Privacy Policy for Naviko

Contents

• 1. Scope
• 2. Data We Process
• 3. Permissions
• 4. How We Use Data
• 5. Sharing and Third Parties
• 6. Security
• 7. Retention and Deletion
• 8. Your Controls
• 9. Privacy Rights
• 10. Children
• 11. Changes
• 12. Contact

1. Scope

This Privacy Policy explains how YI WU handles data in connection with Naviko. It applies to the Android app and related app services used by Naviko, including AI processing, Premium benefits, AI credits, purchase verification, redemption code processing, and Google Drive sync features when enabled or used by you.

This policy is intended to describe the app's current privacy practices for Google Play closed testing and later distribution. It is not a contract for every future feature. If a future version changes data handling in a material way, this policy will be updated.

2. Data We Process

Bookkeeping and financial data

Naviko may process data you enter, import, generate, or confirm in the app, including:

• Ledgers, bookkeeping records, income and expense amounts, dates, notes, remarks, and categories.
• Accounts, account names, account display metadata, and related bookkeeping references.
• Counterparties, reimbursements, loans, installment plans, subscriptions, budgets, scheduled entries, and related status history.
• Search, filter, display, language, currency, theme, card layout, privacy display, backup, sync, and AI settings.
• Recycle bin records and app-generated demo data if you choose to use demo mode.

Photos, files, and attachments

Depending on your actions, Naviko may process:

• Images selected from your device for receipt recognition, AI bookkeeping, ledger cover images, or record attachments.
• Files such as PDFs or images attached to records.
• Import and export files, including CSV, JSON, SQLite, and Naviko full backup packages.
• Metadata needed to manage attachments, such as file type, local URI, file size, hash, and creation time.

AI assistant and batch recognition data

When you use AI features, Naviko may process:

• Text you type into the AI assistant.
• Images you select or send for AI parsing or receipt recognition.
• Voice recordings and transcripts when you use voice bookkeeping.
• AI drafts, cards, parsed amounts, merchant names, payment method hints, raw recognized text, recognition confidence, and related AI messages.
• Limited recent AI context, such as recent pending AI cards, to help parse follow-up commands.

Google Drive sync data

If you choose Google Drive sync, Naviko may process your Google account email, Google authorization status, sync timestamps, recent sync file names, backup package files, and related sync settings.

Premium, purchase, anonymous identity, AI credit, and redemption data

Naviko does not currently provide app account creation. To support Premium benefits, AI credits, purchase recovery, and redemption codes without an app account, Naviko may process:

• An app-generated installation identifier, anonymous subject identifier, anonymous access token, entitlement status, and related timestamps.
• Google Play purchase data needed to verify a Premium purchase or restore, including product ID, purchase token, order ID, purchase state, acknowledgement status, and verification trigger.
• Premium status, restore-required status, periodic purchase check status, and local grace-period status.
• AI credit wallet data, free trial status, credit balance, credit grants, credit consumption, refund or expiration records, request IDs, and feature types.
• Redemption code requests, masked or normalized redemption code data where applicable, redemption result, cooldown status, and redemption history.

Technical data

For AI, Premium, AI credit, redemption, sync, and service requests, Naviko or its service providers may process technical request data such as platform, package name, app version, app version code, install channel, language, region, locale, file hashes, media metadata, request IDs, request timing, network diagnostics, error information, Google Play services availability, and security or risk-control signals.

Risk-control signals may include a virtual device risk result derived from Android build fields such as device model, manufacturer, brand, device, product, hardware, and fingerprint. Naviko may also use Google Play Integrity signals if enabled in a future release. Naviko does not collect Advertising ID, IMEI, IMSI, SIM serial number, device serial number, MAC address, phone number, contacts, or precise or coarse location for Premium, AI credit, or redemption risk control. Server infrastructure may receive IP addresses as part of normal network operation and may store hashed or limited IP information for security, abuse prevention, rate limiting, and troubleshooting.

3. Permissions

• Internet: Used for AI processing, Premium entitlement checks, Google Play purchase verification, AI credit and redemption code services, Google Drive sync, and service security. Core local bookkeeping can operate without sending records to Naviko unless you use online features.
• Photos and images: Used when you select images, add attachments, use receipt recognition, configure ledger images, or enable startup screenshot detection for AI bookkeeping. Startup screenshot detection checks recent image metadata and screenshot-like names or paths only after you enable the feature and grant permission.
• Microphone: Used only when you start voice bookkeeping. Audio is recorded for that feature and may be sent for transcription and parsing.
• Biometric authentication: Used only for App Lock. Android handles biometric verification. Naviko does not receive or store your fingerprint, face, or other biometric templates.
• File and document access: Used when you import data, export data, save backups, restore backups, or add record attachments through Android system file pickers.
• Google Play Billing and Google Play services: Used for optional Premium purchases, purchase restoration, periodic purchase ownership checks, Google Drive authorization, Google Play services availability checks, and related security or risk-control features.

