Privacy Policy
Last updated: 18 June 2026
Navisual (“we”, “us”) is a Windows desktop app that watches your active window and shows you where to click. This policy explains what data the app handles, what leaves your computer, and the third parties involved. The short version: your screenshots are processed to answer your request and are not stored on our servers, and the free tier requires no account.
Navisual is operated from British Columbia, Canada. Because the AI and infrastructure providers below operate globally, data you send (such as a screenshot for a request) may be processed on servers outside Canada, including in the United States.
1. What the app processes
- Screenshots of your active window. When you ask for guidance, a screenshot of the foreground application window (not your whole desktop) is sent to the AI provider you’ve selected so it can identify the next step. Screenshots are held in memory and are not written to disk at default settings, and are not stored on Navisual’s servers.
- Window title and size. The focused window’s title and its on-screen position/size are sent with the request to give the AI context.
- Your request text. What you type or say, plus a short running summary of the task.
- Voice input (optional). If you enable push-to-talk, your spoken audio is transcribed by the WebView2 Web Speech API, which streams it to Microsoft’s online speech service. This is a separate data flow you can leave disabled.
Element coordinates are matched locally on your machine (Windows UI Automation + built-in OCR). Your screen layout is not used to build any profile of you.
2. Where your screenshot goes (you choose)
The AI provider is your choice in Settings:
- Managed tier (free / paid) — routed through our relay (see §4) to an AI provider on your behalf.
- Bring your own key — sent directly to Anthropic, Google, OpenAI, DeepSeek, or Qwen using your own API key; our servers are not involved.
- Ollama (local) — runs entirely on your own machine or LAN; nothing leaves your network.
Whichever provider receives a request processes it under their privacy policy. We don’t control how third-party AI providers use data sent with your own key.
3. Data we store
On your computer (under %LOCALAPPDATA%\com.navisual.app):
your settings and any API keys you enter, your sign-in token, conversation/session files,
and (only if you turn on debug logging) diagnostic logs. These never leave your machine
unless you send them to us.
On our servers (Supabase), only for the managed tier:
- Account record — an anonymous user id, your request count, coin balance, tier, and (after a purchase) your Stripe customer id. The free tier uses anonymous sign-in, so it holds no name or email until you choose to sign in with Google to buy coins.
- Feedback — if you tap a “wrong” reason or send feedback, we store the category, the AI’s instruction/target, the provider/model, and any note you type. No screenshots and no request text are included.
4. Third-party processors
| Processor | Purpose | What they receive |
|---|---|---|
| Supabase | Account, quota database, and the managed AI relay | Your account record; the request payload passes through the relay in transit |
| OpenRouter | Upstream for the free managed tier | The request payload (screenshot + text) for that request |
| Google (AI Studio) / OpenAI | Upstream for the paid managed tiers | The request payload for that request |
| Stripe | Payments | Your email and payment details — never your screenshots. Card data goes directly to Stripe (PCI); we never see card numbers. |
| Microsoft | Voice transcription (only if you enable push-to-talk) | Your spoken audio |
| GitHub | App downloads and updates | Standard request metadata when you download |
5. International data transfers
Our managed services run on infrastructure provided by Supabase and the upstream AI providers listed above. Your account record and the request payloads you send (a screenshot of your active window plus your text) may be transferred to and processed in the United States or other jurisdictions where these providers operate. By using the managed tier, you consent to this transfer. If you prefer that no data leave your machine, use a local provider such as Ollama, which sends nothing to us or to any third party.
6. Payments
Coin purchases are processed by Stripe. We receive a confirmation that a payment succeeded (to credit your balance) and store your Stripe customer id; we do not receive or store your card number. Stripe’s handling of your payment data is governed by Stripe’s Privacy Policy.
7. Retention & deletion
Managed-tier requests are processed in transit and not retained by us after the response. Your account record and any feedback rows persist until you ask us to delete them. Local files live on your machine until you uninstall or delete them. To request deletion of your managed-tier account data, contact us (§10).
8. Your rights
Depending on where you live (e.g. GDPR in the EU/UK, CCPA in California), you may have the right to access, correct, or delete the data we hold about you, and to object to or restrict its processing. The free tier is anonymous, so we typically hold no information that identifies you until you make a purchase. Contact us to exercise any of these rights.
9. Children
Navisual is not directed to children under 13 (or the minimum age in your country), and we do not knowingly collect their data.
10. Contact
Questions or requests: support@navisualguide.com, or open an issue at github.com/NavisualGuide/navisual.
11. Changes
We’ll update this page when our practices change and revise the “last updated” date above.
See also our Terms of Service.