mcpfold logomcpfold

Privacy policy

Version 1.0 · Effective 2026-07-10

mcpfold is built to need as little of your data as possible. The CLI runs entirely on your machine, the website uses privacy-friendly analytics with no cookies and no personal data, and secret values never leave your computer. This policy explains exactly what is and is not collected.

The website

When enabled, this site uses cookieless, privacy-friendly analytics (a Plausible/Umami-style endpoint) that measures aggregate page views and referrers only. It sets no cookies, stores no personally identifying information, and does not track you across other sites. Analytics is off entirely unless the site is built with the analytics environment variables, so previews and local runs never phone home.

Because no personal data or cookies are involved, the site does not show a cookie-consent wall. See the analytics disclosure for details.

The mcpfold CLI

The CLI is local-first and collects nothing by default — there is no network sink wired in the shipped tool. Telemetry is strictly opt-in: it is sent only if you set `MCPFOLD_TELEMETRY=1`, and it is forced off if you set `DO_NOT_TRACK=1` (the cross-tool convention) or `MCPFOLD_TELEMETRY=0`.

If you do opt in, each event is a fixed allow-list of non-identifying fields (such as which subcommand ran) and passes through the same secret redactor the rest of the tool uses, as a final guard. Your configuration contents and secrets are never collected.

The optional hosted cloud

The hosted team cloud is optional (and self-hostable). If you create an account, we store your account identifier (such as your email) and the configuration you choose to sync. That configuration carries secret references — placeholders like `${env:…}` — never the secret values themselves, which stay on your machine and are resolved locally.

We use the account data only to provide the service (authentication, sync, and the audit trail). We do not sell your data.

Data sharing and processors

We do not sell personal data or share it with advertisers. Where the hosted service relies on infrastructure providers (for example, hosting and the database), they process data solely to run the service on our behalf.

Your choices and rights

The CLI and everything local require no account and collect nothing by default. For the hosted cloud, you can request access to or deletion of your account data by contacting us. You can opt out of CLI telemetry at any time as described above, and out of website analytics by blocking the analytics script or sending a Do-Not-Track signal.

Changes to this policy

This policy is versioned and dated (see the effective date above). Material changes will update the version. Questions? Email [email protected] or open an issue on https://github.com/dj-pearson/MCPFold.

See also: Privacy · Terms · Analytics & cookies · Security