Privacy Policy

Information We Collect

Account Information

When you create an account, we collect:

• Email address
• Organization name
• Password (stored securely hashed)

Agent Data

Our agent collects information about MCP servers on your systems:

• Server names and types
• Commands used to run servers
• File paths (scope)
• Environment variable names only (never values or credentials)
• Agent hostname and operating system

What We DO NOT Collect

• Actual credential values or secrets
• File contents
• Database data
• API responses
• Personal files or documents

How We Use Information

We use collected information to:

• Provide and maintain the MCPShield service
• Calculate risk scores for MCP servers
• Generate alerts for high-risk configurations
• Improve our risk detection algorithms
• Send important service updates
• Respond to support requests

Information Sharing

We do not sell your data. We may share information with:

• Service Providers: Third parties who help us operate (hosting, analytics)
• Legal Requirements: When required by law or legal process
• Business Transfers: In case of merger or acquisition

Your organization's data is never shared with other customers. Multi-tenant isolation ensures complete separation.

Data Security

We implement industry-standard security measures:

• All data encrypted in transit (TLS 1.3)
• Data encrypted at rest (AES-256)
• Passwords hashed with bcrypt
• API keys stored securely hashed
• Regular security audits
• SOC2 Type II compliance (Enterprise)

Your Rights

You have the right to:

• Access: Request a copy of your data
• Correction: Update inaccurate information
• Deletion: Request deletion of your account and data
• Export: Download your data in a portable format
• Opt-out: Unsubscribe from marketing communications

To exercise these rights, contact privacy@mcpshield.app

Contact Us

For privacy-related questions:

Email: privacy@mcpshield.app