Hmm.

I’m not sure if there is a good way to store this securely since it has to all be read by the server based on a trigger of a “like” and not some explicit action from the zapper (I.e. making an API call and decrypting the encrypted string to make the payment).

Only solution I can think of is running a “personal” zap agent on your computer for yourself that performs the same function.

You’d still need to protect your nwc info but at least you’d be responsible for yourself.