Skip to main content
SysNav
// SECURITY

Built for teams whose compliance reviewer
reads every commit.

SysNav earns its place in regulated environments by leaving your keys where they belong — with you.

// SIX PILLARS

How SysNav keeps secrets, secret.

Local-first by design

SSH keys, credentials, and env vars never leave your device. The shell runs on your machine; the AI orchestrator sees only redacted, ephemeral context.

Minimal retention

Your prompt and command context are processed in memory to answer the request — not retained as a SysNav dataset. We keep only a metadata audit log (command text and approvals), never file contents or secrets.

Redaction pipeline

An on-device scrubber strips common key formats (AWS, GCP, JWT, private-key blocks, credential env vars, etc.) before any token is sent upstream.

Bring your own key

SysNav runs on Claude (Sonnet) with an OpenAI fallback. On Pro you can bring your own Anthropic API key — it’s stored in your OS keychain and used directly. Additional providers (Azure, Bedrock, self-hosted Llama/Mistral) are on the roadmap.

Tamper-evident audit

Every command, approval, and AI context is recorded in an append-only audit log with a SHA-256 hash chain, with an optional mirror to your own S3 bucket. Exportable as JSON.

Safety gate

Destructive commands are blocked in Ask mode and require explicit approval in Agent mode, enforced by an allowlist-first command gate with deny-patterns. Broader policy controls (time-windows, region scoping) are on the roadmap.

// THE VAULT

Secrets, sealed with a key only you hold.

Encrypted on your device, synced as ciphertext, recoverable only by you. Free on every plan.

End-to-end encrypted

SSH keys, credentials, and snippets are sealed with AES-256-GCM — a fresh key per item, a unique IV per write. The vault key is derived from your passphrase with scrypt and never leaves your machine.

A passphrase we never see

Your passphrase is used on-device to unwrap the vault key in memory, then zeroed the moment you lock. It never crosses the network — or even an internal process boundary.

Zero-knowledge sync

Your vault follows you between machines, but only ciphertext syncs. SysNav’s servers store opaque encrypted blobs — never your passphrase, your keys, or plaintext.

One-time recovery kit

Forget your passphrase and a recovery phrase — shown once, stored nowhere — restores access. There is no backdoor, because end-to-end means there isn’t one to have.

// COMPLIANCE

Frameworks, status, reality.

SysNav is in public general availability. None of the frameworks below are certified yet — this table reflects our roadmap and current data-handling practices, not completed audits.

FRAMEWORK
STATUS
STAGE
SOC 2 Type II
Targeting a Type II audit as we exit beta.
Planned
GDPR
We follow GDPR data-handling principles; a DPA is available on request.
Aligned
HIPAA
Not supported today. PHI-aware handling is on the roadmap.
Roadmap
ISO 27001
Planned to follow SOC 2.
Roadmap