Privacy Policy

1. Data controller

MCP Hero is operated by Nitsan Seniak, acting as the data controller for the personal data processed through the service. For privacy or data-protection requests, contact privacy · mcphero.io.

2. What we collect

MCP Hero collects the minimum data needed to operate the service: your email address (for authentication), your team memberships and permissions, and an audit log of tool invocations made through the gateway.

We do not retain your company's data. The audit log records only metadata about which tools were invoked — user, tool name, time, outcome — never the arguments passed to a tool or the results returned. We never see or store the contents of your connected apps.

3. How we use it

We use this data to authenticate you, enforce access policies, display your audit log, and operate the service. We do not sell your data.

4. Third parties

We use Google OAuth for sign-in, Sentry for error reporting, and Mixpanel for product analytics. Each receives only the data needed for its purpose.

5. Data retention

Audit log entries are retained for 7 days, then automatically deleted. OAuth refresh tokens are encrypted at rest and deleted when you disconnect.

6. Contact

Questions about this policy? Reach us at privacy · mcphero.io.