Skip to main content

Last updated: April 15, 2026

Privacy Policy

Overview

Naqi is a desktop application that scans and cleans up AI agent configurations on your machine. Privacy is central to how Naqi works: your data stays local by default, and nothing leaves your machine unless you explicitly trigger it.

This policy explains what data Naqi collects, where it goes, and what control you have over it.

Data controller: Yasser's studio (publisher of Naqi). Yasser's studio is established outside the European Economic Area. See "EU Residents" below for the implications.

1. What Naqi Scans (Local Only)

When you run a scan, Naqi reads configuration files from AI clients installed on your machine. Naqi reads:

  • MCP server names, transport types, and connection commands
  • Environment variable names (never values)
  • Memory file contents (for contradiction detection)
  • Skill directory names, sizes, and modification dates
  • Config file modification timestamps

This data never leaves your machine during a scan. Scanning is entirely local. No network requests are made during scanning.

2. AI Analysis (Pro Tier Only)

If you use AI-powered analysis, Naqi sends an anonymized summary of your workspace to your chosen AI provider. This only happens when you explicitly click "Analyze" — never automatically.

Before any data is sent, Naqi's anonymization engine:

  • Completely removes all environment variable values (only names sent)
  • Replaces usernames in file paths with [USER]
  • Replaces email addresses with [EMAIL]
  • Replaces API keys and tokens with [API_KEY]
  • Strips flags and arguments from server commands — only the binary name is sent

You can inspect the exact payload before it is sent using "View Raw Payload" in the app. Nothing is sent until you confirm.

Supported providers (you bring your own API key, the call goes from your machine to the provider): Anthropic, OpenAI, Google, xAI, Ollama (local), and OpenRouter. Each provider's own privacy policy governs what they do with the request you initiate.

3. Payments (Pro Purchases)

Naqi Pro is available as an in-app purchase through the Mac App Store. When you buy Naqi Pro, Apple collects:

  • Your email address
  • Payment information (handled entirely by Apple)
  • Billing address (for tax calculation)
  • Country (for VAT/GST compliance)

Naqi never sees or stores your payment information. Apple handles all payment processing, tax compliance, and receipt generation. Apple's privacy practices are governed by their own Privacy Policy.

When you launch Naqi, it verifies your App Store purchase receipt locally to confirm your Pro status.

4. What Naqi Stores Locally

Naqi stores its data in ~/.naqi/ on your machine: app preferences, cached scan results, timestamped config backups, undo history, and application logs. None of this is transmitted anywhere.

Your license key and API key are stored in the OS keychain (macOS Keychain, Windows Credential Manager, or Linux Secret Service), never in plain text files.

5. Analytics and Telemetry

Naqi does not include any analytics, tracking, or telemetry. No usage tracking, no crash reporting, no phone-home behavior, no anonymous statistics.

The only network requests Naqi makes are: AI API calls when you explicitly trigger analysis, App Store receipt validation, and update checks via the Tauri updater.

6. Website Cookies (getnaqi.com)

The getnaqi.com website uses only essential cookies required for basic site functionality. No analytics cookies, no advertising cookies, no third-party tracking pixels.

If you purchase through the Mac App Store, that transaction is subject to Apple's own privacy and cookie policies.

When you change the display language via the language switcher, we set a single cookie (NEXT_LOCALE) that remembers your selection. This cookie contains only the locale code (e.g. "en", "fr"), expires after one year, and is never sent to any third party.

7. Sub-processors

Where data is processed by third parties on our behalf, the sub-processor list is:

  • Apple Inc. — payment processing via Mac App Store
  • Resend (US) — transactional email delivery (purchase receipts, password resets when applicable)
  • Vercel Inc. (US, with EU regions for data residency) — hosting of getnaqi.com and the license validation API
  • Upstash Inc. (US, with EU regions) — Redis cache for license validation rate limiting
  • GitHub Inc. (US) — release artifact hosting and download delivery

AI providers you bring your own key for (Anthropic, OpenAI, Google, xAI, OpenRouter) are not Naqi sub-processors — you contract with them directly.

8. Your Rights

Access: All Naqi data is in ~/.naqi/ — you can read it directly. For App Store purchase records, check your Apple ID account.

Deletion: Delete ~/.naqi/ to remove all local data. Email support@getnaqi.com for any remaining data deletion requests.

Opt out: Use Naqi's Free tier without any data ever leaving your machine. AI analysis is always opt-in.

CCPA: Naqi does not sell personal information.

9. EU Residents (GDPR)

If you are in the European Economic Area, Naqi processes the following limited personal data:

  • Pro purchasers: Apple ID email (collected by Apple via the Mac App Store), purchase receipt (verified locally)
  • Free-tier users: no personal data — Naqi runs entirely locally with no contact to our servers
  • Website visitors: standard server logs (IP at request time, retained ≤ 30 days)

Legal bases:

  • Contract performance (Article 6(1)(b)) — license validation for Pro features you purchased
  • Legitimate interest (Article 6(1)(f)) — security and integrity of the license validation service
  • Consent (Article 6(1)(a)) — AI analysis only runs when you explicitly trigger it

EU representative (Article 27): Yasser's studio is established outside the EU and currently does not have a designated Article 27 representative. We process minimal personal data (Pro purchaser email + hashed hardware ID; no telemetry, no profiling). We will appoint a representative as the user base grows. EU data subjects can exercise their rights directly via support@getnaqi.com — we respond within 30 days.

You have the right to access, rectify, erase, restrict, port, and object to processing of your personal data, and to lodge a complaint with your local supervisory authority.

10. Children's Privacy

Naqi is a developer tool intended for adults. It is not directed at children under 16, and we do not knowingly collect personal data from children.

11. Changes to This Policy

If we make material changes to this policy, we will update the "Last updated" date and post a notice on getnaqi.com. For significant changes affecting Pro users, we will email the address on file.

12. Contact

For privacy questions or data requests: support@getnaqi.com

We aim to respond within 7 business days for general inquiries and 30 days for formal GDPR data subject requests.