No. Your vault contents are encrypted on your device — with AES-256-GCM, using a key derived from your vault password — before anything is sent to our servers. What we store is ciphertext: scrambled bytes that are meaningless without your key. Your vault password never leaves your browser, so we never have the key.
This isn’t a policy promise (“we won’t look”) — it’s an architecture (“we can’t look”). Even if our servers were breached, an attacker would get the same unreadable ciphertext we have. Even a NestVault employee with full database access sees noise.
The same design that makes your data unreadable to us makes it unrecoverable by us: we cannot reset your vault password. Your recovery code is the safety net. That’s the deal, stated plainly — and the full technical detail is on our security page.