Navan Privacy Policy

Last Updated January 30, 2024

Navan, Inc. and its affiliates (collectively, “Navan,” “we,” “us,” and "our") respect your privacy. We are a travel management platform that helps companies manage all of their corporate travel and expense management in one place as described in our Terms of Service. “You” may be a visitor to one of our Websites, a corporate customer of one or more of our Services (“Corporate Customer”), or an employee, traveler, or guest of a Corporate Customer (“Corporate Users”), or an independent business traveler ("Independent User").

This Privacy Policy describes the types of Personal Information we collect through our main website at navan.com (“Website”) and through our travel products and services that we provide to Corporate Customers, Corporate Users, and Independent Users (“Services”). This Privacy Policy also describes how we use Personal Information, with whom we share it, your rights and choices, and how you can contact us about our privacy practices.



Overview

Navan obtains Personal Information about you from various sources to manage our Website and provide our Services. There are two primary ways you may interact with Navan online.

Website Visitors

Our Website at navan.com is publicly available and allows visitors to learn more about Navan, request a demo, submit questions, join a discussion thread on our community pages, and contact us. Personal Information may be collected through webforms where you type in your information, comments you choose to post on our community discussion boards, or automatically using tracking technologies, like cookies.

Our Services include our web application at app.navan.com and Navan mobile applications made available by us. The web application and our mobile applications (collectively, our “Apps”) provide the ability to search for and book travel, access traveler support, trip consolidation, as well as corporate administrative functionality including real-time reporting, traveler tracking, spend reconciliation, travel continuity, and traveler customer support. Navan Expense, a payments and expense application, provides the ability to make travel payments, track and submit business expenses, reconcile expense reports, link to personal accounts for expense submittals and reimbursements, import transactions, manage business expenses, and access customer support. These Services are offered through a corporate subscription.

When you use our Services because one of our Corporate Customers (e.g., your employer) has purchased the Services, and you use our Services to book business travel or manage expenses, we collect, use, and disclose Personal Information about Corporate Users acting in our capacity as a “processor” or “service provider” to our Corporate Customers. Navan’s Corporate Customers are the controllers of this Personal Information and responsible for making sure that the Traveler’s privacy rights are respected, including ensuring appropriate disclosures about third-party data collection and use are made. When we act as a “processor” or “service provider” to our Corporate Customers, we process Personal Information in accordance with our Corporate Customer’s lawful instructions, the terms of the agreement we have with the Navan Corporate Customer, and consistent with this Privacy Policy.

By contrast, when you use our Services to book personal travel (as opposed to Navan Business Travel) or when you respond to one of our surveys, we collect, use, and disclose Personal Information about Corporate Users acting in our capacity as a “controller” or “data owner.” Our Corporate Customers do not have access to the Personal Information you provide when you book personal travel, unless you choose to share that information with your employer. Similarly, when you use our Services as an Independent User, including booking independent business travel unrelated to our Corporate Customers, we collect, use, and disclose your Personal Information in our capacity as a “controller.” When we act as a “controller,” we process Personal Information consistent with this Privacy Policy.

As a travel management platform, our Services may share your booking information with other parties to fulfill your travel reservations, including third-party websites, services or applications. This Privacy Policy does not apply to third-party websites, services, or applications, even if they are accessible through our Services, and you should consider the privacy practices of those third parties carefully.


Personal Information

Personal Information” is information that identifies you as an individual or relates to an identifiable individual. The types of Personal Information we collect vary according to your interactions with us, for example, depending on whether you are a visitor to our website, a Corporate Customer of Navan, or an employee of Customer using our Services. The Personal Information we collect from our Corporate Customers or Corporate Users booking business travel or using our payment services is “Corporate Customer Data,” and the Personal Information we collect from our Website visitors, Corporate Users booking personal travel, Independent Users, or otherwise apart from providing Services is “Other Information.”

