← Privacy Policy
Legal
Subprocessors
Last updated
These are the third-party services we use to operate the hosted MCP Guard product. Customers under a Data Processing Addendum receive advance notice of material changes. To subscribe to change notifications, email privacy@mcp-guard.ai.
| Subprocessor | Services | Purpose | Location | Data types |
|---|---|---|---|---|
| Cloudflare, Inc. | Workers, DNS, Email Service, Cache, R2, KV | Edge runtime for the marketing site and hosted product; CDN; outbound transactional email; static asset storage. | Global edge; data plane primarily EU. | Request metadata, account email (for transactional sends), aggregate telemetry. |
| Supabase, Inc. | Postgres, Auth, RLS, Storage | Application database (tenants, policies, audit chain, reviews, API keys); identity and session management. | eu-central-2 (Switzerland). | Account data, policy YAML, audit-chain rows, reviewer decisions, hashed parameter digests, optional opted-in raw payloads on review-mode decisions. |
| Stripe, Inc. | Billing, payment processing, customer portal | Subscription billing, invoice issuance, payment method storage, customer self-service portal. | United States, with EU data residency where applicable. | Billing contact, payment method tokens, invoice records, tax data, usage meter readings. |
| Resend, Inc. | Transactional email delivery | Outbound transactional email — account verification, password reset, webhook-failure alerts, review-queue notifications. | United States; emails delivered globally per recipient. | Recipient email, message subject and body (system-generated), delivery metadata. |
| phi-cloud (Stackforge SARL) | OpenAI-compatible routing layer for the LLM-judge tier and the vector embedder | When a tenant enables the LLM-judge tier OR the vector injection layer, the redacted excerpt of the action params is routed via phi-cloud to a per-region model: default LLM = Gemma-4 E2B IT (`worker-gemma-4-e2b`); default embedder = Qwen3-Embedding-8B (`worker-qwen3-embedding-8b`). phi-cloud is a stateless proxy — no traffic data is persisted. | Switzerland (default routing). PHI-flagged traffic is pinned to PHI-eligible providers (Infomaniak SA, CH) via `X-PHI: true`. | Redacted action-param excerpt (typically ≤ 8 KB) and the system-prompt for the judge / the text to embed. Tenants can disable the judge tier in dashboard settings; when disabled, no data is sent through phi-cloud. |
| Medishift Sàrl (self-hosted CH worker) | Downstream non-PHI model host reached via phi-cloud — Gemma-4 E2B IT chat + Qwen3-Embedding-8B embeddings | Default destination for non-PHI LLM-judge and vector-embedder calls when traffic is routed through phi-cloud and no `X-PHI: true` header is set. | Switzerland. | Same redacted excerpt described above. Reached only via phi-cloud — no direct API surface from MCP Guard. |
| Infomaniak Network SA | Downstream PHI-eligible model host reached via phi-cloud — Mistral 24B / Qwen3 chat + MiniLM-L12-v2 / BGE-Multilingual-Gemma2 embeddings | Destination for PHI-flagged LLM-judge and vector-embedder calls (when the tenant flips `PHI_CLOUD_PHI=true` or the policy DSL marks the action as PHI). Currently the only PHI-eligible provider on phi-cloud. | Switzerland. | Same redacted excerpt described above, plus the `X-PHI: true` data-class marker. Reached only via phi-cloud. |
See also our Privacy Policy and Terms of Service.