1. Introduction
Cyber Craft Solutions LLC ("CCS," "we," "us," or "our") operates CraftedTrust ("Service"), an independent trust authority for the AI tool ecosystem. This Privacy Policy explains how we collect, use, store, and protect information when you use our Service at mcp.craftedtrust.com.
2. Information We Collect
2.1 Information You Provide
- Server URLs: When you submit an MCP server for scanning, we collect the URL you provide.
- Email Addresses: When you sign up for waitlists, certification notifications, or publisher accounts, we collect your email address.
- Certification Data: When you apply for server certification, we collect publisher information, server details, and payment information (processed by Stripe โ we do not store credit card numbers).
2.2 Information We Generate
- Scan Results: When we scan an MCP server, we generate and store trust scores, factor breakdowns, discovered tools/resources, network behavior data, and other scan findings.
- Usage Metadata: We collect IP addresses for rate limiting purposes only. These are stored temporarily and automatically purged.
2.3 Information We Do NOT Collect
- We do not use cookies for tracking or advertising.
- We do not use third-party analytics services (no Google Analytics, no Mixpanel, no Facebook Pixel).
- We do not use ad networks or sell data to third parties.
- We do not track browsing behavior across other websites.
3. How We Store Your Data
All data is stored in Cloudflare D1, a serverless SQLite database running on Cloudflare's global edge network. Data is encrypted at rest using Cloudflare's infrastructure-level encryption. We do not operate our own database servers.
4. How We Use Your Data
- Scan Results: Published in the CraftedTrust registry to help the community make informed decisions about MCP server safety.
- Email Addresses: Used solely to notify you about features you signed up for (certification availability, dashboard access). We will never sell your email or send unsolicited marketing.
- IP Addresses: Used only for rate limiting API requests. Not logged permanently.
5. Data Sharing
We do not share personal data with third parties. Scan results (server URLs and trust scores) are public by design โ that's the point of the service. Publisher certification status is also public.
We use Stripe for payment processing. When you make a certification payment, Stripe collects and processes your payment information under their own privacy policy.
6. Data Retention
- Scan Results: Retained indefinitely as part of the public registry.
- Waitlist Emails: Retained until the feature launches and you are notified, or until you request deletion.
- Rate Limit Data: Automatically purged within 1 hour.
7. Your Rights
7.1 GDPR (European Users)
If you are located in the European Economic Area, you have the right to:
- Access, correct, or delete your personal data
- Object to or restrict processing of your data
- Data portability
- Withdraw consent at any time
7.2 California Privacy Rights (CCPA/CPRA)
California residents have the right to:
- Know what personal information we collect
- Request deletion of personal information
- Opt-out of the sale of personal information (we do not sell personal information)
- Non-discrimination for exercising privacy rights
8. Data Deletion Requests
To request deletion of your personal data, contact us at:
[email protected]
We will process deletion requests within 30 days.
9. Cookies
CraftedTrust does not currently use cookies. If we add analytics or session management in the future, this policy will be updated and you will be notified.
10. Children's Privacy
CraftedTrust is not directed at children under 13. We do not knowingly collect personal information from children.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date.
12. Contact
Cyber Craft Solutions LLC
Email: [email protected]