App Permissions & Data Access
Last Updated: 20 April 2026
Privacy Policy
This page lists every device permission and SDK used by the Navya mobile application on the Google Play Store and the Apple App Store, the reason we use it, whether it is required, and how you can revoke it. It is published in compliance with the Google Play Data Safety section and Apple App Store Privacy Nutrition Labels.
1. Permissions on Android (Google Play)
| Permission | Why we use it | Required? |
|---|---|---|
| INTERNET | To connect to Navya servers for sign-in, browse, profile updates. | Yes |
| CAMERA | To take a verification selfie and to upload profile photos directly from the camera. | Optional — you can choose photos from the gallery instead. |
| READ_MEDIA_IMAGES | To select photos for your profile from your device gallery. | Optional — only requested when you tap “Add photo”. |
| POST_NOTIFICATIONS | To notify you of new connection requests, profile views, and messages. | Optional — you may decline. |
| RECEIVE_BOOT_COMPLETED | To resume scheduled notifications after a phone restart. | Optional |
| QUERY_ALL_PACKAGES (limited) | To check whether WhatsApp is installed before opening the WhatsApp deep-link. | Used only with the limited GET_INSTALLED_PACKAGES exemption for the WhatsApp connect feature, which is the core functionality of Navya. |
2. Permissions on iOS (App Store)
| Permission | Why we use it | Required? |
|---|---|---|
| NSCameraUsageDescription | To take a verification selfie or profile photo. | Optional |
| NSPhotoLibraryUsageDescription | To pick profile photos from your library. | Optional |
| NSUserNotificationsUsageDescription | To notify you of new requests, views, and messages. | Optional |
We do not use the IDFA (App Tracking Transparency framework). We do not use Bluetooth, microphone, location (precise or coarse), contacts, calendar, reminders, motion, or HealthKit.
3. Data shared with third parties
- Amazon Web Services (Mumbai region) — cloud hosting for all data. Bound by AWS India data residency and our Data Processing Agreement.
- Razorpay — for payment processing on the website. PCI-DSS certified.
- Google Play Billing / Apple App Store — for subscription processing within the apps.
- Digio / Hyperverge — for one-time identity verification, then the raw documents are deleted from their servers within 30 days.
- WhatsApp LLC — when you tap “Connect on WhatsApp”, the call leaves Navya and is governed by WhatsApp’s policies.
We do not use any third-party advertising SDK, analytics SDK, attribution SDK, or social-login other than Google Sign-In (where you choose it).
4. Data the Navya app collects
- Personal info: name, email, phone number, date of birth — collected at signup, used for account operation.
- Photos: only those you add to your profile.
- App activity: searches, profiles viewed, in-app actions — used to improve recommendations.
- Device or other identifiers: device model, OS version, app version — used for crash diagnostics.
- Diagnostics: crash logs (no personal data inside).
All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Account deletion is offered both in-app and on the website — see our Account Deletion page.
5. Revoking permissions
On Android: Settings → Apps → Navya → Permissions. On iOS: Settings → Navya. Revoking a permission disables only the related feature; the rest of the app continues to work normally.
6. Contact
Privacy & deletion: info@navyasocial.in.