MCPOrbit is built on a simple principle: we don't collect what we don't need. The app runs on your machine, talks to servers you choose, and stays out of the loop on everything else. This page explains that in plain terms — and in the formal terms that data-protection law expects.
At a glance
If you only read one section, read this one. The rest of the document elaborates on these points and adds the disclosures required by the GDPR, CCPA, and similar regimes.
- MCPOrbit is a desktop client. There is no MCPOrbit account, no MCPOrbit cloud sync, and no MCPOrbit-side telemetry by default.
- Your prompts, tool calls, server responses, and credentials never travel through MCPOrbit infrastructure.
- A small number of features (crash reporting, update checks) require sending data to us. They are opt-in and individually disclosed in-app before you enable them.
- Our marketing site uses no third-party tracking, no advertising cookies, and no behavioural analytics.
- You can contact us at any time to access, correct, or delete personal data we hold about you.
Scope of this policy
This Privacy Policy applies to the MCPOrbit desktop application (the App) and the marketing website at mcporbit.com (the Site), together the Services. It does not apply to MCP servers you connect to through the App, which are operated by other people and have their own privacy practices.
Who is the data controller
For the purposes of the EU General Data Protection Regulation (GDPR) and the UK GDPR, the data controller for personal data processed through the Services is MCPOrbit, a small independent software project. You can reach our privacy team at [email protected].
Local-first by default
MCPOrbit is a desktop client. When you connect to an MCP server, the connection is made directly from your computer to that server — whether the server is running locally on your machine, on your private network, or hosted by a third party. Your prompts, tool calls, responses, and credentials never travel through MCPOrbit infrastructure, because there is no MCPOrbit infrastructure in that path.
Practically, that means:
- Server commands, environment variables, and headers you configure are stored locally on your device only.
- Tool inputs and tool outputs are streamed directly between your device and the server you addressed.
- We cannot access this data even if compelled to, because we never receive it.
What we don't collect
Out of the box, MCPOrbit collects none of the following:
- Your name, email address, phone number, billing details, or any other account information — there are no MCPOrbit accounts.
- The names, addresses, or contents of MCP servers you connect to.
- Any tool inputs, tool outputs, or responses streamed through the App.
- Prompts, completions, model traffic, or model identifiers of any kind.
- Operating system identifiers, advertising IDs, or device fingerprints.
- Telemetry, usage analytics, page views, click-stream data, or feature heatmaps.
- Cookies on the Site beyond what is strictly required to render it.
What we collect, only when you opt in
A few features need data in order to work. Each one is opt-in, disabled by default, and disclosed in-app at the moment we ask:
Crash reports
If MCPOrbit crashes and you choose to send a report, we receive a stack trace, the App version, and your operating system version. Reports are anonymous, contain no MCP server data, and are used only to identify and fix bugs. We retain crash reports for up to 12 months and then delete them.
Update checks
If you enable automatic updates, the App contacts our update server periodically to ask whether a newer version is available. The request includes only the current App version and OS family (e.g. macOS 14). The connection's IP address is processed transiently to route the response and is not retained beyond the response cycle.
Direct correspondence
If you email us for support, send a bug report through the App, or otherwise initiate a conversation, we receive what you send. We use it to help you and don't repurpose it for marketing or analytics.
The marketing site
The Site uses no third-party tracking, no advertising cookies, and no behavioural analytics. We may store a single cookie or local-storage value to remember your theme preference (light vs. dark). Server logs may briefly retain IP addresses for the purpose of preventing abuse and serving the Site reliably; these are rotated and discarded within 30 days.
Legal basis for processing
Where we do process personal data, our legal basis under Article 6 GDPR depends on the activity:
- Consent (Art. 6(1)(a)) — for opt-in features such as crash reporting and update checks. You can withdraw consent at any time in App settings.
- Contract (Art. 6(1)(b)) — when you initiate a support conversation, we process the message in order to respond.
- Legitimate interests (Art. 6(1)(f)) — for short-term server logs used to keep the Site available and prevent abuse, balanced against your reasonable expectations.
How long we keep data
We hold personal data only as long as we need it for the purpose we collected it. Specifically:
- Crash reports: up to 12 months, then deleted.
- Update-check IP addresses: transient — never stored after the response is served.
- Site server logs: rotated and deleted within 30 days.
- Support correspondence: retained for as long as needed to resolve your matter, plus a reasonable period for follow-up, then deleted on request.
How we secure data
The most important security control we apply is not collecting data in the first place. For the limited data we do receive, we use industry-standard safeguards:
- Transport encryption (TLS 1.2+) for all traffic between the App, the Site, and our servers.
- Access controls limiting who on our team can read crash reports or support email.
- Logical separation of opt-in telemetry from any identifying contact data.
- Regular review of dependencies and infrastructure for known vulnerabilities.
- A documented incident-response process for the rare case where something goes wrong.
No system is perfectly secure. If you discover a vulnerability, please report it responsibly to [email protected].
Third-party services we use
We rely on a small number of vendors to deliver the Services. Each of them processes data on our behalf under written terms that meet GDPR Article 28 standards:
- Hosting provider for the marketing Site and update server (delivers the App update manifest and the Site).
- Crash-reporting provider (receives anonymous crash reports if you opt in).
- Email provider (transports support correspondence sent to or from our team).
We do not sell personal information, and we do not share it with advertising networks or data brokers. A current list of sub-processors is available on request.
International transfers
Some of our vendors are based outside the European Economic Area and the United Kingdom. Where personal data is transferred internationally, we rely on the European Commission's Standard Contractual Clauses (and the UK Addendum where applicable) to ensure an equivalent level of protection.
Your rights
Subject to applicable law, you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate or incomplete data.
- Erase your data (the right to be forgotten), subject to legal retention obligations.
- Restrict or object to particular processing activities.
- Receive a copy of your data in a portable, machine-readable format.
- Withdraw consent for any opt-in processing at any time, without affecting the lawfulness of processing carried out before withdrawal.
- Lodge a complaint with your local data-protection authority if you believe we have mishandled your data.
To exercise any of these rights, email [email protected]. We'll respond within 30 days, and usually much sooner.
GDPR (European users)
If you are in the European Economic Area, the United Kingdom, or Switzerland, the GDPR (or its UK or Swiss equivalent) applies to our processing of your personal data. The rights described above apply in full. You also have the right to lodge a complaint with the supervisory authority in your country of residence, place of work, or the place of the alleged infringement.
CCPA / CPRA (California users)
If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) gives you the right to know what personal information we collect, the right to delete it, the right to correct it, the right to limit the use of sensitive personal information, and the right not to be discriminated against for exercising these rights.
We do not sell or share personal information for cross-context behavioural advertising, and we have not done so in the preceding 12 months. To exercise your CCPA rights, contact us using the details in the Contact section.
Children
MCPOrbit is a developer tool not directed at children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided personal information to us, please contact us and we will delete it.
Do Not Track and Global Privacy Control
Because the Site does not use cross-site or third-party tracking in the first place, browser signals such as Do Not Track and Global Privacy Control have no additional effect — there is nothing to opt out of. We respect those signals as a matter of policy regardless.
Changes to this policy
If we change how privacy works in MCPOrbit, we will update this page and bump the “last updated” date at the top. Material changes — anything that expands what we collect or how we use it — will also be announced in-app and on the blog at least 14 days before they take effect, so you have time to review them or stop using the Services if you disagree.
Contact
Questions, concerns, or a request to access, correct, or delete data we may hold about you? Email [email protected]. For security disclosures, use [email protected]. We're a small team and we read every message.
