Your data. Our practices. Nothing hidden.

1. Scope & Summary

This Privacy Policy applies to DataNav Solutions™ ("DataNav," "we," "us," or "our") and the platforms we operate, including Instant Wealth Readiness™ (IWR™), IWR™ Pro, ReadySim™, ReadyForce™, and our marketing website at datanavmg.com. It covers how we collect, use, store, and share information when you interact with any of these services.

2. Information We Collect

Information You Provide Directly

• Account and profile data: name, email address, access code, institutional affiliation, sport or role, position, jersey number, year or class level, team selection.
• Assessment responses: answers to Readiness Scout™ and FIRE Scout™ questions, Career Path simulation choices, certificate data, scores across the 12 competency categories.
• Uploaded content: photos used for avatars, documents uploaded for policy extraction, and any materials submitted through contributor intake forms.
• Communications: email exchanges with our team, support requests, and feedback submitted through the platform.

Information Collected Automatically

• Usage data: screens visited, features used, time spent, completion progress, error logs.
• Device data: browser type, operating system, screen size, device type (mobile, tablet, desktop).
• IP address and approximate location: used for security and to prevent abuse; not used for precise geolocation or targeted advertising.

Information We Do Not Collect

We do not collect precise GPS location, biometric identifiers, health or medical records, or financial account numbers. We do not access your contacts, calendar, microphone, or camera unless you explicitly upload a photo or document.

3. How We Use Information

We use the information we collect to:

• Operate the platform, deliver simulations, score assessments, and issue certifications.
• Personalize your experience, including applying your team colors, profile archetype, and preferred language.
• Enable institutional dashboards for coaches, general managers, and compliance officers to view progress and certification status within their program.
• Power AI features such as Career Path Builder, scenario generation, and document analysis through secured API calls.
• Improve the platform, diagnose technical problems, and prevent abuse.
• Communicate with you about platform updates, policy changes, and support requests.
• Comply with legal obligations, respond to lawful requests, and enforce our Terms of Service.

4. Where Data Is Stored

Current Version (Phase 1)

Assessment data, simulation responses, and personal profile information are stored locally on your device using browser localStorage. This means your data is on your device, not on a DataNav server. If you clear your browser data, uninstall the app, or switch devices without exporting your certificate, your data will be lost and cannot be recovered.

Future Version (Phase 2)

We are developing an institutional backend database that will allow authorized personnel within your institution to access roster-level data in a controlled and audited way. When Phase 2 launches, institutional users will sign a Data Processing Agreement that governs how data is stored, encrypted, backed up, and deleted. Athletes will be notified before any transition of their data from local storage to institutional storage.

5. When We Share Data

We do not sell your personal information. We share limited data in the following situations:

Within Your Institution

• Program Directors and General Managers can view assessment data for athletes enrolled in their program.
• Compliance Officers have read-only access to completion status and certification records. Individual simulation responses and behavioral scores are not visible to compliance officers.

Service Providers

• Anthropic, PBC provides the AI infrastructure used for Career Path generation and document analysis. API calls route through our secured proxy. Anthropic does not use our customer data to train models per our API agreement.
• Railway hosts our AI proxy server.
• HostGator hosts our marketing website and static platform files.

Legal & Safety

We may disclose information if required by law, court order, or to protect our rights, your safety, or the safety of others. We will notify affected users unless the law prohibits it.

6. AI Features & Anthropic

Some platform features use large language models provided by Anthropic, PBC (the Claude API). When you use these features:

• Your input and the context needed to answer your request are sent through our secured proxy server to Anthropic's API.
• Anthropic processes the request and returns a response. Anthropic's enterprise data policy prohibits the use of this data for model training.
• The response is returned to your device. We do not retain copies of AI requests or responses beyond normal error-logging windows.
• We never send your access code, certificate code, or account identifiers to the AI. Only the specific content you are asking about is included.

