Privacy Policy

This Privacy Policy explains how MCP Functions (“we,” “us,” or “our”) collects, uses, and discloses information when you use our website at mcpfunctions.ai (the “Website”), our platform and services at backoffice.mcpfunctions.ai (the “Platform”), and related offerings (collectively, the “Services”). It also describes your choices and rights regarding your personal data. Please read this policy carefully. By using our Services, you acknowledge that you have read and understood this Privacy Policy.

We may update this Privacy Policy from time to time. We will post the revised version on this page and update the “Last updated” date. We encourage you to review it periodically.

1. Data controller and contact

The data controller responsible for your personal data in connection with the Website and with the provision of the Platform (where we act as controller) is MCP Functions. For privacy-related questions or to exercise your rights, contact us via the Contact form or at admin@mcpfunctions.ai.

Where we process personal data on behalf of our customers in connection with their use of the Platform (e.g., data that their end users or tools process through our systems), we act as a data processor. In those cases, the customer is the data controller and you should refer to the customer’s privacy notice for the legal basis and purposes of processing. We process such data only on documented instructions from the customer and in accordance with our agreements with them.

2. Information we collect

Information you provide. We collect information you give us directly, such as when you create an account, fill out a contact form, subscribe to communications, or communicate with us. This may include name, email address, company name, and any message content you submit.

Information collected automatically. When you access our Website or Platform, we may automatically collect certain information, such as IP address, browser type and version, device type, referring URL, pages viewed, and date and time of access. We may use cookies and similar technologies as described below.

Account and usage data. When you use the Platform, we collect account information (e.g., organization name, user roles), usage data (e.g., feature usage, API calls), and operational data necessary to provide, secure, and improve the Services.

3. Data processed on behalf of customers (Platform data)

When our customers use the Platform to run MCP tools and process data (including inputs and outputs of tool invocations), we process that data on behalf of the customer as a processor. You retain control over what is stored and logged. The Platform allows customers to exclude specific tool inputs from audit trails and logging. When an input is designated as excluded from audit, the value of that input is not stored or logged in our systems; only metadata necessary for operation may be retained. This allows customers to process sensitive or personal data through the Platform without those values being recorded in our audit or logging systems. We do not use this data for our own purposes except as necessary to provide and support the Services. For more details, see our Terms of Use (Data Control and Audit Exclusion).

4. How we use your information

We use the information we collect to:

• Provide, operate, maintain, and improve the Services;
• Authenticate users and manage accounts;
• Process and respond to inquiries and support requests;
• Send administrative or security-related messages;
• Comply with legal obligations and protect our rights and the rights of others;
• Analyze usage and trends to improve the Services (where applicable, in aggregated or de-identified form).

We do not sell your personal information. We may use your contact details to send you marketing communications only where permitted by law and where you have not opted out.

5. Legal basis for processing (GDPR)

If you are in the European Economic Area (EEA) or the UK, we process your personal data on the following bases:

• Contract (Art. 6(1)(b) GDPR): Where processing is necessary to perform our contract with you (e.g., providing the Platform and support).
• Legitimate interests (Art. 6(1)(f) GDPR): Where we have a legitimate interest, such as improving the Services, ensuring security, and communicating with you about the Services, and your interests do not override ours.
• Consent (Art. 6(1)(a) GDPR): Where you have given consent (e.g., for certain cookies or marketing). You may withdraw consent at any time.
• Legal obligation (Art. 6(1)(c) GDPR): Where we must process data to comply with a legal obligation.

6. Sharing of information

We may share your information with:

• Service providers who assist us in hosting, analytics, authentication, payment processing, or support, under contracts that restrict their use of data;
• Legal and regulatory authorities when required by law or to protect our rights and safety;
• Affiliates or successors in connection with a merger, acquisition, or sale of assets, subject to the same privacy commitments.

We do not sell or share your personal information for cross-context behavioral advertising. We may share aggregated or de-identified information that cannot reasonably identify you.

7. Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy, including to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. Account and usage data are typically retained for the duration of your account and for a limited period thereafter where required for legitimate business or legal reasons. Data processed on behalf of customers (e.g., tool execution data) is retained according to our agreements with the customer and our operational requirements; where inputs are excluded from audit, those values are not stored.

8. Cookies and similar technologies

We may use cookies and similar technologies (e.g., local storage) on our Website and Platform to maintain session state, remember preferences, and analyze usage. You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of the Services. Where required by law, we obtain consent before placing non-essential cookies.

9. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

10. International transfers

Your information may be transferred to and processed in countries other than your country of residence. Where we transfer personal data from the EEA or UK to a country not recognized as providing an adequate level of protection, we implement appropriate safeguards (e.g., standard contractual clauses approved by the European Commission or UK authorities) to ensure your data remains protected.

11. Your rights

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your personal data, subject to legal exceptions.
• Restriction: Request that we limit processing in certain circumstances.
• Data portability: Request a copy of your data in a structured, machine-readable format.
• Object: Object to processing based on legitimate interests or for direct marketing.
• Withdraw consent: Where processing is based on consent, withdraw it at any time.
• Complain: Lodge a complaint with a supervisory authority in your country.

To exercise these rights, contact us at admin@mcpfunctions.ai or via the Contact form. If we process your data on behalf of a customer (e.g., as part of Platform usage), we may refer your request to that customer where appropriate.

12. California residents (CCPA/CPRA)

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what personal information we collect and how it is used and shared, the right to delete, the right to correct, and the right to opt out of the “sale” or “sharing” of your personal information. We do not sell or share your personal information as defined under the CCPA/CPRA. To exercise your California rights, contact us at admin@mcpfunctions.ai.

13. Contact

For questions about this Privacy Policy or our data practices, contact us via the Contact form or at admin@mcpfunctions.ai.