MCPCore
Legal

Privacy Policy

Last updated: 08/03/2026

1. Introduction

MCPCore ("we", "us", or "our"), operated by HAFETECH LLC, a limited liability company organised under the laws of the State of Wyoming, United States, is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

By using MCPCore ("the Service"), you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of the Service.

2. Information We Collect

Account Information

When you register, we collect your name, email address, and, where applicable, OAuth profile information from third-party providers (Google, GitHub). Passwords are hashed and never stored in plain text.

Usage Data

We collect data about how you interact with the Service, including MCP server configurations, tool definitions, request logs, execution counts, latency metrics, and error reports. This data is used to provide the Service and to display analytics to you.

Payment Information

Payment processing is handled by Stripe, Inc. ("Stripe"). When you provide payment information, it is transmitted directly to Stripe via their PCI DSS Level 1 certified infrastructure. We do not store, process, or have access to your full credit card number, CVV, or other sensitive payment credentials. We retain billing metadata (amount, date, plan, Stripe customer ID) for legal and accounting purposes. Stripe's handling of your payment data is governed by Stripe's Privacy Policy.

Communication Data

If you contact us via the contact form or email, we retain your name, email, and the content of your message in order to respond to your inquiry.

Secrets and Credentials

Secrets you store in the platform (API keys, tokens, connection strings) are encrypted with AES-256 at rest. We do not access, read, or share your secrets. They are decrypted only at runtime during tool execution within your own MCP server context.

3. How We Use Your Information

  • To create and manage your account
  • To provide, operate, and improve the Service
  • To display analytics and logs within your dashboard
  • To process billing and manage subscriptions via Stripe
  • To send transactional emails (password reset, billing receipts, usage notifications)
  • To send tool call limit notifications when your usage approaches or exceeds your plan quota
  • To respond to support requests and inquiries
  • To detect and prevent fraud, abuse, and security incidents
  • To comply with applicable legal obligations

We do not sell your personal data to third parties. We do not use your data for advertising or marketing profiling purposes.

4. Information Sharing

We may share your information with trusted third-party service providers that assist us in operating the Service, subject to confidentiality and data processing obligations. These include:

  • Cloud infrastructure and hosting providers
  • Stripe, Inc. (payment processing)
  • Transactional email providers
  • Error monitoring and logging services

We may also disclose your information if required by law, court order, subpoena, or governmental authority, or to protect the rights, property, or safety of HAFETECH LLC, its users, or the public.

In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred to the acquiring entity, subject to the same privacy protections described in this policy.

5. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, we will delete or anonymise your personal data within 90 days, except where retention is required by law (e.g., billing records, which may be kept for up to 7 years for accounting and tax purposes).

Request logs and execution data may be retained for a shorter period depending on your subscription plan (e.g., 7 days for Free, 30 days for Basic, 90 days for Pro).

6. Security

We implement industry-standard technical and organisational measures to protect your data, including AES-256 encryption for secrets at rest, TLS/HTTPS for all data in transit, access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

7. Data Breach Notification

In the event of a security breach involving your personal identifying information, we will:

  • Notify affected individuals no later than 45 days after determining that a breach has occurred, as required by the Wyoming data breach notification statute (Wyo. Stat. §40-12-502)
  • Provide details about the nature of the breach, the types of information affected, and the steps we are taking to address the incident
  • Notify any additional regulatory authorities as required by applicable federal or state law

Notification will be sent to the email address associated with your account. If the breach affects more than 500 individuals, we will also notify the Wyoming Attorney General.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to certain types of processing
  • Withdrawal of consent: Where processing is based on consent, withdraw it at any time

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days. We may request verification of your identity before processing your request.

9. California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

Right to know

You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business purpose for collecting it, and the categories of third parties with whom it was shared.

Right to delete

You have the right to request deletion of your personal information, subject to certain exceptions (e.g., where retention is necessary to complete a transaction, detect security incidents, or comply with legal obligations).

Right to opt out of sale

We do not sell your personal information. We do not share your personal information for cross-context behavioural advertising. Therefore, there is no need to opt out, but you may still contact us to confirm this at any time.

Right to non-discrimination

We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you the Service, charge different prices, or provide a different quality of service because you exercised your rights.

Categories of personal information collected

In the preceding 12 months, we may have collected the following categories of personal information:

  • Identifiers (name, email address, account ID)
  • Commercial information (subscription plan, billing history)
  • Internet or electronic network activity (usage data, request logs, IP addresses)
  • Professional or employment-related information (only if voluntarily provided)

To submit a CCPA/CPRA request, email us at [email protected] with the subject line "CCPA Request". We will verify your identity and respond within 45 days as required by law.

10. International Users

The Service is operated from the United States. If you access the Service from outside the United States, you acknowledge that your personal data will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country. By using the Service, you consent to such transfer and processing.

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, and the GDPR or equivalent legislation applies to you, we rely on your consent and/or the necessity of processing to perform our contract with you as the legal basis for data processing. You may exercise your rights under applicable data protection law by contacting us at [email protected].

11. Cookies

We use essential cookies for authentication and session management. We do not use third-party advertising cookies. For full details, see our Cookie Policy.

12. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children under 13 as defined by COPPA (Children's Online Privacy Protection Act). If you become aware that a child has provided us with personal information, please contact us immediately and we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a prominent notice on the Service at least 14 days before the changes take effect. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or your personal data, please contact us:

HAFETECH LLC
30 N Gould St Ste N
Sheridan, WY 82801, USA
Email: [email protected]