Privacy Policy

Introduction

MCP Assistant ("we", "our", or "the service") is a platform that helps users manage MCP (Model Context Protocol) servers and interact with AI assistants. This privacy policy explains how we collect, use, and protect your information.

Information We Collect

1. Authentication Information

When you sign in using Google OAuth, we collect:

• Your email address
• Your profile information (name, profile picture)
• Google user ID

This information is used solely for authentication purposes and to provide you with a personalized experience.

2. MCP Server Configuration

• Server names, URLs, and connection settings you configure
• This data is stored securely in our database
• Server configurations are private to your account

3. Usage Data

• Connection state and tool discovery data stored temporarily in Redis (24-hour TTL)
• Session information for anonymous users
• No tracking or analytics data is collected

How We Use Your Information

We use the collected information to:

• Authenticate you with your Google account
• Maintain your session and preferences
• Store your MCP server configurations
• Provide access to connected MCP servers and AI assistant features
• Manage connection state and tool discovery

Data Storage

• Database: User accounts and MCP server configurations are stored in our secure database
• Redis Cache: Connection state and temporary data stored with 24-hour automatic expiry
• Backend Services: Authentication tokens are securely validated
• No Third-Party Storage: We do not store your data on third-party servers

Data Sharing

We do NOT:

• Sell your personal information to third parties
• Share your data with advertisers
• Use your data for marketing purposes
• Track your browsing activity

We MAY share data only in these circumstances:

• When required by law or legal process
• To protect the rights, property, or safety of users or others
• With your explicit consent

Third-Party Services

Google OAuth

We use Google OAuth for authentication. When you sign in:

• Google's Privacy Policy applies: https://policies.google.com/privacy
• We receive only the minimum information necessary for authentication

MCP Servers

When you connect to MCP servers:

• You are responsible for the privacy policies of those servers
• We do not control or monitor the data exchanged with third-party MCP servers

Data Security

We implement security measures including:

• HTTPS encryption for all network communications
• Secure token handling for authentication
• No plaintext storage of sensitive credentials
• OAuth 2.0 industry-standard authentication
• Redis TTL-based automatic cleanup of temporary data

Your Rights

You have the right to:

• Access: Review your stored server configurations and data
• Delete: Remove your account and all associated data
• Revoke Access: Disconnect your Google account at any time
• Data Portability: Export your MCP server configurations

Children's Privacy

MCP Assistant is not intended for children under 13. We do not knowingly collect information from children under 13.

Changes to This Policy

We may update this privacy policy from time to time. When we do:

• The "Last Updated" date will be revised
• Material changes will be communicated through our website
• Continued use of the service constitutes acceptance of changes

Data Retention

• Account Data: Stored until you delete your account
• Authentication Tokens: Expire according to Google's OAuth token lifetime
• Redis Cache: Automatically expires after 24 hours
• Session Data: Cleared when you sign out

Compliance

This service complies with:

• Google API Services User Data Policy
• General Data Protection Regulation (GDPR) principles
• California Consumer Privacy Act (CCPA) guidelines