AtlasMCPHosted

Privacy Policy

Last updated: March 24, 2026

1. Introduction

This Privacy Policy describes how Think Neverland (“we”, “us”) collects, uses, and protects your information when you use the AtlasMCP Hosted service at atlasmcp.dev. This policy applies only to the hosted SaaS version. The self-hosted open-source version processes all data locally on your infrastructure.

2. Information We Collect

Account Information

  • Email address (for authentication and communication)
  • Billing information (processed and stored by Stripe; we do not store card details)

Usage Data

  • API request logs (timestamps, endpoints, response codes)
  • Session metadata (session IDs, tool invocations, timestamps)
  • Feature usage metrics (aggregated, non-identifiable)

Project Data

  • Code analysis results, playbooks, session memory, and documents you upload or generate through the Service
  • Database connection metadata (we support read-only introspection; connection strings are encrypted at rest)

3. How We Use Your Information

  • To provide and maintain the Service
  • To authenticate your identity and manage your account
  • To process payments via Stripe
  • To send transactional emails (magic links, billing receipts)
  • To monitor service health and prevent abuse
  • To improve the Service based on aggregated usage patterns

4. Data Isolation & Security

AtlasMCP Hosted is a multi-tenant system. Your data is logically isolated from other tenants. Every database query is scoped to your tenant ID. We employ encryption in transit (TLS) and at rest for sensitive data. API tokens are hashed before storage.

5. Third-Party Services

  • Stripe — Payment processing. Subject to Stripe's Privacy Policy.
  • Resend — Transactional email delivery (magic links, receipts).
  • Railway — Infrastructure hosting.

We do not sell your data. We do not share your data with third parties for advertising or marketing purposes.

6. Data Retention

We retain your data for as long as your account is active. If you cancel your subscription, we retain your data for 30 days to allow reactivation, after which it is permanently deleted. You may request immediate deletion by contacting us.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a machine-readable format
  • Withdraw consent for non-essential data processing

8. Cookies

We use only essential cookies required for authentication (session tokens). We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

9. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email. The “Last updated” date at the top reflects the most recent revision.

10. Contact

For privacy-related questions or data requests, contact us at [email protected].