NavvicoSaaS automation for commerce & productivity
Contact support
Privacy Policy

Navvico Privacy Policy

Effective date: March 2, 2026

Navvico builds SaaS automation tools for Shopify and Atlassian markets. This privacy policy describes the data we process when merchants use our products. We operate from Tallinn, Estonia with infrastructure hosted in the European Union (Hetzner).

Data We Collect

  • Merchant contact details supplied directly by Shopify
  • Shop configuration metadata (shop domain, plan, locale)
  • Aggregated product-level order metrics generated by Navvico apps
  • Access tokens stored server-side for authenticated API calls

How We Use Data

Data is used to operate and improve Navvico products, deliver merchant support, and meet security requirements. We do not sell or share data with advertising platforms.

Infrastructure & Storage

All production workloads run on Hetzner data centers located in the European Union. Access tokens and aggregated metrics are stored in encrypted databases with role-based controls.

Data Retention

  • Aggregated metrics are retained for 90 days to support revenue trend analysis
  • Access tokens are stored until a merchant uninstalls or rotates credentials
  • Upon uninstall, job queues are cleared and associated aggregated data is removed

Access & Deletion Requests

Merchants can request data access or deletion by emailing support@navvico.com from the authorized shop domain. Navvico responds within one business day.

Security

We maintain audit logging, least-privilege access controls, and continuous monitoring of infrastructure. System credentials are rotated regularly.

Uninstall Behavior

Shopify uninstall events trigger automatic revocation of access tokens and deletion of associated aggregated metrics unless merchants request an earlier purge.

Contact

support@navvico.com · Navvico OÜ, Tallinn, Estonia

CartAI – Shopify Order Data Usage

CartAI specific disclosures

CartAI analyzes product-level performance to recommend revenue recovery actions. The application is designed to minimize personal data processing while still providing actionable automation.

  • CartAI ingests Shopify order data through the Admin API to compute product-level health scores
  • Only product identifiers, quantities, currency, and order totals are persisted
  • Customer names, emails, and addresses are neither stored nor exported
  • Aggregated metrics remain inside EU-hosted infrastructure (Hetzner)