4. How We Use Data

We use data to provide and maintain app functionality, including:

• Creating, editing, displaying, searching, filtering, analyzing, importing, exporting, backing up, restoring, and deleting your bookkeeping data.
• Providing AI recognition, AI assistant parsing, image recognition, and voice transcription when you use AI features.
• Supporting app lock, local database protection, biometric unlock, and privacy display controls.
• Providing Google Drive sync and local backup features that you choose to use.
• Processing optional Premium purchases, restoring Premium benefits, checking current Google Play purchase ownership, and maintaining Premium entitlement status.
• Managing AI free trials, AI credits, credit consumption, redemption codes, credit history, and insufficient-credit notices.
• Preventing duplicate AI entries, duplicate purchase grants, duplicate credit grants, abuse, fraud, unauthorized redemption, and excessive requests.
• Preserving app state, managing settings, rate limiting, service security, and troubleshooting app or service errors.
• Complying with applicable law and protecting users, the app, and services from misuse or security issues.

5. Sharing and Third Parties

AI service providers

When you use AI recognition, AI assistant image parsing, text parsing, command parsing, or voice transcription, the content needed for that feature may be sent through Naviko's AI service path and processed by third-party AI service providers. This may include text you enter, selected images, audio recordings, file hashes, MIME types, duration, app version, platform, locale, anonymous subject ID, installation ID, request ID, AI credit context, risk-control signals, and limited recent AI context.

AI processing is used to provide the requested AI bookkeeping feature. You should not submit information to AI features unless you are comfortable having that information processed for recognition or transcription.

Naviko app services

Naviko may send data to Naviko-operated or Naviko-controlled backend services to provide AI processing, Premium entitlement management, AI credits, redemption codes, risk control, rate limiting, service logs, and troubleshooting. These services may process anonymous subject identifiers, installation identifiers, anonymous access tokens, request IDs, purchase verification results, AI credit records, redemption records, technical client data, risk-control signals, and limited service logs.

Google Play and payments

If you choose to buy or restore Naviko Premium, the purchase is handled by Google Play Billing. Google may process payment information according to Google's own terms and privacy practices. Naviko does not receive your credit card number, debit card number, bank account number, or full Google payment method details.

Naviko may receive and send Google Play purchase data, including product ID, purchase token, order ID, purchase state, and acknowledgement status, to Naviko services and the Google Play Developer API to verify purchases, restore Premium benefits, prevent duplicate grants, process refunds or revocations where applicable, and perform periodic ownership checks. Premium ownership may be checked periodically, including approximately every 7 days, to confirm that the current Google Play account still owns the one-time Premium product.

Google Drive

If you choose Google Drive sync, Naviko uses Google Sign-In and the Google Drive API with the drive.file scope to create or update backup files in your Google Drive. Naviko may store your authorized Google account email locally to show authorization status. Backup packages uploaded to your Drive may contain the bookkeeping data, preferences, attachment indexes, and optional attachment files selected by your sync settings.

Your use of Google Drive is also governed by Google's privacy terms and account controls. You can revoke Drive authorization from within Naviko where available, through Android or Google account settings, or by removing the app's access from your Google account.

User-directed sharing and exports

If you export files, share attachments, save backups, or restore/import files, the files may be stored or shared in locations you choose outside Naviko. Those files are controlled by you and by the apps, services, or storage providers you select.

No sale of personal data

We do not sell your personal data. We do not share your data for advertising. We may disclose information if required by law, to protect rights and safety, or in connection with a merger, acquisition, or transfer of the app or related service, with appropriate notice where required.

6. Security

Naviko is designed primarily around local storage. The Android app stores business data in a local Room database and preferences in Android DataStore. Attachments and AI assistant files are stored in app-private storage where possible.

When App Lock is enabled, Naviko may use SQLCipher database encryption and Android Keystore-backed key protection. Biometric unlock uses AndroidX Biometric and Android system authentication. Sensitive lock screens use Android privacy protections where supported.

