Privacy Policy
BlueNavy uses this policy to explain what personal information we collect through the website and discovery experience, where that information comes from, how we use it, who we disclose it to, and the choices available to users.
Last updated March 31, 2026
Scope
This Privacy Policy applies to the public website, sign-in and verification flows, logged-in discovery product, referrals, support interactions, and any claim, concierge, payment, liquidity, cash access, or partner handoff initiated through this experience.
This policy does not control personal information handled solely by a third-party checkout provider, CRM, messaging vendor, or partner after you leave our site or submit information directly to that third party. Those third parties may provide their own notices and terms at the point of handoff.
What We Collect
| Identifiers | Name, email address, phone number, account identifiers, referral codes, hashed phone identifiers used for analytics, and similar identifiers needed to operate the service. |
|---|---|
| Account and security data | Passwords handled through our authentication provider, one-time passcode verification events, sign-in state, session cookies, device and browser details, and fraud or abuse-prevention logs. |
| Discovery and search data | Search inputs and results tied to a verified phone session, including addresses, emails, family and relationship data, public-record-style claim and property matches, dates-of-birth or deceased indicators when returned by a contracted data provider, and related match metadata. |
| Service and transaction data | Selected claims, service tier, referral activity, credits, support routing, concierge selections, checkout intent, and partner handoff metadata. We do not intentionally collect full payment card numbers in this application; external checkout providers process that payment data under their own policies. |
| Usage data | Product event logs, flow selections, experiment groups, pages visited, timestamps, and session/local-storage values used to keep the experience working and measure product performance, including analytics collected through PostHog when enabled. |
| Communications | SMS verification and account-access messages, claim-related service updates, support interactions, and operational contact records we maintain in connected support or CRM systems. |
Sources of Personal Information
- Directly from you, such as when you enter your phone number, create an account, verify a code, choose a service path, or contact us.
- Automatically from your browser or device, including cookies, session state, local or session storage, and basic log information.
- From authentication, hosting, communications, analytics, and CRM vendors we use to run the product.
- From public records, state property data, and contracted third-party data providers that support person, relationship, and claim discovery workflows.
- From referrals, support teams, claim-support personnel, and partners you choose to engage through the platform.
How We Use Personal Information
- To authenticate users, verify ownership of a phone session, and keep unauthorized users out of protected discovery flows.
- To search for potential matches, display claim and property opportunities, and connect a verified user with related family or claim data.
- To provide support, concierge routing, claim follow-up, referral programs, credits, and operational communications.
- To manage product analytics, run experiments, understand which flows are used, and improve the service.
- To prevent abuse, enforce our terms, resolve disputes, protect the product, and comply with legal obligations.
- To route you to an external checkout, liquidity, cash-access, or service partner when you ask us to continue to that step.
How We Disclose Personal Information
We disclose personal information only as reasonably necessary to run the service, complete a request you make, protect the product, or comply with law. Categories of recipients may include:
- Infrastructure, database, and authentication providers, including Supabase or equivalent vendors we use to host the site and manage sessions.
- Product analytics providers, including PostHog when enabled, to measure traffic, pageviews, product behavior, and related conversion activity across the marketing site and application.
- Messaging providers used for one-time passcodes or service-related texts configured through our authentication stack.
- Search, matching, public-record, and people-data providers, including idiCORE or similar providers if enabled for a workflow.
- CRM, support, and operations platforms, including GoHighLevel or LeadConnector-style systems we use to manage signup, support, and claim follow-up.
- Payment processors, concierge teams, liquidity partners, cash-access partners, and other service partners when you intentionally proceed to those options.
- Professional advisors, auditors, corporate transaction parties, and regulators, law enforcement, or courts when legally required or reasonably necessary to protect rights and safety.
We do not represent this build as ad-tech driven. We do not currently use third-party advertising trackers for cross-context behavioral advertising in this repository. We do disclose personal information to service providers and partners as described above.
Cookies, Session Storage, and Similar Technologies
We use cookies and similar technologies for session management, authentication, referral attribution, security, and product functionality. We also use analytics cookies or similar technologies from PostHog when enabled, as well as local or session storage for temporary UI state such as selected people, referral prompts, and flow progress.
Disabling some cookies or browser storage may prevent authentication, search, or checkout handoff features from working correctly.
Retention
We retain personal information for as long as reasonably necessary to provide the service, maintain account integrity, prevent fraud and misuse, document transactions, resolve disputes, enforce our agreements, and satisfy legal, tax, accounting, or regulatory obligations.
- Account, session, and authentication records are generally retained while the account remains active and for a reasonable period after closure or inactivity.
- Discovery, referral, support, and operations records are generally retained for the duration needed to support the relevant workflow, document business operations, and manage disputes or abuse.
- If law requires longer retention or faster deletion for a category, we follow that law.
Your Choices and Rights
Depending on where you live, you may have the right to request access to, deletion of, or correction of certain personal information, or to appeal a decision about a privacy request. You may also have the right to limit certain uses of sensitive personal information where applicable law provides that right.
To make a request, use the contact information we publish for privacy requests. We may need to verify your identity before acting on a request.
California users should also review our Notice at Collection.
Security
We use administrative, technical, and organizational safeguards designed to protect personal information. No method of storage or transmission is fully secure, and we cannot guarantee absolute security.
Children
The service is intended for adults and is not directed to children under 18. If we learn that we collected personal information from a child in a manner not permitted by law, we will take appropriate steps to delete it.
Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we may update the date above and provide additional notice where appropriate. Continued use of the service after an update means the revised policy applies to future use.