Privacy Policy

Last updated: December 9, 2025

Our Commitment to Privacy

MCP Connect is designed with privacy as a core principle. We believe your data belongs to you and only you. This privacy policy explains how MCP Connect handles your information - the short version is: we don't collect or store any of your personal data or credentials.

1. Information We DO NOT Collect

MCP Connect is a local-first desktop application. We do not collect:

  • API keys, tokens, or credentials for any service
  • Your MCP server configurations
  • Usage analytics or telemetry data
  • Personal information such as name, email, or address
  • Information about the services you connect to
  • File contents or data accessed through MCP servers
  • Your computer's unique identifiers (except for license validation)

2. Data Stored Locally on Your Device

All data is stored exclusively on your local machine:

Credentials & API Keys

Stored securely using your operating system's native credential manager:

  • Windows: Windows Credential Manager
  • macOS: Keychain (coming soon)
  • Linux: Secret Service API (coming soon)

Configuration Files

MCP server configurations are stored in standard JSON files in your project directories or user home folder. These files remain on your machine and are never transmitted to any external servers.

Application Settings

Preferences such as window size, selected theme, and tool profiles are stored locally in standard application data directories.

3. License Validation

To validate your license, MCP Connect communicates with our license server. This process involves:

  • Your license key (provided at purchase)
  • A machine identifier (derived from hardware, used only for license activation limits)

We do NOT collect your IP address, location, or any personally identifiable information during license validation. The machine identifier cannot be used to identify you personally.

4. Automatic Updates

MCP Connect checks for updates via GitHub Releases. This involves a standard HTTPS request to GitHub's servers to check if a newer version is available. No personal information is transmitted during this process. You can disable automatic updates in the application settings.

5. Third-Party Services

When you configure and use MCP integrations, you are connecting directly to third-party services (such as Stripe, GitHub, Firebase, etc.). MCP Connect facilitates these connections but:

  • Does not proxy or intercept your communications with these services
  • Does not store or log any data exchanged with these services
  • Does not have access to your accounts on these platforms

Your use of third-party services is governed by their respective privacy policies and terms of service.

6. Data Security

We implement industry-standard security practices:

  • All sensitive credentials are stored using OS-level encrypted storage
  • The application is code-signed to prevent tampering
  • No network communication occurs except for license validation and update checks
  • Application binaries are protected against reverse engineering

7. Children's Privacy

MCP Connect is a developer tool not intended for use by children under 13 years of age. We do not knowingly collect any information from children.

8. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

9. Your Rights

Since we don't collect your personal data, traditional data subject rights (access, deletion, portability) don't apply in the usual sense. However:

  • You can delete all local data by uninstalling the application
  • You can clear stored credentials from your OS credential manager
  • You can delete configuration files from your filesystem
  • You can request deletion of your license information from our records

10. Contact Us

If you have any questions about this privacy policy or our privacy practices, please contact us through our GitHub repository or support channels.

Summary

MCP Connect is a privacy-first application. Your API keys, credentials, and configurations never leave your machine. We don't collect analytics, telemetry, or personal data. The only external communication is for license validation and checking for updates.