Privacy Policy

This policy describes what information Broxy collects, how it is used, and the choices you have. Broxy is a hosted MCP proxy that connects AI clients to your local MCP server.

1. Information we collect

• Account data from Google OAuth, such as email, name, and profile image.
• OAuth client identifiers and secrets that you create in the dashboard.
• Local MCP server identifiers and cached capability metadata (tools, prompts, resources).
• Aggregated usage metrics, such as request counts and request/response size totals.
• Session cookies required to keep you signed in.

2. Information we do not collect

Broxy does not store or log the content of MCP requests or responses. Prompts, tool inputs, tool outputs, and resource contents are proxied transiently and are not persisted.

3. How we use information

1. Provide authentication, token issuance, and proxy routing.
2. Show your dashboard data, client secrets, and cached capabilities.
3. Enforce account limits and measure aggregate service usage.
4. Maintain security, prevent abuse, and respond to support requests.

4. Sharing and disclosure

• We do not sell your personal information.
• We may share data with service providers who help operate Broxy.
• We may disclose information to comply with legal obligations.

5. Data retention

We keep account records and configuration data while your account is active. You can request deletion of your account and associated data by contacting support.

6. Security

We use reasonable technical and organizational measures to protect account data. No method of transmission or storage is 100% secure, so we cannot guarantee absolute security.

7. Your choices

• You can revoke OAuth client secrets at any time from the dashboard.
• You can disconnect your local MCP server by removing its registration.
• You can contact us to access or delete your account data.

8. Contact

Questions about this policy can be sent to [email protected].