Privacy Policy

Last updated: 2026-06-03. [LEGAL ENTITY NAME] (“we”) is the data controller for CheckMCP.

⚠️ Template — have it reviewed and complete the entity details before launch (GDPR/CCPA compliance is your responsibility).

1. Data we collect

Public audits of public MCP servers may appear in the public directory. Private (token) audits are never cached or published. The self-hosted gateway processes tool traffic inside your infrastructure — that data does not reach us.

2. Why we use it (legal bases)

To provide the Service and your account (contract), to bill you (contract), to secure the Service and prevent abuse (legitimate interest), and to comply with legal obligations. We do not sell your personal data.

3. Sub-processors

4. Retention

Account data is kept while your account is active. Logs and usage data are kept for a limited period for security and analytics, then deleted or anonymised. You can request deletion of your account.

5. Your rights

If you are in the EU/EEA (GDPR) or California (CCPA), you can request access, correction, deletion, portability, or object to certain processing. Contact [[email protected]]. You may also lodge a complaint with your data-protection authority.

6. Cookies

We use a strictly-necessary session cookie for authentication and a theme preference stored locally. We do not use third-party advertising cookies.

7. Security

Passwords are hashed (scrypt), API keys are stored hashed, transport is over HTTPS. No method is perfectly secure; we work to protect your data but cannot guarantee absolute security.

8. Contact

Privacy questions or requests: [[email protected]].