Privacy Policy

MCPForDevs ("we", "our", or "us") operates the MCPForDevs platform, which allows organizations to expose their APIs as Model Context Protocol (MCP) servers. This Privacy Policy explains what information we collect, how we use it, and the choices you have.

By accessing or using our service, you agree to the collection and use of information as described here.

Account information. When you sign up, we collect your email address and associate it with an organization. We do not store passwords — authentication is handled via one-time codes sent to your email.

Usage and billing data. We log API requests, authentication events (code requests, verification attempts), and associated metadata (timestamps, server IDs, API key IDs). This data is used to provide the service, calculate usage, and support billing.

End-user authentication data. When your end users authenticate through your MCP server using our Auth service, we store their email address, first/last seen timestamps, and login count scoped to your server. We do not use this data for any purpose other than providing the service.

Technical data. We may collect IP addresses, browser/client metadata, and error logs to operate and improve the platform.

We use the information we collect to:

• Provide, maintain, and improve the MCPForDevs platform.
• Authenticate users and issue session tokens.
• Track usage for billing and analytics purposes.
• Send transactional emails (one-time login codes).
• Detect and prevent abuse or unauthorized access.
• Comply with legal obligations.

We do not sell your personal data to third parties.

We share data only with the infrastructure providers necessary to operate the service, including Amazon Web Services (AWS) for compute, storage, and email delivery. These providers process data on our behalf under their own security and compliance frameworks.

We may disclose data if required by law, court order, or to protect the rights, property, or safety of MCPForDevs or its users.

Authentication logs and usage records are retained for up to 12 months for billing and audit purposes. One-time codes expire after 10 minutes and are automatically deleted by the system. You may request deletion of your account and associated data by contacting us.

We implement industry-standard security measures including encryption in transit (TLS), hashed storage of API keys (SHA-256 — raw values are never stored), and short-lived JWT session tokens. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

You may request access to, correction of, or deletion of personal data we hold about you. To exercise these rights, contact us at the address below. We will respond within 30 days.

We may update this Privacy Policy from time to time. We will post the updated version with a revised "Last updated" date. Continued use of the service after changes constitutes acceptance.

For questions or requests related to this Privacy Policy, contact us at privacy@mcpfordevs.com.