How We Collect Personal Information You Provide to Us

Website Visitors. If you visit or use our Website, you can fill out web forms to ask for a demo, interact with our chatbox, sign-up for a newsletter, register for a Navan event or account, or take a survey. The specific Personal Information you provide on these forms or in our chatbox, as well as any Personal Information you choose to provide on our community discussion boards, will be treated as Other Information. For example, when you respond to Navan emails or surveys, or create a user account to participate in our community discussion boards, we collect your name, contact details, profile photo, and any other information you choose to include in your email, survey response, or account profile.

Navan Services. When you use our Services, the Personal Information that you provide directly to us through our Services will be apparent from the context in which you provide the data. You may provide Personal Information to us when you book travel or use our expense management services. Personal Information may be provided to us directly by you or others, such as our Corporate Customer (e.g., your employer), a designated travel admin, or a traveling companion, on your behalf.

When you use Navan to register an account (“Account”) on our Services, we collect Personal Information, such as name, email, postal address, telephone number, financial data (payment card information and billing address), date of birth, gender, and emergency contact information (optional). When you use our Services for personal travel, we collect Personal Information such as your personal payment card information, billing address, and your personal email address. You may customize your travel profile by providing additional Personal Information, such as passport data, marital status, travel preferences, Known Traveler Number, TSA-Pre number, special meal preference, travel loyalty programs, and COVID-19-related health data.

When you contact us for travel support through our chat feature on our Apps or by telephone, we collect Personal Information to verify your identification and help with your travel issue. In addition, we may record telephone calls between you and our representatives for training and quality assurance purposes. To the extent you may choose to provide us with feedback, suggestions, or recommendations about your experience, we collect that information and treat it as Other Information.

Other Methods. You may also choose to submit Other Information to us via other methods, including in response to marketing or a survey, through social media or online forums, through participation in an offer or promotion, or by giving us your business card or contact details at trade shows or other events.

Information Automatically Collected

In addition to the information you provide when you visit our Website and use our Services, we automatically collect Other Information about how you access and interact with our Website and Services. This information is a key part of how we improve your experience on Navan and provide you with personalized insights, recommendations, and travel notices. These may include things like cookies, browser web storage, web beacons, and similar technologies. These technologies record information about your use of our Website and Services.

Browser and Device Information. Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, IP address for purposes of connecting, computer type (Windows or Mac), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type, add-ons, and version and the name of the website or app you are using. We use this information to ensure that our Website and Services function properly.

Log Information. When you use our Website or our Services, certain information is automatically collected in system logs about how you interact with our Website and Services, including with our chatbox, such as your online activity, search terms, pages you visit, content you view, click on, or share, date and time of access, device event information, unique identifiers (e.g., IDFA and IDFV), crash data, and cookie information, such as mouse clicks and keystrokes. This information is used to improve your experience on our Website and Services, improve their design and functionality, and help keep them free of bugs or errors.

App Usage. When you use our Services, we also may collect information about your online activity, such as trips viewed, travel reservations made, and other actions within our App. When you download and use one of our Apps, we and our service providers may track and collect App usage data, such as the date and time the App on your device accesses our servers and what information and files have been downloaded to the App based on your mobile device's identifier.

Cookies. Navan uses a variety of cookies and similar technologies on our Websites and Services to help us collect Other Information. For more details about how we use these technologies, and your opt-out opportunities and other options, please see our Cookies Policy.

Geolocation. When you use certain features of the Services, we may collect certain information like IP address, device information, or log information to estimate your location (e.g., city or state) and to offer you an improved user experience and provide you with personalized location-based services, such as identifying nearby hotels, airports, or merchants. For Navan Expense, you have the option to share location information when uploading receipts. Most mobile devices allow you to control or disable the use of location services for applications in device settings menu.

Information From Third Parties

We may obtain and rely on Personal Information about you from third parties and other sources, such as our business partners, Corporate Customers, and other Corprate and Independent Users of our Services. For example, Navan Corporate Customers may provide Personal Information about Corporate Users when they create new Accounts for their employees or guests. Organizers of meetings and events may share Personal Information when they are organizing Navan Group Travel for attendees. Corporate and Independent Users may provide Personal Information about their travel companions when booking personal travel. We may also work with different third-party partners to supplement information we collect directly from you.

