Privacy Policy
Last updated: April 7, 2026
This Privacy Policy describes how DataMCP LLC ("DataMCP," "we," "us," or "our") collects, uses, discloses, and protects your personal information when you use our platform at dashboard.datamcp.app, api.datamcp.app, and datamcp.app (collectively, the "Service"). DataMCP LLC is a Wyoming limited liability company located at 30 N Gould St Ste R, Sheridan, WY 82801.
1. Information We Collect
1.1 Information You Provide
- Account information. When you register through Supabase Auth, we collect your email address and, if you authenticate via a third-party OAuth provider (e.g., GitHub, Google), your name and profile information from that provider.
- Payment information. When you subscribe to a paid plan, payment details (credit card number, billing address) are collected and processed by Stripe. We do not store your full payment card details on our servers. We receive a Stripe customer ID and basic billing metadata (plan type, subscription status).
- Database connection credentials. When you add a PostgreSQL connection, you provide connection strings or credentials. These are encrypted at rest using AES-256-GCM before storage.
- Communications. When you contact us at support@datamcp.app or hello@datamcp.app, we collect the content of your messages and any attachments.
1.2 Information Collected Automatically
- Usage data. We use PostHog for product analytics. PostHog collects information such as pages visited, features used, session duration, browser type, operating system, device type, and referral source. PostHog may assign an anonymous identifier to track usage patterns.
- Activity logs. The Service records activity logs for MCP link interactions, including queries executed, timestamps, and the AI client that initiated the request. Log retention varies by plan (7 days for Free, 30 days for Pro, 365 days for Enterprise).
- Server logs. Our infrastructure provider, Render, automatically collects server access logs including IP addresses, request timestamps, and HTTP request metadata.
1.3 Cookies and Similar Technologies
We use cookies and similar technologies for authentication, analytics, and preference storage. For full details, see our Cookie Policy.
2. How We Use Your Information
We use your information to:
- Provide, maintain, and improve the Service.
- Authenticate your identity and manage your account via Supabase Auth.
- Process payments and manage subscriptions through Stripe.
- Connect to your PostgreSQL databases and facilitate MCP protocol interactions as directed by your configuration.
- Generate and retain activity logs for auditing and troubleshooting.
- Analyze usage patterns to improve product features and user experience via PostHog.
- Communicate with you about your account, support requests, and service updates.
- Detect, prevent, and address technical issues, fraud, or security incidents.
- Comply with legal obligations.
3. How We Share Your Information
We do not sell your personal information. We may share your information with:
- Service providers. We use third-party service providers to operate the Service, including:
- Supabase — authentication and database hosting
- Stripe — payment processing
- Render — application and infrastructure hosting
- PostHog — product analytics
- Legal requirements. We may disclose your information if required by law, subpoena, court order, or government request.
- Business transfers. In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.
- With your consent. We may share your information for other purposes with your explicit consent.
4. Data Security
We implement industry-standard security measures to protect your data:
- Database connection credentials are encrypted at rest using AES-256-GCM.
- All data in transit is encrypted via TLS.
- Authentication is managed through Supabase Auth with support for multi-factor authentication.
- Access to production systems is restricted to authorized personnel only.
- Our database is hosted on Supabase PostgreSQL with encryption at rest enabled.
While we take reasonable measures to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.
5. Data Retention
We retain your personal information for as long as your account is active or as needed to provide the Service. Specific retention periods include:
- Activity logs: 7 days (Free), 30 days (Pro), or 365 days (Enterprise), after which they are automatically deleted.
- Account data: Retained until you delete your account. Upon account deletion, we remove your personal data within 30 days, except where retention is required by law.
- Payment records: Retained as required by tax and financial regulations (typically 7 years).
- Server logs: Retained for up to 90 days for security and debugging purposes.
6. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal information:
- Access. Request a copy of the personal data we hold about you.
- Correction. Request correction of inaccurate personal data.
- Deletion. Request deletion of your personal data, subject to legal retention requirements.
- Portability. Request a machine-readable copy of your data.
- Objection. Object to processing of your personal data for certain purposes.
- Opt-out of analytics.You can opt out of PostHog analytics tracking by enabling "Do Not Track" in your browser settings.
To exercise any of these rights, contact us at support@datamcp.app. We will respond within 30 days.
7. International Data Transfers
Your data may be processed and stored in the United States. If you are located outside the United States, your information is transferred to and processed in the United States. By using the Service, you consent to this transfer. We ensure that appropriate safeguards are in place to protect your data in accordance with applicable data protection laws.
8. Children's Privacy
The Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete such information promptly. If you believe a child has provided us with personal data, please contact us at support@datamcp.app.
9. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your CCPA rights, contact us at support@datamcp.app.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or through a notice on the Service. The "Last updated" date at the top of this page indicates when the policy was last revised. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.
11. Contact Us
If you have questions or concerns about this Privacy Policy, please contact us at:
DataMCP LLC
30 N Gould St Ste R
Sheridan, WY 82801
Email: support@datamcp.app