Privacy Policy

Last updated: March 21, 2025

La Rebelion Labs ("La Rebelion Labs", "we", "us", or "our") operates the HAPI MCP Stack and related services available at https://mcp.com.ai (the "Service").

Your privacy matters to us. This Privacy Policy explains what data we collect, why we collect it, how we use it, and the choices you have when using the HAPI MCP Stack.

We design our products with privacy-by-default, minimal data collection, and developer control as core principles.

1. Scope of This Policy

This Privacy Policy applies to:

The HAPI MCP Stack platform and tooling
HAPI MCP Server deployments (cloud and on-premise)
Websites, dashboards, CLIs, APIs, and documentation hosted under mcp.com.ai
Any related services provided by La Rebelion Labs

This policy does not apply to third-party services or MCP servers not operated by us.

2. Information We Collect

We collect only what is necessary to operate, secure, and improve the Service.

2.1 Information You Provide Directly

You may voluntarily provide:

Name or username
Email address
Organization or company name
Billing or subscription details (if applicable)
Support requests, feedback, or communications

We do not require personal data to run self-hosted or air-gapped deployments.

2.2 Information Collected Automatically

When you access the Service, we may collect limited technical data such as:

IP address
Browser type or runtime environment
Operating system
Approximate location (country or region)
Timestamps and basic request metadata

This data is used strictly for:

Security and abuse prevention
Performance monitoring
Reliability and troubleshooting

2.3 MCP, API, and Tooling Data

Important clarification:

We do not inspect, store, or train on MCP payloads, prompts, or tool execution data by default.
API requests and MCP tool calls are processed ephemerally unless logging is explicitly enabled by you.
Any logging, tracing, or telemetry is configurable and opt-in, especially for enterprise or self-hosted users.

For on-premise and air-gapped deployments, all data remains fully under your control.

3. How We Use Information

We use collected information to:

Operate and maintain the Service
Authenticate users and secure access
Provide support and respond to requests
Improve reliability, performance, and developer experience
Comply with legal obligations

We do not sell personal data and do not use your data for advertising.

Where applicable, we process personal data based on:

Consent – when you explicitly provide data
Contractual necessity – to deliver the Service
Legitimate interests – security, reliability, and fraud prevention
Legal obligations – compliance with applicable laws

We may share limited data only when necessary:

With infrastructure providers (e.g., hosting, storage, CDN)
With payment processors (if applicable)
When required by law or legal process

All vendors are selected with security and compliance in mind.

We never share MCP execution data or prompts with third parties for model training.

6. Cookies and Analytics

We use minimal cookies and analytics strictly for:

Essential functionality
Security
High-level usage insights

Where possible, we favor privacy-friendly analytics and avoid invasive tracking.

You can disable cookies via your browser settings.

7. Data Retention

We retain personal data only as long as necessary:

Account data: for the lifetime of the account
Support communications: as needed for follow-up and auditing
Logs and telemetry: short-lived and configurable

Self-hosted and air-gapped deployments control their own retention policies.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

Access your personal data
Correct inaccurate information
Request deletion of your data
Object to or restrict processing
Request data portability

To exercise these rights, contact us using the information in the "Contact Us" section below.

9. Security

We take security seriously and apply:

Encryption in transit
Access controls and least-privilege principles
Secure deployment practices
Regular reviews of infrastructure and dependencies

However, no system is 100% secure. You are responsible for securing your own deployments, especially in self-hosted environments.

10. International Data Transfers

If data is transferred across borders, we ensure appropriate safeguards are in place in accordance with applicable data protection laws.

11. Children's Privacy

The Service is not intended for children under 13, and we do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time.

When we do:

We will update the "Last updated" date
Material changes will be communicated when appropriate

Continued use of the Service constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, contact:

La Rebelion Labs
🌐 https://rebelion.la
📧 Contact Us

Built with transparency.
Designed for developers.
Privacy by default.

1. Scope of This Policy​

2. Information We Collect​

2.1 Information You Provide Directly​

2.2 Information Collected Automatically​

2.3 MCP, API, and Tooling Data​

3. How We Use Information​

4. Legal Bases for Processing (GDPR)​

5. Data Sharing and Disclosure​

6. Cookies and Analytics​

7. Data Retention​

8. Your Rights​

9. Security​

10. International Data Transfers​

11. Children's Privacy​

12. Changes to This Policy​

13. Contact Us​