As a travel management platform, when we conduct fraud monitoring, prevention, and detection activities, we may also receive Other Information about you from our business partners, financial service providers, identity verification services, and publicly available sources as necessary to confirm your identity and prevent fraud.

If you disclose any Personal Information relating to other people to us or to our service providers in connection with our Services, you represent and warrant that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy and/or any other agreements we may have with you.


How We Use Personal Information

We use the information we collect from you and third parties to operate our Website and Services, communicate with you, conduct research and development to improve our Website and Services, and promote our Services.

Navan Services for Corporate Customers. Navan uses Corporate Customer Data for the purpose of providing our Services to Corporate Customers to enable their employees to book business travel and manage expenses. Corporate Customer Data will be used by Navan in accordance with Corporate Customer’s instructions, including any applicable terms in our agreements with our Corporate Customers, and as required by law. Navan is a processor of Personal Information and Corporate Customer is the controller. Some examples of how we use Corporate Customer Data:

Account Information. To create, maintain, and secure accounts, including customizing your travel profile.

Reservations. To complete travel bookings, process your payments, provide travel confirmations, provide notifications and updates, and verify your information.

Services Communications. To communicate with you regarding travel interruptions, flight changes, delays, travel alerts and restrictions, and cancellations; respond to inquiries and questions; and notify you of updates to our Services, product updates, and service announcements. Communications may be sent via email, push notifications, browser notifications, SMS, and postal mail.

Payments and Expenses. To track and submit travel or other business expenses, reconcile expense reports, link to personal accounts for expense submittal and reimbursement, and manage expenses.

Corporate Customer Support. To provide customer support when you contact us via chat, telephone, or email. We use this Corporate Customer Data to verify your identity and retrieve travel records related to your inquiries.

Providing Personalized Services. To personalize your experience on our Services, such as to curate booking recommendations, identify nearby hotels and airports, record travel meal and seating preferences, and optimize search results. We provide these personalized services in accordance with the terms of our agreement with our Corporate Customer.

Navan Digital Health Passport. To enable access to health documents required to meet airline and state/country requirements for travel.


Navan Services for Corporate Users Booking Personal Travel and Independent Users. Navan uses Other Information for the purpose of providing our Services to Corporate Users booking personal travel and Independent Users booking their own travel. Navan is the controller of Other Information and uses it, for example, as follows:

Account Information. To create, maintain, and secure accounts, in order to manage our contractual relationship with you and/or to comply with a legal obligation.

Reservations. To complete travel bookings, process your payments, provide travel confirmations, provide notifications and updates, and verify your information, in order to manage our contractual relationship with you or to comply with a legal obligation.

Services Communications. To communicate with you regarding travel interruptions, flight changes, delays, travel alerts and restrictions, and cancellations; respond to inquiries and questions; and notify you of updates to our Services, product updates, and service announcements. Communications may be sent via email, push notifications, browser notifications, SMS, and postal mail. We engage in these communications to manage our contractual relationship with you, where we have a legitimate interest, or to comply with a legal obligation.

Payments and Expenses. To track and submit travel or other business expenses, reconcile expense reports, link to personal accounts for expense submittal and reimbursement, and manage expenses, in order to manage our contractual relationship with you, where we have a legitimate interest, or to comply with a legal obligation.

Traveler Support. To provide traveler support when you contact us via chat, telephone, or email. We use Other Information to verify your identity and retrieve travel records related to your inquiries. We engage in travel support in order to manage our contractual relationship with you or where we have a legitimate interest.

Providing Personalized Services. To personalize your experience on our Services, such as to curate booking recommendations, identify nearby hotels and airports, record travel meal and seating preferences, customize your travel profile, and optimize search results. We provide these personalized services based on our legitimate interests, and with your consent to the extent required by applicable law.

