MSMCPScan

Privacy

Last updated: July 15, 2026

Local CLI Scans

The MCPScan CLI runs locally by default. It does not upload scan results unless an explicit upload/API workflow is added and requested.

Public Website

The current website is static and hosted on GitHub Pages. Standard hosting logs may be processed by GitHub as part of operating the site.

Payments

Payment processing is expected to be handled by Stripe Payment Links. Stripe may collect payment, billing, and fraud-prevention information under its own policies.

Audit Materials

Customers should not submit secrets, production credentials, customer data, or private configs through public issues. Sensitive materials should use an agreed secure transfer path after scope confirmation.

Data Minimization

MCPScan audit work should use the minimum materials needed to review MCP configuration, tool exposure, permissions, and remediation priorities.

Repository Boundary

Customer audit reports, private configs, payment records, and non-public prospect data should not be committed to the public MCPScan repository.