NavJun is built on a zero-knowledge architecture from day one — not as a feature, but as a foundational principle. Your queries, your IP, your documents. They stay with you.
0
Customer records stored on NavJun servers
AES-256
Encryption standard, data in transit and at rest
72h
Maximum breach notification window (GDPR-aligned)
4
Privacy frameworks covered — GDPR, UK GDPR, CCPA, PIPEDA
We didn't add privacy controls after the fact. We started from zero-knowledge and built the product around it.
Zero-Knowledge Architecture
Your queries and documents are processed without being stored on our infrastructure. We see the regulatory output — never the input that generated it.
We Never Train on Your Data
Your regulatory questions, your product IP, your internal documents — none of it is used to improve our models or shared with any third party.
End-to-End Encrypted
All data in transit is protected with TLS 1.2+. Data at rest is encrypted with AES-256. Access is restricted to authorized personnel on a strict need-to-know basis.
SOC 2 Type II Ready
Our security controls are built to enterprise standards — with SSO/SAML support, audit trails, and incident response SLAs that hold up under regulator scrutiny.
Your product IP is your competitive advantage. We built a zero-knowledge architecture from day one — not as a feature, but as a foundational principle.
When you ask NavJun a regulatory question, that question lives inside our processing pipeline for as long as it takes to generate a response — then it’s gone. No logs. No retention. No training.
That’s not a policy we can change in a terms update. It’s how the architecture works.
Wherever your team operates, NavJun meets you there. We’re designed to satisfy the most demanding data protection frameworks in the world.
GDPR — European Union
NavJun acts as a Data Processor under Article 28 GDPR. We support DPIAs, maintain records of processing, and notify you within 72 hours of any breach. SCCs available for international transfers.
UK GDPR — United Kingdom
Same processor obligations as EU GDPR, with UK-specific transfer mechanisms. We support the UK IDTA and UK Addendum to EU SCCs for any cross-border data flows.
CCPA — California
NavJun operates as a certified Service Provider under the CCPA/CPRA. We never sell or share your Personal Information and only use data for the specific business purposes you’ve engaged us for.
PIPEDA — Canada
NavJun applies all ten Fair Information Principles under PIPEDA. We collect only what’s necessary, process with your consent, and report breaches to you promptly so you can notify the OPC if required.
Read our full Data Processing Agreement, or talk to our team directly. We’re transparent by default.