Navan Digital Health Passport. To enable access to health documents required to meet airline and state/country requirements for travel, in order to manage our contractual relationship with you or to comply with a legal obligation.


Accomplishing Our Business Purposes. Navan uses Other Information in furtherance of our legitimate interest in operating our Services, Websites, and business, as well as to comply with our legal obligations. Our business purposes include:

• Data analysis to provide, develop, and improve our Website and Services (including our chatbox), develop new products and services, enhance, modify, and maintain our current products and Services, as well as undertaking quality and safety assurance measures;

• Security of our Website and Services. To protect the safety, integrity of our Corporate Customers and our Corporate and Independent Users, including monitoring, detecting, and preventing fraud, cyberattacks, attempts to commit identity theft, and unauthorized or illegal use of our Website or Services;

• Identification of usage trends. To better understanding which parts of our Services are of most interest to users and focus our energies on meeting our users’ interests;

• Determine the effectiveness of our promotional campaigns, so that we can adapt our campaigns to the needs and interests of our users;

• Audits. To verify that our internal processes function as intended and to address legal, regulatory, or contractual requirements;

• Aggregated reports. To analyze and/or predict preferences in order to prepare aggregated trend reports on how our Website and Services are used, so we can improve our Website and Services.


Legal compliance. We use Other Information to verify the identity of our Corporate and Independent Users and Corporate Customers in order to comply with fraud monitoring, prevention and detection obligations, laws associated with the identification and reporting of illegal and illicit activity, such as AML (Anti-Money Laundering) and KYC (Know-Your-Customer) obligations, and financial reporting obligations. For example, we may be required to record and verify user identity for the purpose of compliance with legislation intended to prevent money laundering and financial crimes. These obligations are imposed on us by the operation of law, industry standards, and by our financial partners, and may require us to report our compliance to third parties, and to submit to third party verification audits.

Marketing and Events-Related Communications. When you use our Website or Services, we may use Other Information to tailor, measure, and improve our advertising, as well as to send you marketing communications about our Services, products and features, and other news about Navan. Marketing communications may invite you to participate in our events, product demos, beta program, or surveys. We will engage in marketing activities with your consent or where we have a legitimate interest.

Emails from Navan with updates and offers when you opt-in to marketing. You can choose to receive emails containing updates and offers tailored to your interests, such as our newsletter. These emails contain offers for our own services and services offered by our travel partners. With your consent, we will also send you emails on specific occasions, such as a special offer on your birthday or personalized offers for your next trip within a few months after your return.

Navan Events. When you participate in trade shows or other events, we may collect Other Information, such as your business contact details, to follow-up with you regarding an event, offer a demo of our Services, send you information that you requested, and, with your permission, include you on our marketing campaigns.

Consent. We may use Personal Information for other purposes that are clearly disclosed to you at the time you provide Personal Information or with your consent.

Aggregated and De-Identified Personal Information. We may aggregate and/or de-identify Personal Information such that it is no longer considered Personal Information. We do so to generate other data for our use, which we may use and disclose for any purpose, as it no longer identifies you or any other individual. We engage in these activities based on our legitimate interest.

How We Disclose Personal Information

We disclose your Personal Information in connection with providing our Services and the operation of our business.

Navan. We share Personal Information with other Navan entities in order to provide our Services and for internal administration purposes. These entities are Navan Labs BV (Netherlands), Navan BV (Netherlands), Reed & Mackay Travel Limited (UK), Navan Limited (UK), Comtravo GmbH, and Navan Pty Limited (Australia).

Navan Corporate Customers. As a corporate travel management platform, we share Corporate Customer Data, such as Traveler Personal Information related to business travel, with the Corporate Customer who has made our Services available to the user. Information may include business travel bookings and details, business travel status, business expenses, profiles, current locations (based on business travel itinerary), travel preferences, business payments and transactions history. Only travel bookings designated as business are accessible by the Traveler’s employer. If your employer has elected to establish Navan Rewards, information related to your business travel will be shared with your employer, such as traveler, booking, destination, travel dates, and pricing information. Please note that the information we provide will be subject to the receiving Corporate Customer’s privacy policy. We are not responsible for the privacy and security practices of our Corporate Customers.

