Privacy Policy for NaviBound

Last Updated: June 14, 2026

NaviBound ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and share information when you use the NaviBound mobile application, the website at navibound.com (including articles under /news/), and embedded web forms.

Website & advertising

When you visit navibound.com, standard server and analytics logs may include your IP address, browser type, device type, pages viewed, referrer, and rough location. Some pages load Google AdSense and Ezoic advertising, both of which may set cookies or use identifiers to personalize and measure ads, subject to their respective policies (Google Ads, Ezoic Privacy Policy) and the consent choices you make via our CMP banner. The Gatekeeper Consent Management Platform (CMP) on every page lets you accept or reject non-essential cookies and trackers.

Web consultation requests: If you submit a consultation form on an article page, we collect what you enter (for example name, email, optional phone, urgency) and contextual metadata tying the lead to that article topic, and we process it as described under "consultation forms" below.

1. Information We Collect

1.1 Information You Provide

• Profile Information: When you set up "My Case," we collect information about your target country, occupation, and visa interests to personalize your news feed.
• Consultation Forms (app & web): If you request an expert consultation from the mobile app or from a consultation form on a web article page, we collect your name, email, and any details you provide in the form, plus contextual metadata such as the article title or topic. This may include sensitive immigration-related information that you voluntarily provide.

1.2 Information Collected Automatically

• Firebase Analytics: We use Google Firebase Analytics to understand how users interact with our app. This includes device type, operating system, app usage patterns (e.g., articles read, forms submitted), and approximate geographic region derived from IP address.
• Crash Reporting: We use Firebase Crashlytics to collect crash logs, stack traces, and device state when the app crashes or encounters an error, so we can diagnose and fix problems.
• Mobile Advertising: The mobile app uses Google AdMob, which may collect device identifiers and usage data for ad personalization and frequency capping subject to your device's advertising ID settings (e.g., "Opt out of Ads Personalization" on Android, "Allow Apps to Request to Track" on iOS).
• Install Attribution: On Android, we use the Google Play Install Referrer API to understand which marketing channel brought you to the app (e.g., utm_source, utm_campaign). On iOS we use Apple's SKAdNetwork and Firebase's first-open attribution for the same purpose.
• Device Identifiers: We may collect standard device identifiers for analytics and crash reporting.

1.3 Security Logs (Admin Portal)

To protect the admin portal from unauthorized access, when someone attempts to sign in with credentials that fail verification, we record the email address entered, the password submitted, the originating IP address, browser user agent, and a timestamp. This data is stored solely for security and abuse-prevention purposes and is accessible only to authenticated administrators, who can delete individual records at any time. We retain failed-login records until manually deleted by an admin or until 90 days have elapsed since the attempt, whichever comes first.

2. How We Use Your Information

• To personalize your news feed based on your interests.
• To facilitate expert consultations (routing your information to verified partners).
• To improve our app's performance and user experience.
• To send you push notifications about critical policy updates (if enabled).
• To detect, prevent, and respond to fraud, abuse, security incidents, and unauthorized access.
• To measure and improve the effectiveness of our marketing and distribution channels.

3. Information Sharing

• Third-Party Partners: If you submit a consultation form, we share your contact details and case context with our verified legal and migration partners for the purpose of providing the consultation you requested.
• Service Providers: We use the following third-party services to operate the product:
  • Google Firebase (Analytics, Authentication, Firestore, Cloud Functions, Cloud Messaging, Crashlytics) — infrastructure and analytics.
  • Google AdMob / AdSense — mobile and web advertising.
  • Ezoic — web advertising mediation.
  • Resend — transactional email delivery (consultation confirmations, partner alerts).
  • Cloudflare — DNS, hosting CDN, email routing.

4. Data Retention

We retain data only as long as necessary for the purposes described in this policy:

• Profile Information ("My Case"): retained locally on your device until you uninstall the app or delete the profile from Settings; never uploaded to our servers.
• Consultation Requests: retained for the lifetime of the engagement plus up to 365 days after the lead is marked Closed or Lost, after which they are automatically purged.
• Waitlist & Partner Application Data: retained until you request deletion or until the record is archived and 365 days have passed.
• Failed-Login Security Logs: retained until manually deleted by an admin or for a maximum of 90 days.
• Analytics & Crash Data: retained according to Firebase default policies (typically 2-14 months, configurable in Firebase Console).
• Article Content: news articles are retained for 365 days from publication, then automatically purged.

5. Your Choices

• Opt-Out: You can opt-out of analytics tracking via your device settings.
• Mobile Ads: Use "Opt out of Ads Personalization" (Android) or "Allow Apps to Request to Track" (iOS) in your device settings to limit ad personalization.
• Web & ads: Use our CMP banner, your browser settings, Google's ad settings, and industry tools to limit personalized advertising where available.
• Push Notifications: You can enable or disable weekly Policy Pulse notifications from in-app Settings at any time.
• Deletion: You can request the deletion of your My Case profile data within the app settings. To request deletion of consultation requests, waitlist entries, partner applications, or other submitted data, contact us at team@navibound.com and we will process the request within 30 days.
• Access & Portability: If you are an EU/UK/California resident, you have the right to access and receive a copy of the personal data we hold about you. Contact us to exercise this right.

6. International Data Transfers

Your information may be processed in countries other than your own, including the United States, where our service providers (Google, Cloudflare, Resend) operate. Where required (for example, for users in the European Economic Area or the United Kingdom), we rely on Standard Contractual Clauses or other lawful transfer mechanisms to ensure appropriate safeguards for your data.

7. Children's Privacy

NaviBound is not directed to children under 13 (or the equivalent minimum age in the relevant jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

8. Contact Us

If you have any questions about this Privacy Policy, to exercise any of the rights described above, or to request a record of the data we hold about you, please contact us at: team@navibound.com