Never compromise your data security

nao's first feature

nao is SOC 2 type II certified.

Audited once a year.

Applied every day.

AICPA SOC 2 Certified Shield

Security by design

nao is designed to make your data secure.

The application runs locally on your computer and connects

directly to your data warehouse — not to our servers.

Check how it works in practice:

Security schema

We never access your data

Your queries and results stay local. nao never has access to your connected warehouse or its data values, nor your data connection credentials.

We never send your data to LLMs without explicit permission

By default, only schema and metadata (like table and column names) are shared for query generation. Query results are never sent to the LLM unless you explicitly ask for it.

We don't train on your data

No customer data — metadata, queries, code, or usage logs — is ever used to train our or any external AI model.

We never access your data

All communication between your app, the warehouse, and nao servers uses TLS 1.2+. Stored data is encrypted using AES-256.

Data security

Hosting

Your queries and results stay local. nao never has access to your connected warehouse or its data values, nor your data connection credentials.

Encryption

Your queries and results stay local. nao never has access to your connected warehouse or its data values, nor your data connection credentials.

Backups

By default, only schema and metadata (like table and column names) are shared for query generation. Query results are never sent to the LLM unless you explicitly ask for it.

Data erasure

No customer data — metadata, queries, code, or usage logs — is ever used to train our or any external AI model.

Connected data

No customer data — metadata, queries, code, or usage logs — is ever used to train our or any external AI model.

Physical security

All communication between your app, the warehouse, and nao servers uses TLS 1.2+. Stored data is encrypted using AES-256.

Application security

nao is designed to make your data secure.

The application runs locally on your computer and

connects directly to your data warehouse — not to our servers.

Check how it works in practice

Secure development

We apply a secure software development lifecycle (SDLC) including code reviews, dependency scanning, and automated security tests before every deployment.

Authentication

Only SSO-based login (Google, Apple, Microsoft). No passwords are stored by nao.

Access control

The principle of least privilege applies. Only authorized engineers can access production systems  and only for debugging with customer consent.

Monitoring

Logs and infrastructure are monitored continuously for security and performance anomalies.

MFA & encryption

Employee devices are encrypted and protected by MFA across all internal tools.

AI features

nao integrates with trusted LLM providers -

OpenAI, Anthropic, and Gemini - all of which are

SOC 2 compliant.

Security and privacy remain at the core of how

these AI features are designed:

Metadata only

By default, only non-sensitive metadata (e.g., table and column names) is shared with LLMs for context.

Query results or data values are never sent unless you explicitly authorize it.

Zero Data Retention (ZDR) Policy

nao enforces a Zero Data Retention policy for all AI requests.

Through formal ZDR agreements with OpenAI and Anthropic, we guarantee that your data is not stored or retained by these third-party services after processing is complete.

No training on your data

Neither nao nor any of its AI providers use your data - metadata, code, SQL or usage patterns - to train AI models.

Resources

Trust center

Privacy Policy

Terms & conditions