Privacy Policy

Account Information

• Email address and password (hashed)
• Display name and profile information
• Publisher subdomain (if applicable)
• OAuth data from Google or GitHub (if using social login)

Billing Information

• Payment method details (processed securely by Stripe)
• Stripe customer and connected account IDs
• Transaction history and billing records
• Publisher payout information (via Stripe Connect)

Usage Information

• API request logs and tool invocations
• Server analytics (requests, errors, latency)
• Token counts for usage-based billing
• Subscription and plan information

Technical Information

• IP address and browser information
• Device type and operating system
• Cookies and similar tracking technologies

We use the collected information for:

• Account Management: Creating and maintaining your account, authentication, and security
• Service Delivery: Operating the Platform, processing API requests, and deploying MCP servers
• Billing: Processing payments, calculating usage charges, and managing subscriptions
• Analytics: Providing publishers with usage statistics and subscribers with usage tracking
• Communications: Sending transactional emails (verification, billing, notifications)
• Security: Detecting and preventing fraud, abuse, and security incidents
• Improvement: Analyzing usage patterns to improve our services

We integrate with the following third-party services:

We use cookies and similar technologies for:

• Authentication: Maintaining your logged-in session
• Preferences: Remembering your settings and preferences
• Security: Protecting against unauthorized access

You can control cookies through your browser settings. Disabling cookies may affect Platform functionality.

We implement industry-standard security measures:

• Passwords are hashed, never stored in plain text
• API keys are stored as cryptographic hashes
• All data transmission uses HTTPS/TLS encryption
• Payment data is handled exclusively by Stripe (PCI DSS compliant)
• SQL injection protection via parameterized queries
• SSRF protection for imported API specifications
• Regular security reviews and monitoring

• Account data: Retained while your account is active, deleted upon account deletion
• Usage logs: Retained for billing purposes and analytics aggregation
• Billing records: Retained as required by tax and legal obligations
• Server configurations: Deleted when a server is removed

Depending on your location, you may have the right to:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate data
• Deletion: Request deletion of your account and data
• Portability: Receive your data in a portable format
• Objection: Object to certain data processing
• Restriction: Request limitation of processing

To exercise these rights, contact us at privacy@dotmcp.io.

8. Children's Privacy

The Platform is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we become aware of such data collection, we will promptly delete it.

9. International Data Transfers

Your data may be processed in countries outside your residence, including the United States and European Union, where our infrastructure providers operate. We ensure appropriate safeguards are in place for such transfers.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the Platform after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or our data practices, please contact us: