Privacy
Last updated: July 15, 2026
Local CLI Scans
The MCPScan CLI runs locally by default. It does not upload scan results unless an explicit upload/API workflow is added and requested.
Public Website
The current website is static and hosted on GitHub Pages. Standard hosting logs may be processed by GitHub as part of operating the site.
Payments
Payment processing is expected to be handled by Stripe Payment Links. Stripe may collect payment, billing, and fraud-prevention information under its own policies.
Audit Materials
Customers should not submit secrets, production credentials, customer data, or private configs through public issues. Sensitive materials should use an agreed secure transfer path after scope confirmation.
Data Minimization
MCPScan audit work should use the minimum materials needed to review MCP configuration, tool exposure, permissions, and remediation priorities.
Repository Boundary
Customer audit reports, private configs, payment records, and non-public prospect data should not be committed to the public MCPScan repository.