Service Providers. We share Corporate Customer Data and Other Information with a limited number of our service providers. We have service providers that provide services on our behalf, such as website and application hosting (including through provision of tools that enable us to analyze your interactions on our Website and Services), data analysis, providing the chatbox (including through storage of the chat transcripts), credit card payment processors, billing services, business analytics, distribution of surveys or sweepstakes programs, information technology and related infrastructure, customer service, email delivery, identity verification, auditing, and fraud protection.

Business Partners and Providers of Travel Services. We may share Corporate Customer Data and Other Information with third-party business partners when this is necessary to provide our Services. Third parties to whom we may disclose Personal Information include airlines, hotels, rail, rental car companies, travel networks and agencies in order to make the travel bookings you requested. Please note that the business partners are typically third-party controllers and that information we provide may be subject to and processed according to the receiving third party’s privacy policy. If your booking is made via a reservation system provider ("GDS"), it will be processed according to its privacy policy available at http://www.iatatravelcenter.com/privacy. Where a booking is made via the Amadeus GDS, to provide the services, your Personal Information may be processed by Amadeus IT Group, S.A. You should read this documentation, which applies to your booking and specifies, for example, how your personal data is collected, stored, used, disclosed and transferred. We are not responsible for the privacy and security practices of these third parties.

Your Choice to Disclose Personal Information. By participating in any community discussion boards, blogs, or other services to which you are able to post information and content, you may choose to disclose Personal Information. Please note that any information you post or disclose through these services will become public and may be available to other users and the general public.

Legal Compliance and Obligations. We share Personal Information as necessary or appropriate (i) to comply with applicable laws and regulation which may include laws outside your country of residence; (ii) to protect the rights, privacy, safety, and property of our Corporate Customers, you, others, or Navan and to enforce our Terms of Service; (iii) to collect amounts owed to us, and (iv) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities (including national security requests) which may include authorities outside your country of residence.

Corporate Transactions. We may disclose or transfer Personal Information to a third party in the event we enter into, or intend to enter into, a transaction that alters the structure of our business, such as a reorganization, merger, sale, joint venture, assignment, transfer, or disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).

Underwriting/Risk management. We share Personal Information of our Corporate Customers who are purchasing Navan services with third parties for the purposes of setting credit limits and managing financial risk.


Your Rights and Choices

You have choices regarding our use and disclosure of your Personal Information. You may opt out from:

Receiving marketing-related emails from us. If you no longer want to receive marketing-related emails from us, you may opt-out via the “unsubscribe” link included in such emails. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages that are required to provide you with our Services, from which you cannot opt-out. We will try to comply with your request(s) as soon as reasonably practicable.

Receiving Travel Alerts from Us. You can manage your communication preferences by visiting your Account Profile and then Settings. You can choose which types of travel alerts to receive and the method for receiving the alerts. You may also opt-out of SMS alerts in your Account Settings.

Our Use of Certain Cookies. You can manage some of the cookies we use on our Website and Services by visiting our Cookie Policy.

Accessing and Changing Your Personal Information. You may access, update, correct, or delete your profile information and preferences at any time by logging in to your Account through our Apps.

Your Data Protection Rights. In accordance with applicable law and depending on where you reside, you may have the right to: (i) request confirmation of whether we are processing your Personal Information; (ii) obtain access to or a copy of your Personal Information; (iii) receive an electronic copy of Personal Information that you have provided to us, or ask us to send that information to another company (the “right of data portability”); (iv) object to or restrict our uses of your Personal Information; (v) seek correction or amendment of inaccurate, untrue, incomplete, or improperly processed Personal Information; (vi) withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal; and (vii) request erasure of Personal Information held about you by us, subject to certain exceptions prescribed by law.

