What stays local, what MCP transmits, and credential vault behavior.
Connection strings encrypt into Windows Credential Manager (AES-256-GCM). Nexoxa servers never receive your postgres://, ssh://, or s3:// secrets.
MCP tools use saved connection names and schema metadata — not full URLs with embedded passwords.
Copilot is BYOK. See full security page for what may be sent to AI providers.