Data retention policy
We retain Personal Information for as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law. If you are a Corporate Customer or a Corporate or Independent User, we retain your Personal Information as long as we are providing Services to you. We may retain Personal Information and certain records of your transactions to the extent necessary to comply with our legal and regulatory obligations. We may also retain Personal Information in light of our legal position such as in regard to applicable statute of limitations, litigation, or regulatory investigations.
Data archiving and removal policy
As a data processor, Navan retains customer data according to our customers instructions. The default deletion of customer data is 45 days after termination of the contract. At any time, customers may send us instructions to delete users sooner.
Data storage policy
Our data is stored in a well protected production environment where only authorized employees can access data on as-needed basis. We keep only necessary customer data that is required to conduct business transactions. All archived data is strongly encrypted and customer data is deleted by technical means, sufficient to render this data irretrievable by ordinary commercially available ways.
App/service has sub-processors
Guidelines for sub-processors