Privacy Policy

Effective Date: September 29, 2025

At MCP Bundles ("MCP Bundles," "we," "us," or "our"), the privacy of our users is a key part of our philosophy. This Privacy Policy document contains types of information that is collected and recorded by MCP Bundles and how we use it. If you have additional questions or require more information about our Privacy Policy, do not hesitate to contact us at support@mcpbundles.com.

MCP Bundles is a product of ThinkChain Inc ("ThinkChain").

By using our services including our site at mcpbundles.com, and our API services, you hereby consent to our Privacy Policy and agree to its terms. If you do not agree to our Privacy Policy, you should not use the services.

Information We Collect

The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information. We automatically collect the following types of information when you use our Services:

Account Information

  • Email address
  • Full name (optional)
  • Password hash (never stored in plaintext)
  • User preferences (theme, settings)
  • Account creation and modification timestamps
  • Last login date and time

Service Credentials

  • Third-party API keys and credentials (encrypted)
  • OAuth2 access tokens and refresh tokens (encrypted)
  • OAuth2 granted scopes and permissions
  • Provider-specific credential data (encrypted)
  • AI service provider API keys (OpenAI, Anthropic, Google - encrypted)
  • Personal access tokens for MCP Bundle API access

Usage Data

  • Pages and files accessed
  • Time of access
  • Browser version and type
  • Operating system
  • Device information
  • Previously visited pages
  • IP address
  • Session ID
  • Bundle and tool usage statistics
  • API call logs and metadata

Billing Information

  • Stripe customer ID
  • Subscription status and plan details
  • Payment history (processed and stored by Stripe)
  • Billing address (stored by Stripe)

Note: We do not store credit card numbers or complete payment card details. All payment processing is handled securely by Stripe, our payment processor.

How We Use Your Information

We use your information to:

  • Provide and improve our Services
  • Enable MCP (Model Context Protocol) integrations with third-party services
  • Authenticate and authorize access to external APIs on your behalf
  • Process your subscription and billing
  • Maintain and enhance security
  • Prevent abuse of our Services
  • Comply with legal obligations
  • Communicate with you about service updates, security alerts, and support
  • Perform analytics to improve our platform
  • Optimize our Services and user experience
  • Provide customer support
  • Monitor and troubleshoot technical issues
  • Validate and refresh OAuth tokens automatically

Third-Party Services and Integrations

MCP Bundles is designed to connect your AI assistants to external services. When you connect a provider (such as Gmail, GitHub, Notion, Slack, etc.), we store your credentials and act as an intermediary to make API calls on your behalf. We only access the specific scopes and permissions you grant during the OAuth authorization process.

Services We Integrate With

Our platform supports hundreds of third-party service integrations. When you authorize these services, we:

  • Store only the access credentials necessary to authenticate API requests
  • Encrypt all credentials at rest using industry-standard encryption
  • Never share your credentials with other users or third parties
  • Allow you to revoke access at any time through your dashboard
  • Automatically refresh expired tokens when possible

How We Share Your Information

We disclose information:

  • To third-party service providers you explicitly authorize (via OAuth or API key)
  • To our service providers and contractors who assist in operating our platform (e.g., hosting, database, payment processing)
  • To fulfill any purpose you provide it for
  • With your explicit consent
  • To comply with legal obligations, court orders, or government requests
  • To protect our rights, property, safety, or the rights of our users or third parties
  • To a buyer or successor in case of business transfer, merger, or acquisition

We do not sell your personal information to third parties.

Data Security

We take data security seriously and implement multiple layers of protection:

  • Encryption at Rest: Sensitive credentials, API keys, and tokens are encrypted using Fernet (symmetric encryption with industry‑standard cryptography)
  • Encryption in Transit: All data transmission uses TLS 1.2 or higher
  • Password Security: User passwords are hashed using Argon2id with per-user salts
  • Token Security: API tokens are stored as SHA-256 hashes, not plaintext
  • Access Controls: Database access is restricted and monitored
  • Regular Security Audits: We perform regular security assessments and updates

While we implement strong security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but commit to maintaining industry-standard protections.

Cookies and Tracking Technologies

MCP Bundles uses cookies and similar tracking technologies to enhance your experience. Cookies are small data files stored on your device that help us:

  • Keep you logged in between sessions
  • Remember your preferences and settings
  • Analyze site traffic and usage patterns
  • Improve site performance and functionality
  • Prevent fraud and enhance security

You can set your browser to refuse cookies, but some features of our Services may not function properly without them.

Log Files

MCP Bundles follows a standard procedure of using log files. These files log visitors when they visit our website and use our services. The information collected includes IP addresses, browser type, Internet Service Provider (ISP), date and time stamps, referring/exit pages, and click data. This information is used for analyzing trends, administering the site, tracking user movement, gathering demographic information, and detecting potential security issues.

Log data is not linked to personally identifiable information except when investigating security incidents or abuse.

Data Retention

We retain your personal information for as long as necessary to:

  • Provide you with our Services
  • Comply with legal obligations
  • Resolve disputes
  • Enforce our agreements

When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal or security purposes. Encrypted credentials are immediately deleted upon account deletion.

Your Rights Under GDPR (European Users)

If you are located in the European Economic Area (EEA), you have the following rights:

  • Right to Access: Request copies of your personal data
  • Right to Rectification: Request correction of inaccurate information
  • Right to Erasure: Request deletion of your personal data
  • Right to Restriction: Request restriction of processing your data
  • Right to Object: Object to our processing of your personal data
  • Right to Data Portability: Request transfer of your data to another organization or directly to you
  • Right to Withdraw Consent: Withdraw consent at any time where we rely on consent to process your data

To exercise these rights, please contact us at privacy@mcpbundles.com. We will respond to your request within one month.

Your Rights Under CCPA (California Users)

Under the California Consumer Privacy Act (CCPA), California consumers have the right to:

  • Right to Know: Request disclosure of the categories and specific pieces of personal data we have collected about you
  • Right to Delete: Request deletion of your personal data
  • Right to Opt-Out: Request that we not sell your personal information (Note: We do not sell personal information)
  • Right to Non-Discrimination: Exercise your privacy rights without receiving discriminatory treatment

To make a request, contact us at privacy@mcpbundles.com. We will verify your identity and respond within 45 days.

California "Do Not Sell" Disclosure

We do not sell your personal information as defined by the CCPA. We have not sold personal information in the past 12 months and do not have plans to sell personal information in the future.

Children's Privacy

Our Services are not directed to individuals under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@mcpbundles.com so we can delete that information.

International Data Transfers

Your information may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ. By using our Services, you consent to the transfer of your information to the United States and other countries where we operate.

For users in the EEA, we ensure adequate safeguards are in place for international transfers, including Standard Contractual Clauses approved by the European Commission.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top. For significant changes, we will provide more prominent notice (such as email notification).

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

Contact Us

If you have any questions about this Privacy Policy, please contact us:

Email: privacy@mcpbundles.com

Support: support@mcpbundles.com

Website: https://mcpbundles.com

Also see our Terms of Service

© 2025 ThinkChain Inc. MCP Bundles is a ThinkChain Inc product. All rights reserved.