect your Gmail, Outlook, iCloud, Yahoo, or other email account to Navi (either via OAuth or via an "App Password"), we receive and store the credentials needed to read and send email on your behalf. Credentials are encrypted at rest using AES-256-GCM.
- iCal feed URLs. Public iCal links you provide so Navi can sync your bookings from Airbnb, VRBO, Booking.com, and similar platforms.
- Direct booking and guest information. Guest names, contact details, dates, and payment information for bookings you create directly in Navi.
- Cleaner / team information. Names, contact details, and assignment history for cleaners or team members you add to Navi.
- Host context and voice samples. Optional answers you provide so Navi can draft replies in your voice (e.g., your policies on discounts, refunds, communication style).
b. Information we collect automatically
- Usage data. Pages you visit within Navi, actions you take, and feature engagement, recorded so we can improve the product.
- Device and log data. IP address, browser type, operating system, referring URL, and timestamps.
- Cookies and similar technologies. Session cookies for authentication, plus limited analytics and advertising measurement so we can understand signups and improve Navi.
c. Information from connected services
- Email content. Once you connect your email account, Navi reads incoming and outgoing messages that match your configured filters (typically OTA platform emails and guest correspondence). We store message bodies, attachments metadata, sender/recipient information, and timestamps in our database.
- Booking and reservation data. Information extracted from OTA confirmation emails, including guest names, check-in/check-out dates, confirmation codes, and payout amounts.
- Calendar events. Booking events from iCal feeds you authorize.
3. How we use the information
We use the information we collect to:
- Provide, maintain, and improve the Service
- Sync your bookings across your connected channels
- Draft reply messages in your voice using AI (Anthropic's Claude models)
- Help you coordinate cleaning and team operations
- Send you transactional emails (booking notifications, system alerts, account updates)
- Detect, prevent, and address technical issues, fraud, or abuse
- Comply with legal obligations
We do not sell your data. We do not use your data to train third-party AI models without your explicit consent.
4. Sub-processors — third parties that touch your data
Navi relies on the following third-party services to operate. Each sub-processor receives only the data necessary for their function.
| Sub-processor | What they handle | Where |
|---|---|---|
| Vercel | Application hosting, edge functions | United States |
| Supabase | Database, authentication, file storage | United States |
| Anthropic (Claude) | AI-generated draft messages (your message context is sent to Anthropic's Claude API to generate the draft; per Anthropic's commercial API terms, your inputs and outputs are not used to train their models) | United States |
| Resend | Outgoing transactional email delivery | United States |
| Google / Microsoft / Apple / Yahoo | The email provider you connect (when you authorize Navi to read/send via your account) | Varies |
| Stripe (when paid billing is enabled) | Payment processing, subscription management | United States |
| Sentry | Error monitoring and crash reporting | United States |
If we add or remove a sub-processor, we will update this list. Material changes will be communicated to active users by email.
5. How we share your information
We do not sell or rent your information. We share information only:
- With sub-processors listed above, only as needed to provide the Service.
- With cleaners or team members you add to your workspace — they see the booking and property data you grant them access to, governed by the role permissions you set.
- When required by law — to comply with a subpoena, court order, or legal process; to defend our rights; to protect users; or to prevent fraud or abuse.
- In connection with a sale or merger of Navi's business assets, in which case we will provide notice before your information is transferred.
6. Data retention
- Booking and property records: retained for the lifetime of your account, then deleted within 90 days of account closure.
- Raw email message bodies: retained for 90 days from receipt, then deleted unless tied to an active conversation.
- AI draft generations: retained for 30 days, then deleted.
- Account and login data: retained while your account is active; deleted within 90 days of closure.
- Usage logs: retained for 1 year for security and operational analysis.
You can request earlier deletion by emailing support@cohostnavi.com.
7. Security
We protect your data using industry-standard security practices, including:
- TLS 1.2+ encryption for all data in transit
- AES-256-GCM encryption at rest for sensitive credentials (email passwords, SMTP passwords, OAuth tokens)
- Row-Level Security (RLS) policies in our database limiting data access to authorized users only
- Role-based access control for cleaners and team members
- Logging and monitoring for unauthorized access attempts
- Periodic review of third-party integrations
No system is perfectly secure. If you suspect your account has been compromised, contact support@cohostnavi.com immediately.
8. Your rights
Depending on where you live, you may have the right to:
- Access the information we hold about you
- Correct inaccurate information
- Delete your information ("right to be forgotten")
- Export your information in a portable format
- Restrict or object to certain processing
- Withdraw consent previously given
- Lodge a complaint with your local data protection authority
To exercise any of these rights, email support@cohostnavi.com. We will respond within 30 days.
9. International data transfers
Navi is operated from the United States. If you access the Service from outside the U.S., your information may be transferred to and processed in the U.S. By using the Service, you consent to this transfer.
For users in the European Economic Area, the United Kingdom, or Switzerland, we rely on Standard Contractual Clauses or other lawful transfer mechanisms when transferring personal data outside those regions.
10. Children's privacy
Navi is not directed to children under 16. We do not knowingly collect information from children under 16. If you believe a child has provided us information, contact support@cohostnavi.com and we will delete it.
11. Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent change. Material changes will be communicated by email to active users at least 30 days before they take effect.
12. Contact
Questions, concerns, or requests about this policy:
Email: support@cohostnavi.com
Mailing address: Available by request at support@cohostnavi.com.