If you would like to exercise any of these rights, please email us at privacy@navan.com or contact us as specified in the Contact Us section below. We will respond to your request consistent with applicable law and as soon as reasonably practicable. To protect your privacy, we will verify your request using the information associated with your account, including email address.

Please note that if you use our Services on behalf of an organization that is our Customer (e.g., your employer), that Customer may be responsible for fulfilling the rights listed above.


United States Privacy Practices

US-Specific rules may apply to our processing of personal data of residents of certain states in the United States. For information on United States Privacy rules, please visit our United States’ Privacy policy.


Security and Retention

We maintain commercially reasonable technical and organizational measures designed to protect Personal Information within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please Contact Us immediately.

We retain Personal Information for as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law. If you are a Corporate Customer or a Corporate or Independent User, we retain your Personal Information as long as we are providing Services to you. We may retain Personal Information and certain records of your transactions to the extent necessary to comply with our legal and regulatory obligations. We may also retain Personal Information in light of our legal position such as in regard to applicable statute of limitations, litigation, or regulatory investigations.


The Website and Services may provide the ability to connect to third-party websites or other online services. These third-party websites and services operate independently from us. This Privacy Policy does not address, and we are not responsible for, the privacy, information, or other practices of any third parties, including any third party operating any website or service to which the Website and Services link. The inclusion of a link does not imply endorsement of the linked site or service by us or by our affiliates.

Our Apps use Google Maps/Earth services, including the Google Maps API(s). Use of Google Maps/Earth is subject to Google Maps/Earth Additional Terms of Use and the Google Privacy Policy.

In addition, we are not responsible for the information collection, use, disclosure, or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft, or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider, or device manufacturer, including with respect to any Personal Information you disclose to other organizations through or in connection with our Apps or social media pages.


Interest-Based Advertisement Practices

When you visit our Website or use our Services, we and certain third-party advertising companies engaged by us, collect information about your online activities over time to provide you with advertising about products and services tailored to your individual interests. You may see Navan ads or promotions on other websites or mobile apps based on information related to your visit to our Website or use our Services, as well as information received from third parties, because we participate in advertising networks. These advertising networks may place or recognize a unique cookie on your browser (including through the use of pixel tags). They also use these technologies, along with information they collect about your online use, to recognize you across the devices you use, such as a mobile phone and a laptop. If you would like more information about this practice, and to learn how to opt out of some personalized advertising in desktop and mobile browsers on the particular device on which you are accessing this Privacy Policy, please visit http://optout.aboutads.info/#, http://optout.networkadvertising.org/#, and http://www.youronlinechoices.eu. You may download the AppChoices app at https://aboutads.info/appchoices to opt out in mobile apps.


Use of Services and Website by Minors

Our Website and Services are not directed to individuals under the age of sixteen (16), and we do not knowingly collect Personal Information from individuals under 16.


Sensitive Information

Unless we request it, we ask that you not send us, and you not disclose, any sensitive Personal Information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership) on or through the Services or Website, or otherwise to us.

In order to offer certain services, we may gather information that falls under the category of sensitive data or special category of data as defined by relevant data protection laws. However, it is important to note that the collection of this data is completely optional. For instance, you have the choice to specify your meal preference, which could indirectly reveal details about your ethnic origin, religious beliefs, or health status as per Article 9 of the GDPR. This information is only collected with your consent in order to provide the information to our travel partners. At any point, you can remove this information from your profile.


Jurisdiction and Cross-Border Transfer

Your Personal Information may be stored and processed in any country where we have facilities or in which we engage service providers, and by using our Website or Services you understand that your information may be transferred to countries outside of your country of residence, including the United States, which may have data protection laws that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Information.


