Datenschutzerklärung (Privacy Policy)

Learn how we collect, use, and protect your personal data in accordance with GDPR.

Datenschutzerklärung (Privacy Policy)

Last updated: 9/12/2025 | In accordance with GDPR (DSGVO)

1. Data Controller

The data controller for this website is:

Benjamin Kramser
Salamanderplatz 10
70806 Kornwestheim, Germany
Email: legal@mcp-collection.com

2. Information We Collect

Account Information

When you create an account, we collect your email address and username through our OAuth 2.1 authentication system powered by Supabase.

Legal basis: Contract performance (Art. 6(1)(b) GDPR)

Payment Information

Payment data is processed by Stripe Inc. We do not store your complete payment information on our servers. Stripe may collect billing address, payment method details, and transaction history.

Legal basis: Contract performance (Art. 6(1)(b) GDPR)

Usage Data

We collect information about how you use our MCP servers, including API calls, tool usage, and performance metrics. This data is processed server-side through Vercel Analytics.

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR) - to improve our services and ensure system security

Technical Data

We automatically collect IP addresses, browser information, and device identifiers through Vercel's hosting infrastructure for security and performance purposes.

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR) - for security and system optimization

3. How We Use Your Information

  • Provide and maintain our MCP Collection services
  • Authenticate and authorize access to MCP servers
  • Process payments and manage subscriptions through Stripe
  • Monitor usage and enforce rate limits
  • Improve our services and develop new features
  • Send important service notifications
  • Ensure security and prevent fraud
  • Comply with legal obligations

4. Third-Party Services

Supabase (Database & Authentication)

We use Supabase for user authentication and database services. Supabase is GDPR compliant and processes data within the EU.
Privacy Policy: https://supabase.com/privacy

Stripe (Payment Processing)

We use Stripe for payment processing. Stripe is PCI DSS compliant and handles all payment data securely.
Privacy Policy: https://stripe.com/privacy

Vercel (Hosting & Analytics)

Our website is hosted on Vercel, which provides server-side analytics. No client-side tracking or cookies are used.
Privacy Policy: https://vercel.com/legal/privacy-policy

5. Data Retention

Account Data: Retained while your account is active and for 2 years after account deletion for legal and security purposes.

Payment Data: Handled by Stripe according to their retention policies and legal requirements.

Usage Data: Retained for 12 months for service improvement and security purposes.

Technical Logs: Retained for 90 days for security and debugging purposes.

6. Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right of Access (Art. 15 GDPR): Request a copy of your personal data
  • Right to Rectification (Art. 16 GDPR): Correct inaccurate or incomplete data
  • Right to Erasure (Art. 17 GDPR): Request deletion of your data ("right to be forgotten")
  • Right to Data Portability (Art. 20 GDPR): Receive your data in a machine-readable format
  • Right to Restriction (Art. 18 GDPR): Limit how we process your data
  • Right to Object (Art. 21 GDPR): Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for data processing where applicable

To exercise these rights, contact us at: legal@mcp-collection.com

You also have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

7. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption in transit (HTTPS/TLS) and at rest
  • OAuth 2.1 with PKCE for secure authentication
  • Regular security audits and monitoring
  • Access controls and principle of least privilege
  • Secure hosting infrastructure with Vercel
  • Database security through Supabase's enterprise-grade security

8. International Data Transfers

Our primary data processing occurs within the EU through Supabase. Some services (Stripe, Vercel) may process data in the US under appropriate safeguards such as Standard Contractual Clauses (SCCs) and adequacy decisions.

9. Cookies and Tracking

We do not use cookies or client-side tracking. Our website uses server-side analytics through Vercel, which does not require cookies or client-side tracking scripts. Authentication is handled through secure server-side sessions.

10. Children's Privacy

Our services are not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us immediately.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by email or through our service. Your continued use of our services after changes take effect constitutes acceptance of the new policy.

12. Contact Us

If you have questions about this privacy policy or want to exercise your rights, please contact us:

Email: legal@mcp-collection.com

Address: Benjamin Kramser, Salamanderplatz 10, 70806 Kornwestheim, Germany