Last updated: April 9, 2026

Privacy Policy

Overview

Naqi is a desktop application that scans and cleans up AI agent configurations on your machine. Privacy is central to how Naqi works: your data stays local by default, and nothing leaves your machine unless you explicitly trigger it.

This policy explains what data Naqi collects, where it goes, and what control you have over it.

1. What Naqi Scans (Local Only)

When you run a scan, Naqi reads configuration files from AI clients installed on your machine. Naqi reads:

  • MCP server names, transport types, and connection commands
  • Environment variable names (never values)
  • Memory file contents (for contradiction detection)
  • Skill directory names, sizes, and modification dates
  • Config file modification timestamps

This data never leaves your machine during a scan. Scanning is entirely local. No network requests are made during scanning.

2. AI Analysis (Pro Tier Only)

If you use AI-powered analysis, Naqi sends an anonymized summary of your workspace to your chosen AI provider. This only happens when you explicitly click “Analyze” — never automatically.

Before any data is sent, Naqi's anonymization engine:

  • Completely removes all environment variable values (only names sent)
  • Replaces usernames in file paths with [USER]
  • Replaces email addresses with [EMAIL]
  • Replaces API keys and tokens with [API_KEY]
  • Strips flags and arguments from server commands — only the binary name is sent

You can inspect the exact payload before it is sent using “View Raw Payload” in the app. Nothing is sent until you confirm.

3. Payments (Pro Purchases)

Naqi uses Paddle as its Merchant of Record for Pro license purchases. When you buy Naqi Pro, Paddle collects:

  • Your email address
  • Payment information (handled entirely by Paddle)
  • Billing address (for tax calculation)
  • Country (for VAT/GST compliance)

Naqi never sees or stores your payment information. Paddle handles all payment processing, tax compliance, and receipt generation. Paddle's privacy practices are governed by their own Privacy Policy.

When you activate your license key, Naqi sends your license key and a SHA-256 hash of your hardware ID (the raw ID never leaves your machine) to Paddle's license API to verify your purchase.

4. What Naqi Stores Locally

Naqi stores its data in ~/.naqi/ on your machine: app preferences, cached scan results, timestamped config backups, undo history, and application logs. None of this is transmitted anywhere.

Your license key and API key are stored in the OS keychain (macOS Keychain, Windows Credential Manager, or Linux Secret Service), never in plain text files.

5. Analytics and Telemetry

Naqi does not include any analytics, tracking, or telemetry. No usage tracking, no crash reporting, no phone-home behavior, no anonymous statistics.

The only network requests Naqi makes are: AI API calls when you explicitly trigger analysis, Paddle license validation on activation, and update checks via the Tauri updater.

6. Website Cookies (getnaqi.com)

The getnaqi.com website uses only essential cookies required for basic site functionality. No analytics cookies, no advertising cookies, no third-party tracking pixels.

7. Your Rights

Access: All Naqi data is in ~/.naqi/ — you can read it directly. For Paddle purchase records, contact them or email us.

Deletion: Delete ~/.naqi/ to remove all local data. Email privacy@getnaqi.com for Paddle data deletion requests.

Opt out: Use Naqi's Free tier without any data ever leaving your machine. AI analysis is always opt-in.

CCPA: Naqi does not sell personal information.

GDPR: Legal basis is contract performance (license validation), legitimate interest (AI analysis you requested), and consent (AI analysis only runs when you trigger it).

8. Contact

For privacy questions or data requests: privacy@getnaqi.com

We aim to respond within 7 business days.