Privacy Policy

Last Updated: January 11, 2026

1. Introduction

MCP Gateway ("we", "our", or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and protect information when you use our service.

2. Information We Collect

2.1 Authentication Information

When you authenticate with Google OAuth, we collect:

• Your Google account email address
• Your Google account profile information (name, profile picture)
• OAuth tokens for authentication and authorization

2.2 Usage Data

We may collect information about how you access and use the service:

• Request logs (timestamps, endpoints accessed)
• Technical information (IP address, browser type, device information)
• Error logs for debugging and service improvement

3. How We Use Your Information

We use the collected information to:

• Authenticate and authorize access to the MCP Gateway service
• Route requests to appropriate upstream MCP servers
• Monitor service performance and diagnose technical issues
• Improve security and prevent unauthorized access

4. Data Sharing and Third Parties

4.1 Upstream MCP Services

When you use MCP Gateway, your requests are forwarded to upstream MCP service providers:

• Context7 - Documentation lookups
• Firecrawl - Web scraping requests
• Linkup - Web search queries
• OpenMemory - Memory storage operations
• Perplexity - AI search queries

Each service has its own privacy policy. We recommend reviewing their policies to understand how they handle your data.

4.2 Google OAuth

We use Google OAuth for authentication. Google's privacy policy governs the authentication process and data handled by Google. We only receive the information you consent to share during the OAuth flow.

5. Data Retention

We retain authentication data only for the duration of your session. Logs may be retained for up to 90 days for security and debugging purposes. After that period, logs are automatically deleted.

6. Data Security

We implement industry-standard security measures to protect your data:

• All connections use HTTPS/TLS encryption
• OAuth tokens are securely stored and transmitted
• Access controls limit data exposure to authorized personnel only
• Regular security audits and updates

7. Your Rights

You have the right to:

• Access your personal data
• Request correction of inaccurate data
• Request deletion of your data
• Revoke OAuth access at any time through your Google account settings
• Object to data processing

8. Children's Privacy

Our service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13.

9. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last Updated" date.

10. Contact Us

If you have questions about this privacy policy or our data practices, please contact us through the project repository or associated contact information.