Skip to content

Privacy Policy

Last updated: March 2026

Who we are

MCPAmpel ("we", "us") is operated by a sole proprietor based in Dresden, Germany. We provide a multi-engine security scanning platform for MCP servers and GitHub repositories.

Contact: [email protected]

What data we collect

Account data

When you register, we store your email address, display name (optional), and a hashed password (Argon2). We never store your password in plain text.

Scan data

When you submit a URL for scanning, we store the URL, scan results, engine outputs, and trust score. Scan results are publicly visible by default.

Session data

We use a single session cookie (session_id) to keep you logged in. This is a functional cookie, not used for tracking. Session data is stored in Redis with a 7-day TTL.

Server logs

Standard web server logs (IP address, user agent, request path) are retained for up to 30 days for debugging and abuse prevention.

How we store your data

  • Account and scan data: encrypted database
  • Session tokens: server-side session storage (7-day expiry)
  • Application hosted on infrastructure within the EU

Retention periods

  • Scan history: retained until you delete your account
  • Account data: retained until you delete your account

Third-party services

  • GitHub API (for repository cloning during scans)
  • Microsoft Clarity (anonymous usage analytics, heatmaps, session recordings). Clarity does not use cookies and does not collect personal data. Clarity Privacy
  • Cloudflare (CDN, DDoS protection, anonymous web analytics)

We do not use analytics trackers, advertising networks, or social media pixels.

Your rights (GDPR)

Under the General Data Protection Regulation, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Delete your account and associated data
  • Export your data in a portable format
  • Object to processing of your data
  • Restrict processing in certain circumstances

To exercise any of these rights, email [email protected]. We will respond within 30 days.

Cookies

We use a single, functional session cookie to maintain your login state. We do not use tracking cookies, third-party cookies, or analytics cookies. No cookie consent is required for strictly necessary cookies under GDPR, but we inform you about this cookie for transparency.

Changes to this policy

We may update this policy from time to time. Changes will be posted on this page with an updated date. Continued use of the service after changes constitutes acceptance.

This site uses a single session cookie to keep you logged in. No tracking cookies. See our privacy policy.