Security

Security you can verify

Trust is the whole point of nao. Here's how we protect your data and give you control over who can query what.

nao queries your warehouse with a read-only role. We don't copy or store your raw data—answers are generated against your source of truth.

All data is encrypted in transit with TLS 1.2+ and at rest with AES-256. Secrets are managed in an isolated vault.

SAML and OIDC single sign-on, plus role-based context scoping so each viewer only queries what they're permitted to.

Every question, query, and context change is logged so you have a complete, reviewable trail of activity.

Use our managed cloud, or deploy nao inside your own VPC or self-hosted environment on Enterprise plans.

We're pursuing SOC 2 Type II during the beta and follow least-privilege principles across our infrastructure.

Need a security review?

We're happy to walk enterprise teams through our architecture, answer questionnaires, and discuss VPC or self-hosted deployment.