7. FERPA & Educational Records

When DataNav serves an educational institution subject to the Family Educational Rights and Privacy Act (FERPA), the institution is the data controller for student education records generated through the Platform. DataNav acts as a "School Official" with "legitimate educational interest" as permitted under FERPA, governed by a written Data Processing Agreement between DataNav and the institution.

If you are a student and you have questions about how your data is handled under FERPA, contact your institution's registrar or privacy office. If your institution has not executed a DPA with us, you can request a copy through them or contact us directly.

8. Age Requirements & Minors

The Platform is designed for individuals age 18 or older. Institutions are responsible for ensuring that enrolled athletes meet this age requirement before issuing access codes.

We do not knowingly collect information from individuals under age 13. This is consistent with the Children's Online Privacy Protection Act (COPPA). If you believe a child under 13 has provided us with information, contact us immediately and we will delete it.

For athletes between 13 and 17, institutional deployment requires parental or guardian consent as documented in the institution's own athlete onboarding process. DataNav does not directly collect parental consent; this is managed by the institution.

9. Security

We take reasonable measures to protect the information we handle:

• All web traffic uses HTTPS with TLS 1.2 or higher.
• API calls to Anthropic route through a secured proxy that does not log request bodies.
• No API keys, credentials, or institutional secrets are embedded in client-side code.
• We do not use third-party advertising trackers or behavioral advertising networks.
• Service providers (Anthropic, Railway, HostGator) maintain their own security certifications including SOC 2 where applicable.

No system is perfectly secure. If we learn of a security incident that affects your information, we will notify you and the relevant authorities as required by law.

10. Retention & Deletion

Local device data: stored on your device until you clear your browser data, uninstall the application, or sign out. Signing out clears all local data for that session.

Certificate records: If your institution enables certificate backup, records are retained for the duration of your athletic eligibility plus one year, unless your institution specifies a different retention period in their DPA.

Institutional aggregate data: when institutions request anonymized cohort analytics, we retain aggregate data for up to three years. This data cannot be traced back to individual athletes.

Email and support communications: retained for up to three years.

Deletion requests: you may request deletion at any time. See Section 11 for how to exercise this right.

11. Your Rights

Subject to applicable law, you have the right to:

• Access the information we hold about you.
• Correct inaccurate information.
• Export your data in a portable format (CSV for roster data, PDF for certificates).
• Delete your personal data, subject to legal retention requirements.
• Withdraw consent for AI features or other optional processing.
• Object to processing you believe is unlawful.
• Lodge a complaint with a data protection authority.

To exercise any of these rights, email privacy@datanavsolutions.com. We will respond within 30 days. If you are a student at an institution with a DPA in place, your institution may also process these requests on your behalf.

12. Cookies & Tracking

We use a minimal set of first-party storage mechanisms:

• localStorage: to store your profile, assessment progress, language preference, and theme preference on your own device.
• Service worker cache: to enable offline functionality for the IWR platform after first load.
• Session storage: for temporary state during a single session.

We do not use third-party cookies, pixel trackers, behavioral advertising cookies, or cross-site tracking of any kind.

13. State Law Rights

California Residents (CCPA/CPRA)

California residents have the right to know what categories of personal information we collect, the right to delete, the right to correct, the right to opt out of the sale or sharing of personal information (we do not sell or share personal information for cross-context behavioral advertising), and the right to limit the use of sensitive personal information. We do not discriminate against users who exercise their rights.

Other State Laws

Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and other states with comprehensive privacy laws have similar rights of access, deletion, correction, and portability. Contact us using the addresses below to exercise these rights.

International Users

DataNav operates from the United States. If you access the Platform from outside the United States, your information will be transferred to and processed in the United States. If you are in the European Economic Area or the United Kingdom, the General Data Protection Regulation (GDPR) and UK GDPR apply and you have additional rights including the right to data portability and the right to object to automated decision-making. DataNav does not engage in automated decision-making that produces legal effects.

14. Changes to This Policy

We may update this policy from time to time. Material changes will be announced through the platform and via email to institutional administrators at least 30 days before taking effect. The "Effective" date at the top of this page reflects the most recent revision. Prior versions are available on request.

15. Contact Us