
Security
Security at Navon.
Operators trust us with how their business runs. That trust is the design constraint: security is embedded in the platform at every level.
Our commitment
Security built into every layer.
Operational data is the business. So the guarantees live in the architecture: isolated organizations, permissions enforced at the data layer, approvals with named owners, and honest lines about what runs where. Structural, then contractual.
Isolated at the data layer
Access rules are enforced by the database on every table, and cross-organization isolation is tested, never assumed.
Proposal-first AI
Assistant actions wait for a named owner's approval before anything executes.
Your data leaves with you
Record exports are built into the product, and export or deletion requests go straight to the team.
The controls
Governed by default.
The same controls that govern the platform govern every engagement. They are how the system is built.
Our infrastructure providers are independently audited to industry-standard security frameworks.
Tenant isolation
Every organization's records are isolated at the database layer, and that isolation is tested, never assumed.
Row-level security
Permission enforcement at the data layer, on every table, so the interface is never the only guard.
Encryption
Encrypted in transit and at rest, across every record.
Least privilege
Role checks run at the application layer and again at the database. Unknown roles fail closed to read-only.
Audit logging
Approvals, escalations, and record events land in an append-only trail with a named actor.
Your data stays yours
Never used to train models, never visible to another organization, never pooled across clients.
Where it runs
One posture, two surfaces.
The hosted application and the systems an engagement deploys follow the same rules. The difference is where they run, and we are precise about that line.
The application
The hosted platform, run and operated by Navon.
A managed cloud product. Isolation, permissions, and audit live in the database and the application layer, and the same enforcement applies to every organization on the platform.
The engagement
What an advisory engagement deploys in your environment.
Agents, automations, and the compute behind them can land in your cloud, your VPC, or fully local on your own hardware. Residency is scoped during the evaluation, before anything is built.
The data lifecycle
From evaluation to departure.
What happens to your data at each stage of working with Navon.
Evaluation
Access, residency, and integration scope are mapped before anything is built. You see what the system will touch and why.
Deployment
Wiring follows least privilege. Each connection gets the narrowest access that does the job, and nothing more.
Operation
Isolation, role checks, and event trails do their work on every record, every day, for every organization.
Departure
Records export from the product directly, and account export or deletion requests go straight to the team.
Engagements run where your data has to stay.
When an engagement deploys agents, automations, or the compute behind them, that footprint can land in your cloud, your VPC, or fully local on your own hardware. Residency is scoped during the evaluation, so the architecture honors your requirements from day one.
How deployment worksNothing acts without an owner.
Human review is the default. Assistant actions and managed agents propose to a named owner and wait; a team can turn on autonomous execution when it is ready. Either way, every decision lands in the record's event trail as it happens.
How agents are governedCommon questions.
Straight answers about where things run and who can see what.
Where does the platform run?
Can Navon run inside our environment?
Who can see our data?
What can the AI features do with our data?
Can we take our data with us?
Responsible disclosure
Found something we should know about?
Tell us directly. Security reports go to the team and get a reply within one business day.
Report a security concernSee how the architecture fits your requirements.
Residency, access, and oversight are scoped in the evaluation. Tell us your constraints and we will design to them.