NavStak

Privacy Policy

1. Who we are

NavStak is software for paper-first futures analysis and optional exchange-connected automation. The �controller� (or equivalent) of personal data processed by this instance is the Operator who deploys and runs it.

Legal entity: [To be designated]
Domain: [To be designated]
Privacy contact: [To be designated]

2. Scope

This Policy covers the boarding site, Mission console, account/User Center, paper trial data stored by this instance, vault features, share links, Ava help assistant, and related APIs on this deployment. It does not control how third parties (exchanges, AI providers, social networks) process data under their own policies when you use their services with your own accounts or keys.

3. Data we process

Depending on how you use the Service, we may process:

3.1 Account & identity

3.2 Vault secrets (sensitive)

3.3 Trading & product data

3.4 Technical & diagnostic data

We do not intentionally collect government ID documents or full payment card numbers through NavStak unless a future billing feature is added and disclosed.

4. How we use data

We do not sell your personal information. We do not use your vault secrets to trade for the Operator�s account.

5. Legal bases (where GDPR/UK GDPR or similar applies)

Where required, we rely on:

6. Sharing & processors

Data may be processed by:

Self-hosted single-user deployments may keep almost all data on the Operator�s machine only; multi-user deployments increase the Operator�s responsibility as a service host.

7. Retention

8. Security

We implement reasonable technical measures appropriate to a software product of this type, including password hashing, session cookies, encryption of vault secrets with an instance master key, and optional localhost-only binding for self-hosted use. No method is 100% secure. You must protect your device, master keys, and exchange permissions. Prefer futures-trade-only API keys without withdraw/transfer.

9. International transfers

If the Operator or a processor is located in another country, your data may be processed there. Where required, appropriate safeguards (such as standard contractual clauses or adequacy decisions) should be implemented for commercial multi-region hosting.

10. Your rights

Depending on your location, you may have rights to:

To exercise rights, contact the Operator using the contact method for this instance. You can also delete vault keys and unlink social handles in User Center where available. Account deletion may be requested from the Operator until self-serve delete is offered.

11. Children

The Service is not directed to children under 16 (or higher age if required locally). We do not knowingly collect personal data from children. If you believe we have, contact the Operator to request deletion.

12. Cookies & local storage

We use essential cookies or similar storage for sessions (e.g., sign-in cookie) and local UI preferences. We do not currently use third-party advertising cookies. If analytics cookies are added later, this Policy will be updated and consent obtained where required.

13. Changes

We may update this Policy by posting a new version on this page and changing the �Last updated� date. Continued use after the effective date means you accept the updated Policy, except where consent is required by law for a specific change.

14. Contact

Privacy inquiries: contact the Operator of this NavStak instance.
Legal entity: [To be designated]
Domain: [To be designated]
Email: [To be designated]