// Privacy Policy

Effective: March 4, 2026

// What We Collect

TL;DR:

Your email (via Clerk for authentication), encrypted OAuth tokens, and usage metadata (timestamps, status codes). By default (client-side keys), Bindify never holds your encryption key. For managed refresh connections (advanced opt-in), Bindify holds a server-derived key.

We collect: (a) your email address, provided through our authentication provider Clerk, for account creation and communication; (b) OAuth tokens from third-party services you connect, encrypted using AES-256-GCM; (c) usage metadata including request timestamps and HTTP status codes for service monitoring and debugging. For connections using client-side keys (the default), the encryption key is derived from your secret URL and is never stored by Bindify. For connections using managed refresh (advanced opt-in), Bindify derives and holds a per-connection encryption key to enable daily background token refresh.

// What We Do NOT Collect

TL;DR:

We never log, read, or store the content of your MCP requests or responses. In client-side keys mode, we also never store your encryption key.

We explicitly do not collect, store, or have access to: (a) the content of MCP requests or responses proxied through our Service; (b) your plaintext OAuth tokens — we only store the encrypted form. In client-side keys mode, we additionally do not store or have access to your decryption key — it exists only in the secret URL or API key you control, and your encrypted tokens cannot be decrypted without it.

// Token Encryption Architecture

TL;DR:

All tokens are encrypted with AES-256-GCM. Client-side keys (default) is zero-knowledge — we never hold the decryption key. Managed refresh (advanced) lets Bindify refresh tokens daily in the background. See our Security page for the full technical details.

Bindify offers two token storage modes, selectable when you create a connection:

Client-side Keys (default) — Tokens are encrypted with a key derived from your secret URL, which is never stored on our servers. This is a zero-knowledge architecture: Bindify cannot access your credentials, and a database breach would not expose usable token data. Tokens are refreshed on-demand when your connection is used.
Managed Refresh (advanced opt-in) — Tokens are encrypted at rest with AES-256-GCM. Bindify holds a server-derived encryption key and refreshes tokens daily in the background. Useful for long-idle connections that need to stay active without regular use.

For a detailed technical explanation of both modes, see our Security page.

// How We Use Your Data

TL;DR:

To run the service, bill you, and help you if something breaks.

We use your data solely for: (a) providing and maintaining the Service; (b) processing payments through Stripe; (c) communicating with you about your account, including service announcements and support; (d) monitoring service health and debugging issues using aggregated, non-personally-identifiable metadata.

// Third-Party Services

TL;DR:

We use Clerk for login, Stripe for payments, and Cloudflare for hosting and analytics. Each has their own privacy policy.

The Service integrates with the following third-party providers:

Clerk (authentication): Processes your email and login credentials. Clerk Privacy Policy
Stripe (billing): Processes payment information. We do not store credit card numbers. Stripe Privacy Policy
Cloudflare (hosting, CDN, analytics): Hosts our infrastructure and provides privacy-friendly analytics. Cloudflare Privacy Policy

// Cookies

TL;DR:

Clerk sets session cookies for login. Cloudflare Analytics doesn't use cookies or track you across sites. No third-party tracking cookies.

We use only essential cookies: (a) session cookies set by Clerk for authentication purposes. We do not use advertising or third-party tracking cookies. Cloudflare Analytics, which we use for aggregated traffic metrics, does not use cookies and does not track individual users across websites.

// Data Retention

TL;DR:

We keep your data while your account is active. Close your account and we delete everything within 30 days.

We retain your personal data for as long as your account remains active. Upon account closure or termination, we will delete your personal data, including all encrypted OAuth tokens and connection records, within thirty (30) days. Aggregated, non-personally-identifiable usage metrics may be retained indefinitely for service improvement.

// Your Rights

TL;DR:

You can request access to, deletion of, or export of your data. Email [email protected].

You have the right to: (a) access the personal data we hold about you; (b) request deletion of your personal data; (c) request an export of your data in a portable format; (d) withdraw consent for optional data processing. To exercise any of these rights, contact us at [email protected]. We will respond within thirty (30) days.

// Children

TL;DR:

Bindify is not for children under 13. We don't knowingly collect their data.

The Service is not directed at children under the age of thirteen (13). We do not knowingly collect personal information from children under 13. If we learn that we have collected personal data from a child under 13, we will delete that information promptly.

// Changes to This Policy

TL;DR:

We may update this policy. We'll email you about material changes.

We may update this Privacy Policy from time to time. We will notify you of material changes via the email address associated with your account. Your continued use of the Service after notification constitutes acceptance of the updated policy.

// Contact

Privacy questions? Email [email protected]. Security concerns? Email [email protected].