Navia Therapy

Legal

Privacy Policy

Last updated May 5, 2026

How Navia Therapy collects, uses, maintains, protects, and discloses information you share with us through www.naviatherapy.com.

Introduction

Navia Therapy (“Company,” “we,” or “us”) respects your privacy and is committed to safeguarding it in accordance with this Privacy Policy.

This Policy outlines the types of information we may collect from you or that you may provide when using our website www.naviatherapy.comand other websites operated by us (the “Website”), as well as our practices for collecting, using, maintaining, protecting, and disclosing such information.

This Policy applies to information we collect:

  • On this Website.
  • In email, text, and other electronic communications between you and the Website.
  • Through mobile or desktop applications you may download from the Website, which provide dedicated interaction separate from a browser.

This Policy does not apply to information collected by:

  • Us offline or through other channels, including other websites operated by Navia Therapy or third parties.
  • Any third party (including affiliates and subsidiaries), including through applications or content (such as advertising) that may link to or be accessible from the Website.

Please review this Policy carefully. By accessing or using the Website, you agree to this Privacy Policy. If you do not agree, you should discontinue use of the Website. This Policy may change over time (see “Changes to Our Privacy Policy”). Continued use of the Website after updates constitutes acceptance of the revised Policy.

Children Under 13

Our Website is not directed toward children under 13. We do not knowingly collect personal information from children under 13. If you are under 13, do not use the Website or provide personal information (such as name, address, phone number, or email). If we discover we have collected personal data from a child under 13 without verified parental consent, we will promptly delete it.

Information We Collect

We collect only the information needed to recommend the right therapist for you and to operate the Website. Specifically:

  • Intake answers you provide— the structured quiz selections you make (state of residence, ZIP code, insurance carrier and plan, payment preference, scheduling availability, presenting concerns, therapist preferences) and any free-text notes you choose to share about what you’re hoping for in care.
  • Booking details— when you confirm an appointment we collect your full name, email address, date of birth, payment preference, and (if you’re using insurance) insurance carrier and member ID. We do notcurrently collect or store credit card numbers, CVV codes, or card expiration dates through this Website.
  • Consent acknowledgements— when you opt in to share intake answers we record the policy version you accepted and a timestamp of your acknowledgement, so we can demonstrate that consent was in place for each submission.
  • Technical request metadata— for each request to our service we record the request method, route, status code, response latency, and a salted, one-way hash of your IP address (not the IP itself). We use the hash for security monitoring, rate limiting, and audit logging only.

Automatic Data Collection

As you use the Website we may automatically collect a small amount of technical data needed for the service to function:

  • Your IP address, which our hosting provider (Vercel) sees as part of routing your request. We use it in two ways: (1) we read the coarse country/state information that our hosting provider derives from it, so we can pre-fill the location question in the quiz; and (2) we salt and hash it before recording it in our request audit log. We do not send your raw IP address to any separate third-party geolocation vendor, and we do not retain raw IP addresses in our long-term logs.
  • Session cookies set by Navia Therapy itself (no third-party cookies). One cookie keeps you signed in to the pre-launch site; another carries an opaque session identifier that lets us paginate your therapist recommendations without re-sending your intake answers. Both cookies are HTTP-only, Secure, and scoped to first-party use.

We do not currently use third-party advertising cookies, behavioral tracking pixels, web beacons, session-replay tools, Flash cookies, or cross-site analytics on this Website. If we add any such technologies in the future, we will update this Policy and request fresh consent before doing so.

How We Use Information

We use the information we collect to:

  • Recommend the right therapist for you whose state, payment acceptance, availability, and clinical specialties fit your intake answers.
  • Run a safety check on intake free-text responses so we can show appropriate crisis resources when needed.
  • Pre-fill the location question in the intake quiz based on your IP address.
  • Record consent acknowledgements, request metadata, and salted IP hashes in our audit log so we can investigate misuse and meet security obligations.
  • Communicate with you about a booking you have requested, or respond to a request you have sent us.

We do not use your information for advertising, sell it to data brokers, or share it with marketing networks.

