Privacy Policy

Last updated: March 2025

Scope: Bro MCP proxy

1. Overview

This Privacy Policy describes how the Bro MCP proxy (the “Service”) processes information when you connect MCP servers and route AI agent traffic through the Service.

2. Information We Process

We process information necessary to provide the Service, including:

• Account information: identifiers and basic profile details associated with your account.
• Connection information: MCP server identifiers, endpoints, and connection status.
• Operational metadata: timestamps, request identifiers, request counts, and delivery status used for reliability and troubleshooting.
• Buffered message content: full JSON-RPC request and response bodies may be temporarily buffered to deliver messages back to you.

Operational logs are intended to contain metadata only. We do not log user-provided request or response payload content (including prompts and tool inputs/outputs).

3. Credentials and Secrets

When you connect MCP servers or OAuth providers, you may provide credentials or other secrets. Credentials are stored per account to operate the Service on your behalf, with access controls and encryption-at-rest where available. You can revoke credentials from the dashboard, which removes access for the proxy.

4. How We Use Information

• Operate and maintain the proxy pipeline.
• Authenticate requests and apply access controls.
• Detect abuse, investigate incidents, and protect the Service.
• Provide aggregate usage statistics and improve functionality.

We do not sell personal information and we do not run advertising based on your data.

5. Sharing

The Service routes requests to the MCP servers you connect. Those third-party services may process information under their own policies. We may share information if required by law or to protect the rights and safety of users and the Service.

6. Legal Basis and Retention

We process information to provide the Service and to protect the platform. Operational data is retained only as long as needed for reliability, troubleshooting, and legal compliance, after which it is deleted or aggregated.

7. Security

We use modern transport security and access controls to protect information. You are responsible for keeping your own credentials safe and for avoiding sharing secrets in prompts or tool inputs where possible.

8. Your Choices

• Disconnect MCP servers and revoke credentials from the dashboard.
• Stop using the Service by logging out.
• Contact us to request access to or deletion of operational data we retain, where applicable.

9. Changes

We may update this Privacy Policy from time to time. Continued use of the Service after an update means you accept the revised policy.

10. Contact

Questions or requests: [email protected].