> ## Documentation Index
> Fetch the complete documentation index at: https://docs.navattic.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Security & privacy

> An overview of Navattic's security posture, data handling practices, and tools for protecting sensitive information in demos.

Navattic is built with security in mind at every layer — from how your demo content is captured and stored to how access is controlled within your workspace. For compliance documentation, certifications, and downloadable security materials, visit the [Navattic Trust Center](https://trust.navattic.com/).

## Compliance certifications

Navattic maintains industry-standard certifications to support enterprise procurement and infosec reviews. Current certifications — including SOC 2 Type II and GDPR compliance — are listed on the [Navattic Trust Center](https://trust.navattic.com/).

<Note>
  If your infosec team needs security documentation or you need to complete a vendor security questionnaire, visit the Trust Center or contact [success@navattic.com](mailto:success@navattic.com).
</Note>

## How Navattic captures and stores data

Navattic captures static HTML snapshots of your application — not live access to your product or its underlying data. When you use the capture tool:

* Navattic records a visual copy of your app at the moment of capture.
* Your live application data is not connected to or accessible through the demo.
* Captured content is stored and served from Navattic's cloud infrastructure.

This means visitors viewing your demo never interact with your actual application or its data.

## Protecting sensitive data in demos

Before sharing a demo, review your captures for any sensitive content that may have been included unintentionally.

### Avoid capturing sensitive screens

Before starting a capture session, navigate away from any screens that contain data you don't want included. You can also delete individual captures from a collection if they contain content you want to exclude.

### Blur sensitive content

Use the blur tool in the capture editor to mask areas containing name, locations, or sensitive data. Select any region of a capture and apply a blur to hide it from viewers.

### Edit or replace text

You can edit text directly within a capture to replace customer names, email addresses, or other sensitive strings with placeholder values.

## Demo access controls

Navattic gives you several ways to control who can view a shared demo.

| Setting                 | What it does                                                          |
| ----------------------- | --------------------------------------------------------------------- |
| **Link expiration**     | Set a date after which the share link stops working.                  |
| **Password protection** | Require viewers to enter an access code before viewing.               |
| **Domain restriction**  | Limit access to viewers from specific email domains.                  |
| **Form gating**         | Require viewers to submit a form before they can proceed.             |
| **Revoke access**       | From Launchpad, disable a share link at any time from the Manage tab. |

For more on gating demos with forms, see [Forms](/tracking/forms/index).

## Workspace security features

Navattic provides several tools for securing and governing your workspace.

<CardGroup cols={2}>
  <Card title="SSO" icon="shield-check" href="/workspace/sso">
    Require members to authenticate using an identity provider such as Okta or Azure AD.
  </Card>

  <Card title="Directory sync" icon="users" href="/workspace/directory-sync">
    Automatically provision and deprovision users via SCIM.
  </Card>

  <Card title="Audit logs" icon="scroll-text" href="/workspace/audit-logs">
    Monitor workspace activity with a full audit trail. Available on Enterprise plans.
  </Card>

  <Card title="Custom domains" icon="globe" href="/workspace/custom-domains">
    Serve demos from your own branded domain over HTTPS.
  </Card>
</CardGroup>

### Roles and permissions

Navattic has three workspace roles:

* **Admin** — Full access to all workspace settings, demos, and members.
* **Builder** — Can create, edit, and publish demos. Cannot change workspace settings.
* **Rep** — View and share demos through Launchpad. Cannot build or edit demos.

This role separation helps ensure that only authorized team members can create or modify demo content.

## AI and data privacy

Navattic's AI features — including Copilot, AI avatars, and voiceover — process content to generate outputs on your behalf. Navattic does not use your demo content to train AI models. For specific details on data processing for AI features, refer to the [Navattic Trust Center](https://trust.navattic.com/).

## Security review support

If your procurement or infosec team needs additional documentation:

* Visit the [Navattic Trust Center](https://trust.navattic.com/) to download security reports and policies.
* Contact [success@navattic.com](mailto:success@navattic.com) to request custom security materials or fill out a vendor questionnaire.