Last updated: April 2026

Privacy Policy

PMCP Run ("we", "us", "our") is a managed MCP server hosting platform delivered via a web dashboard and developer CLI. This privacy policy explains what data we collect, what we store, what we do not store, and how we protect your information.

Data We Store

We are transparent about the data our systems retain. The following information is stored in our infrastructure:

Tenant Metadata (Amazon DynamoDB)

  • Tenant ID and AWS Account ID
  • MCP server configuration (name, endpoint, deployment settings)
  • Onboarding state and deployment status
  • Subscription status and plan tier
  • Last connected timestamp (last_connected_at)
  • Billing baselines: last reported usage (requests), last reported billing period
  • Dismissed notification IDs (so dismissed items stay dismissed across sessions)

Authentication Data (AWS Cognito)

  • Email address
  • Hashed password (managed by AWS Cognito, not accessible to us)
  • MFA settings (managed by AWS Cognito)

We use AWS Cognito as our identity provider. Your password is hashed and managed entirely by Cognito's infrastructure — our application code never sees or stores your plaintext password.

Billing Data (Stripe)

  • Stripe Customer ID and Subscription ID
  • Payment method references (managed by Stripe's PCI-compliant infrastructure)

Payment card details are handled exclusively by Stripe. We never store credit card numbers, CVVs, or other sensitive payment information in our systems.

Data We Do NOT Store

PMCP Run operates as a managed hosting infrastructure layer — we run your MCP server and route requests, but we do not store the content of those requests:

  • MCP request/response payloads: Requests to your deployed MCP server are proxied through our infrastructure but not stored. Each request is handled statelessly.
  • Tool invocation arguments: Arguments passed to your MCP server tools are not persisted by our platform. Your server code may store data in your own infrastructure, but we do not retain it.
  • Conversation history: Your conversations are stored by your AI assistant (ChatGPT or Claude) according to their privacy policies, not by PMCP Run.
  • No conversation logs, no payload snapshots, no data lakes of your MCP server traffic exist in our infrastructure.

How We Host Your MCP Server

PMCP Run uses AWS Lambda and AWS infrastructure to host your MCP server binary:

  • Isolated execution: Each MCP server runs in its own AWS Lambda function with isolated environment variables and secrets management.
  • Encrypted secrets: Secrets injected into your server at runtime are encrypted at rest and in transit using AWS-managed keys.
  • Revocable at any time: You can undeploy your server and delete all associated configuration through the PMCP Run dashboard or CLI at any time.

Third-Party Services

PMCP Run integrates with the following third-party services:

  • Amazon Web Services (AWS): Infrastructure hosting, Cognito authentication, Lambda compute, and CloudFront distribution.
  • Stripe: Payment processing. Stripe is PCI DSS Level 1 compliant. Their privacy policy applies to payment data they process.
  • ChatGPT / Claude: Conversation interface for AI-powered MCP usage. Their respective privacy policies apply to conversation data stored in their platforms.

Data Retention and Deletion

  • Active accounts: Server configuration and billing baselines are retained while your account is active.
  • Undeploying your server: Removes the Lambda function and associated runtime configuration but preserves your account record so you can redeploy later.
  • Full account deletion: Removes all DynamoDB records associated with your tenant, including server configuration and billing baselines. Contact us to request full deletion.

Security

All data in transit is encrypted via TLS. Data at rest in DynamoDB is encrypted using AWS-managed keys. Our infrastructure runs on AWS Lambda with no persistent servers, reducing the attack surface.

Changes to This Policy

We may update this privacy policy from time to time. Changes will be reflected in the "Last updated" date at the top of this page. Continued use of the service after changes constitutes acceptance of the updated policy.

Contact

For questions about this privacy policy or to request data deletion, contact us at: guy@mlguy.us