International Privacy Practices

European Economic Area. Some non-EEA countries are recognized by the European Commission as providing adequate level of data protection according to EEA standards (the full list of these countries is available here. For transfers from the EEA to countries not considered adequate by the European Commission, we endeavor to put in place adequate measures to ensure your Personal Information is safeguarded consistent with the requirements of applicable laws. You may obtain more information by contacting us in accordance with the “Contact Us” section below.

You may contact our Data Protection Officer at dpo@navan.com. You may also lodge a complaint with the EU/EEA data protection authority for your country or region where you have your residence, place of work, or where an alleged infringement of applicable data protection law occurs.

Navan complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. Navan has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

In compliance with the EU-U.S. DPF Principles, Navan commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the EU-U.S. DPF Principles. European Union individuals with DPF inquiries or complaints should first contact Navan.

Navan has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2

In the event we transfer Personal Data covered by the EU-US DPF to a third party acting as a “controller” (as defined by the EU-US DPF), we will do so consistent with any notice provided to Data Subjects, any consent they have given, and only if the third party has given us contractual assurances that it will (i) process the Personal Data for limited and specified purposes consistent with any consent provided by the Data Subjects, (ii) provide at least the same level of protection as is required by the EU-US DPF Principles and notify us if it makes a determination that it cannot do so; and (iii) cease processing of the Personal Data or take other reasonable and appropriate steps to remediate if it makes such a determination. If Navan has knowledge that a third party acting as a controller is processing Personal Data covered by the EU-US DPF in a way that is contrary to the EU-US DPF Principles, Navan will take reasonable steps to prevent or stop such processing.

With respect to our “agents” (as defined by the EU-US DPF), including third parties acting on our behalf, we will transfer only the Personal Data covered by the EU-US DPF needed for an agent to deliver to Navan the requested product or service. Furthermore, we will (i) permit the agent to process such Personal Data only for limited and specified purposes; (ii) require the agent to provide at least the same level of privacy protection as is required by the EU-US DPF Principles; (iii) take reasonable and appropriate steps to ensure that the agent effectively processes the Personal Data transferred in a manner consistent with Navan’s obligations under the EU-US DPF Principles; and (iv) require the agent to notify Navan if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the EU-US DPF Principles. Upon receiving notice from an agent that it can no longer meet its obligation to provide the same level of protection as is required by the EU-US DPF Principles, we will take reasonable and appropriate steps to stop and remediate unauthorized processing.

Navan remains liable under the EU-US DPF Principles if an agent processes Personal Data covered by the EU-US DPF in a manner inconsistent with the EU-US DPF Principles, except where Navan is not responsible for the event giving rise to the damage.

Russian Federation. The services hereunder are not intended for use by Russian citizens who are resident in Russia. If you are a Russian citizen residing in Russia, any Personal Information that you provide to us through our Website or Services will be solely at your own risk and responsibility. You expressly agree that we may gather your Personal Information and will process this data in the United States and in other countries, and that you will not hold us accountable for any potential non-observance of Russian law.

In the UK, Navan is an agent of Plaid Financial Ltd., an authorised payment institution regulated by the Financial Conduct Authority under the Payment Services Regulations 2017 (Firm Reference Number: 804718). Plaid provides you with regulated account information services through Navan as its agent.


Updates to This Privacy Policy

We reserve the right to change this Privacy Policy at any time to reflect new services, changes in our Personal Information practices or relevant laws. If we make material changes, we will notify you as required by applicable law. The “Last Updated” legend at the top of this Privacy Policy indicates when this Privacy Policy was last revised. Any changes will become effective when we post the revised Privacy Policy.


Contact Us

Navan, Inc., located at 3045 Park Blvd, Palo Alto, CA 94306 USA is the company responsible for collection, use, and disclosure of your Personal Information under this Privacy Policy.

If you have any questions about this Privacy Policy, please contact us at privacy@navan.com, or write to us at Navan, Inc., 3045 Park Blvd, Palo Alto, CA 94306 USA.

Because email communications are not always secure, please do not include credit card or other sensitive information in your emails to us.

See Navan in action

Already have an account? Log in.