Network requests for AI and Google Drive are sent over HTTPS where supported by the service endpoint. No method of transmission or storage is perfectly secure, but we use reasonable technical and organizational safeguards appropriate for the app's current release stage.

Backups and exports are important security boundaries. Encrypted backup packages use app-supported encryption. Unencrypted exports, unencrypted backups, and unencrypted Google Drive or local sync files remain readable wherever you save or upload them. You are responsible for protecting files you export or store outside the app.

Purchase tokens, anonymous access tokens, service account credentials, and security keys are treated as sensitive operational data. Naviko is designed to avoid storing Google Play purchase tokens in plaintext where server-side records only need a hash or verification result. Administrative systems should not display raw secrets or payment credentials.

7. Retention and Deletion

Local app data is generally retained on your device until you edit it, delete it, restore over it, clear app storage, or uninstall the app. Some app-generated temporary files may be removed by the app or the operating system.

• Soft-deleted bookkeeping records may remain in the recycle bin and are designed to be automatically cleaned after up to 60 days.
• AI batch recognition history is retained for recent history according to current app behavior, including cleanup of older batch history.
• AI assistant messages, attachments, cards, and related local records remain according to your app settings and in-app deletion actions.
• Premium entitlement, anonymous identity, AI credit wallet, redemption, purchase verification, and risk-control records may be retained by Naviko services for as long as needed to provide Premium benefits, restore purchases, maintain credit balances, prevent duplicate grants, prevent abuse, resolve disputes, comply with legal obligations, and maintain service integrity.
• Purchase verification records may include hashed purchase tokens, product IDs, order IDs, verification status, acknowledgement status, timestamps, anonymous subject IDs, installation IDs, and limited client or risk summaries.
• Service logs may be retained for security, rate limiting, troubleshooting, cost control, and abuse prevention. Logs are designed to avoid storing full bookkeeping content unless needed to provide the feature you requested or investigate a service issue.
• Google Drive backups, local backup files, exported files, and shared attachments remain wherever you saved or uploaded them until you delete them there.
• If you use Google Drive sync, revoking authorization stops future access but does not automatically delete backup files already stored in your Drive.

Naviko currently does not provide app account creation. Therefore, there is no Naviko app account to delete. The anonymous identity used for Premium benefits and AI credits is not a user-facing login account. You can request help with privacy or deletion questions by contacting us at the address below.

8. Your Controls

You can control your data in several ways:

• Edit or delete records, categories, accounts, ledgers, budgets, loans, reimbursements, installments, subscriptions, scheduled entries, and related app data where the app provides those controls.
• Clear or restore items from the recycle bin where supported.
• Remove attachments from records and delete exported files or backups from the locations where you saved them.
• Disable AI options such as startup screenshot detection or automatic image attachment saving where available.
• Choose not to use AI features, Premium purchases, redemption codes, or Google Drive sync if you do not want the data needed for those features to be sent outside your device.
• Restore purchases through Google Play where supported, or manage purchase history, refunds, and payment methods through Google Play and your Google account.
• Contact us to request review or deletion assistance for Naviko service-side anonymous identity, entitlement, AI credit, redemption, or service log records where legally and technically feasible.
• Decline or revoke Android permissions through system settings. Some features may stop working without their required permissions.
• Revoke Google Drive authorization in the app where available or through your Google account settings.
• Clear app storage or uninstall the app to remove local app data from the device, subject to Android backup behavior and any exported files or cloud backups you created.
• Contact us to request access, correction, deletion assistance, or answers about privacy handling.

9. Privacy Rights

Depending on where you live, you may have rights to request access, correction, deletion, restriction, objection, portability, withdrawal of consent, or information about how your personal data is handled. These rights may apply under laws such as the GDPR, UK GDPR, California privacy laws, or other applicable privacy laws.

Because most Naviko data is stored locally on your device or in storage locations you choose, many actions can be completed directly in the app or through your device, Google account, or storage provider controls. For requests that require developer assistance, contact us at yinhekuaidi@gmail.com. We may need enough information to verify and respond to your request.

If you are in the European Economic Area, the United Kingdom, or Switzerland, you may also have the right to lodge a complaint with your local data protection authority.

10. Children

Naviko is not directed to children. We do not knowingly collect personal data from children. If you believe a child has provided personal data through Naviko, contact us so we can review and take appropriate action.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date above. Material changes may also be communicated through the app or store listing where appropriate.

12. Contact

If you have questions, requests, or complaints about this Privacy Policy or Naviko's privacy practices, contact:

YI WU
Email: yinhekuaidi@gmail.com