What Nayker cannot see.
These are not aspirational goals. They are architectural constraints. The system is designed so that accessing this data is structurally impossible.
Raw credentials
Never stored in plaintext. Encrypted at rest with AES-256-GCM. Decrypted only at runtime, server-side.
Email content
Never read, never stored, never logged. Nayker proxies OAuth tokens — not mailbox contents.
Financial data
Never logged. Payment processing handled entirely by Stripe. We never see card numbers.
Vault contents (BYOK)
On enterprise BYOK tier, even Nayker employees cannot decrypt your vault. You hold the key.
Customer source code
Never transmitted to Nayker. The SDK runs in your infrastructure. We see metadata, not code.
Conversation content
Agent prompts and LLM responses never pass through Nayker servers. We handle auth, not inference.
BYOK guarantee: On enterprise tier, your encryption keys never leave your AWS account. Nayker's IAM role can only call kms:Encrypt and kms:Decrypt — no key export, no admin access.