Privacy Policy
Last updated: April 2, 2026
1. Who We Are
MCPNest ("we", "us", "our") is a marketplace for Model Context Protocol (MCP) servers, operated by Ricardo Rodrigues, based in Portugal. Our website is mcpnest.io. For any privacy-related questions, contact us at malasartes@mcpnest.io.
2. Data We Collect
When you use MCPNest, we may collect: - Account data: name, email address, GitHub username and avatar (via GitHub OAuth) - Usage data: pages visited, search queries, MCP servers viewed and installed - Payment data: handled entirely by Stripe — we never store card details - Technical data: IP address, browser type, device information, cookies
3. How We Use Your Data
We use your data to: - Provide and improve the MCPNest service - Authenticate you via GitHub OAuth - Process payments via Stripe - Send transactional emails (receipts, account notifications) - Analyze usage to improve the platform - Comply with legal obligations We do not sell your data to third parties. We do not use your data for advertising.
4. Legal Basis (GDPR)
Under GDPR, we process your data based on: - Contract performance — to provide the service you signed up for - Legitimate interests — to improve and secure our platform - Legal obligation — to comply with applicable laws - Consent — for optional communications (you can withdraw at any time)
5. Data Retention
We retain your account data for as long as your account is active. If you delete your account, we delete your personal data within 30 days, except where we are legally required to retain it (e.g., financial records for 7 years under Portuguese law).
6. Third-Party Services
We use the following third-party services: - GitHub OAuth — for authentication (github.com/privacy) - Stripe — for payment processing (stripe.com/privacy) - Supabase — for database hosting (supabase.com/privacy) - Vercel — for hosting (vercel.com/legal/privacy-policy) Each service has its own privacy policy and data processing terms.
7. Cookies
We use essential cookies only: - Session cookies — to keep you logged in - Security cookies — to protect against CSRF attacks We do not use advertising or tracking cookies. You can disable cookies in your browser settings, but this may affect functionality.
8. Your Rights (GDPR)
You have the right to: - Access — request a copy of your personal data - Rectification — correct inaccurate data - Erasure — request deletion of your data ("right to be forgotten") - Portability — receive your data in a machine-readable format - Restriction — limit how we process your data - Objection — object to processing based on legitimate interests To exercise any of these rights, email malasartes@mcpnest.io. We will respond within 30 days.
9. Data Security
We implement industry-standard security measures: - All data transmitted over HTTPS/TLS encryption - Passwords are never stored — authentication via GitHub OAuth only - Database access restricted by Row Level Security (RLS) - API keys stored as environment variables, never in code - Regular security reviews Despite our efforts, no system is 100% secure. Please notify us immediately at malasartes@mcpnest.io if you discover any security vulnerability.
10. International Transfers
MCPNest is operated from Portugal (EU). Our infrastructure providers (Vercel, Supabase) may process data in the United States. These transfers are covered by Standard Contractual Clauses (SCCs) approved by the European Commission.
11. Children
MCPNest is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us immediately.
12. Changes to This Policy
We may update this Privacy Policy. We will notify registered users by email of material changes. The "last updated" date at the top of this page indicates when the policy was last revised.
13. Contact & Complaints
For privacy questions: malasartes@mcpnest.io If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Portuguese data protection authority: CNPD — Comissão Nacional de Proteção de Dados www.cnpd.pt