Privacy policy.

Last updated: 28 April 2026Operator: Philip Bennett — Punk LeadershipContact: phil@mcportal.wtf

1. Who we are

MCPortal (the “Service”) is operated by Philip Bennett — Punk Leadership (“we”, “us”), a sole trader (Einzelunternehmer) registered in Berlin, Germany, at 94 Kastanienallee, 10435 Berlin, Germany. VAT ID: DE306641412. You can reach us at phil@mcportal.wtf.

2. What the Service does

MCPortal lets you connect one or more Google accounts (Gmail, Drive, Calendar) and Notion accounts to a Model Context Protocol (MCP) endpoint, which AI clients (Claude Desktop, ChatGPT, Cursor, etc.) can use to read and modify those accounts on your behalf.

We do not proactively read or copy your Google or Notion data. Tool calls from your AI client are forwarded directly to Google / Notion in real time using the OAuth tokens you authorised; the response is streamed back to your AI client. We do not cache the contents of your inbox, files, calendar entries, or pages on our infrastructure.

3. Personal data we process

3.1 Account data

When you sign in, we store:

Your email address (from Google sign-in).
The Google sub identifier (an opaque, stable per-user ID issued by Google) used to recognise you.
The display name of any Google or Notion account you bind, plus the user-chosen label.
OAuth refresh tokens and short-lived access tokens, encrypted at rest with AES-256-GCM.
Granted OAuth scopes, so the dashboard can show you what each binding can do.
Session tokens (hashed) to keep you signed in to the dashboard.
Invite tokens (hashed) used during signup, plus the invitee email and expiry.

3.2 Operational data

We process:

HTTP request logs (IP, user agent, request path, status, timestamp) generated by Google Cloud Run for security and debugging. Retention: 30 days.
Auth events (sign-in success/failure, sign-up, logout, invite mint/consume) written to the application log for security review.
Anonymous, cookieless page-view analytics via Fathom Analytics (see §6).

3.3 What we do NOT store

The contents of your emails, files, calendar events, or Notion pages.
Plaintext OAuth tokens (only encrypted ciphertext is stored).
Plaintext session or invite tokens (only SHA-256 hashes).
Passwords (sign-in is via Google OAuth; no MCPortal password exists).

4. Legal basis (DSGVO / GDPR)

Contract (Art. 6(1)(b) GDPR) — we process account, binding and token data because it is necessary to provide the Service to you.
Legitimate interest (Art. 6(1)(f) GDPR) — security logging and minimal anonymous analytics, balanced against your reasonable expectations.
Consent (Art. 6(1)(a) GDPR) — you grant Google / Notion OAuth scopes via their own consent screens; you can withdraw at any time.

5. Where data is stored

All application data lives in Google Cloud Platform, region europe-west4 (Belgium):

Application: Google Cloud Run.
Database: Google Cloud SQL for PostgreSQL.
Secrets (encryption keys, OAuth client credentials): Google Secret Manager.

No personal data is transferred outside the EU/EEA by us. Google may, as our infrastructure sub-processor, replicate logs and operational metadata to other Google regions in line with their standard contractual terms.

6. Sub-processors

Google Cloud (Google Ireland Ltd) — hosting, database, secret storage, OAuth identity provider for sign-in.
Notion (Notion Labs Inc) — when you bind a Notion account, OAuth tokens are exchanged with Notion and tool calls are forwarded to Notion’s API.
Fathom Analytics (Conva Ventures Inc) — privacy-friendly, cookieless analytics. Fathom does not collect IP addresses or any cross-site identifiers; see their privacy policy.
GitHub (GitHub Inc) — source-code hosting and CI/CD. Does not receive end-user data.

7. Sharing & disclosure

We do not sell or rent personal data. We may disclose data when required by law, court order, or to protect the rights, property, or safety of the Service, our users, or the public.

8. Retention & deletion

Account bindings: until you remove them via the dashboard or your account is deleted.
OAuth refresh tokens: deleted when you remove the binding.
Sessions: deleted on sign-out, or automatically after 30 days of inactivity.
Invite tokens: deleted automatically after their expiry (default 7 days) or when consumed.
HTTP and auth logs: 30 days.

To delete your entire account and all associated data, email phil@mcportal.wtf. We will action the request within 30 days.

9. Your rights

Under DSGVO / GDPR you have the right to:

Access the personal data we hold about you (Art. 15 GDPR).
Correct inaccurate data (Art. 16 GDPR).
Have your data erased — “right to be forgotten” (Art. 17 GDPR).
Restrict or object to processing (Art. 18, 21 GDPR).
Receive your data in a portable format (Art. 20 GDPR).
Lodge a complaint with your local data protection authority. Our lead supervisory authority is the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit / BlnBDI), Friedrichstraße 219, 10969 Berlin, Germany.

To exercise any of these rights, email phil@mcportal.wtf.

10. Security

OAuth refresh tokens and access tokens are encrypted with AES-256-GCM using a key held in Google Secret Manager.
Session, invite, and MCP tokens are stored only as SHA-256 hashes.
Database connections use Cloud SQL Auth Proxy with TLS.
The dashboard is HTTPS-only.
Sign-in is brokered by Google OAuth — we never see your Google password.

11. Cookies

We set a single first-party cookie, mcportal_session, used to keep you signed in to the dashboard. It is HTTP-only, SameSite=Lax, secure, and expires after 30 days. We do not use third-party advertising cookies. Fathom Analytics is cookieless.

12. Changes to this policy

We will update this page when our processing changes. The date at the top of this page reflects the most recent revision. Material changes will be announced via the dashboard.