We also do notuse your intake answers to diagnose you, screen you for any specific mental-health condition, or generate a clinical assessment of you. The matching service maps the concerns you describe to each therapist’s self-reported areas of focus so we can suggest providers who might be a good fit. Specialty highlights you see on the recommendations pages reflect the therapist’s stated specialties, not a clinical determination by Navia Therapy. Only a licensed clinician who has evaluated you directly can diagnose a mental-health condition. See our Terms of Service for the full non-diagnosis disclaimer.

Disclosure of Information

We share information with the limited set of service providers that operate our infrastructure, each under a confidentiality agreement and (where applicable) a Business Associate Agreement (BAA):

  • Our matching service— intake answers are sent to a server we operate (currently hosted on Amazon Web Services in the United States) which runs the matching and safety-check logic and returns therapist results.
  • Our hosting provider— serves the Website itself, processes encrypted requests in transit, and provides the coarse country/state-level geographic information we use to pre-fill the location question in the intake quiz. Your IP address is not shared with any separate geolocation vendor.

Additionally, we may disclose personal data:

  • To comply with legal obligations or valid government requests.
  • To enforce our Terms of Service.
  • To protect the rights, property, or safety of Navia Therapy, our users, or others.
  • In connection with a merger, acquisition, restructuring, or sale of assets, in which case continued protection of your information will be required of any acquirer.

Data Security

We protect your information with the following safeguards:

  • Encryption in transit— all traffic to and from the Website is served over HTTPS with HTTP Strict Transport Security (HSTS) enforced.
  • Hardened browser security headers— including a Content Security Policy, frame-ancestor blocking, MIME-type sniffing prevention, a referrer policy that strips sensitive paths from cross-origin requests, and a permissions policy that disables unused browser features.
  • Server-side input validation, request-size caps, and rate limiting on every API endpoint that accepts intake or authentication input.
  • Minimal client-side storage— free-text intake answers are sent to our server once and then dropped from the browser; only the small slice of structured selections needed for the next page of the experience is kept in your browser session.
  • Audit logging of every request to our API endpoints, including a salted hash of the originating IP, the consent acknowledgement attached to the submission (if any), and the response status. We never log intake free-text, names, emails, dates of birth, or insurance member identifiers.

No system is completely secure. Transmission of data over the internet always carries some residual risk; we work continuously to reduce that risk and to keep this section accurate.

Accessing and Correcting Information

You may request access to, correction of, or deletion of personal information by contacting info@naviatherapy.com. We may decline requests where doing so would violate law or result in inaccurate records.

Choices and Controls

You have options regarding your data:

  • Take the quiz or not— you choose what intake answers to share with us. The free-text fields are optional; you can complete the quiz with structured selections only.
  • Cookies— you can refuse our first-party session cookies in your browser settings. If you do, you will not be able to access the gated portion of the Website or paginate through additional therapist recommendations.
  • Clear your browser session— closing your browser tab clears the small set of structured selections we keep in browser session storage to power the next page of the experience.
  • Service-related communications— if you confirm a booking, we will use the email address you provide to coordinate that appointment. We do not currently send marketing email through this Website.

Data Breach Notification

In the event of a personal data breach, Navia Therapy will notify you promptly (no later than 72 hours from discovery) and conduct an investigation. For full details, please review our Breach Policy.

California Privacy Rights

California Civil Code Section § 1798.83 permits users of our Website that are California residents to request details regarding how we share personal information with third parties for marketing purposes. Requests may be submitted to info@naviatherapy.com.

GDPR / EEA Rights

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR), including:

  • The right to access, correct, or delete personal data.
  • The right to withdraw consent.
  • The right to object to processing based on personal circumstances.
  • The right to restrict or limit processing.
  • The right to lodge a complaint with a supervisory authority.

We retain personal data only as long as necessary for business or legal reasons, after which it will be securely removed.

Changes to this Policy

We will post updates to this Privacy Policy on this page. If material changes are made, we will notify you by email (if you’ve provided one) or via a notice on the Website. The “last modified” date at the top of this page reflects the most recent revision.

Contact

For questions about this Privacy Policy, please contact us at: info@naviatherapy.com.