yuukiii/hermes-mcp
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

legal: update privacy policy and terms for v1 consumer launch

Browse Source
This commit is contained in:
Garfield
2026-06-12 12:12:46 -04:00
parent 13350881e0
commit af084133fa
2 changed files with 94 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

142
product/site/privacy.html
View File

@@ -6,7 +6,7 @@
<title>Privacy Policy — SquareMCP</title>
<meta
name="description"
content="SquareMCP privacy policy covering pilot requests, service data, and how customer environments are handled."
content="SquareMCP privacy policy — how we handle your account data, connected platform credentials, and content when you use SquareMCP with Claude or ChatGPT."
/>
<link rel="stylesheet" href="./styles.css?v=20260505b" />
</head>
@@ -28,94 +28,127 @@
<article class="legal-card">
<div class="legal-eyebrow">Legal</div>
<h1 class="legal-title">Privacy Policy</h1>
<p class="legal-subhead">Last updated May 5, 2026</p>
<p class="legal-subhead">Last updated June 12, 2026</p>
<section class="legal-section">
<h2>Scope</h2>
<p>
This Privacy Policy describes how SquareMCP collects, uses, and protects information
when you visit squaremcp.com, contact us, or participate in a SquareMCP pilot or
managed deployment.
This Privacy Policy describes how SquareMCP (operated by HERONS LLC) collects, uses, and
protects information when you use squaremcp.com, app.squaremcp.com, or the SquareMCP MCP
server at hermes.squaremcp.com. This includes when you connect SquareMCP to Claude,
ChatGPT, or other AI systems.
</p>
</section>
<section class="legal-section">
<h2>Information we collect</h2>
<p>We may collect:</p>
<p>We collect:</p>
<ul>
<li>contact details such as your name, work email, company, and role</li>
<li>pilot intake details such as your use case, target systems, and security requirements</li>
<li>service and operational data needed to provision, secure, and support a deployment</li>
<li>communications you send to us by email or through the pilot intake form</li>
<li><strong>Account information</strong> — your email address and password when you create a SquareMCP account at app.squaremcp.com.</li>
<li><strong>Connected platform credentials</strong> — API keys, OAuth access tokens, app passwords, and account identifiers for platforms you choose to connect (Obsidian, email accounts, Facebook Pages, Instagram Business accounts, and others). These are stored encrypted and used only to execute the actions you request.</li>
<li><strong>Request logs</strong> — records of tool calls made through SquareMCP, including which platform was called, timestamp, and outcome. We do not log the full content of emails, notes, or social media posts.</li>
<li><strong>Communications</strong> — emails or messages you send to info@squaremcp.com or through the site contact form.</li>
</ul>
</section>
<section class="legal-section">
<h2>How AI systems interact with your data</h2>
<p>
SquareMCP acts as a bridge between AI systems (such as Claude by Anthropic and ChatGPT by
OpenAI) and your connected accounts. When you authorize SquareMCP from within an AI assistant:
</p>
<ul>
<li>The AI system sends requests to SquareMCP describing what action to perform (e.g., "search notes for topic X", "post to Facebook page").</li>
<li>SquareMCP uses your stored credentials to carry out the action on your behalf.</li>
<li>Results are returned to the AI system so it can respond to you.</li>
</ul>
<p>
SquareMCP does not train AI models on your data. SquareMCP does not share your connected
platform content or credentials with AI providers — the AI system sends instructions to
SquareMCP; SquareMCP sends results back to the AI system. What the AI provider does with
those results is governed by that provider's own privacy policy (Anthropic's for Claude;
OpenAI's for ChatGPT).
</p>
</section>
<section class="legal-section">
<h2>Connected platforms and what we access</h2>
<p>When you connect a platform, SquareMCP accesses only what is needed to perform the actions you request:</p>
<ul>
<li><strong>Obsidian vault</strong> — note content, titles, and paths in your vault. SquareMCP can read, write, search, and append notes. Your vault is accessed via an API key you generate in your Obsidian configuration.</li>
<li><strong>Email (Gmail, Yahoo, IMAP/SMTP)</strong> — inbox messages, message content, and the ability to send email from your configured accounts. SquareMCP connects via IMAP for reading and SMTP for sending using credentials you provide. We do not store email content beyond what is needed to respond to your current request.</li>
<li><strong>Facebook Pages</strong> — your Facebook Business Page info, existing posts, and the ability to publish new posts and photos on your behalf. Access uses a Page access token you authorize via the Facebook Developer Console.</li>
<li><strong>Instagram Business</strong> — your Instagram Business account profile, media, and the ability to publish photos and reels. Access is linked to your Facebook Page authorization.</li>
<li><strong>Other platforms</strong> — LinkedIn, Twitter/X, TikTok, WhatsApp, Telegram, Discord, and Slack integrations follow the same principle: SquareMCP uses only the credentials and permissions you explicitly provide and performs only the actions you request.</li>
</ul>
<p>
You can disconnect any platform at any time from app.squaremcp.com. Disconnecting removes
stored credentials for that platform.
</p>
</section>
<section class="legal-section">
<h2>How we use information</h2>
<p>We use information to:</p>
<ul>
<li>review and respond to pilot requests</li>
<li>configure and operate SquareMCP deployments</li>
<li>authenticate access, troubleshoot issues, and maintain security controls</li>
<li>communicate about pilots, support, billing, and service changes</li>
<li>authenticate your account and authorize AI system access via OAuth</li>
<li>execute platform actions you request through connected AI assistants</li>
<li>maintain request logs for debugging, security, and operational purposes</li>
<li>communicate about your account, service changes, and support</li>
</ul>
</section>
<section class="legal-section">
<h2>Customer data and connected systems</h2>
<p>
SquareMCP is designed to act as a managed MCP gateway for internal tools. Depending on
the deployment, customer data may remain in a customer-controlled environment or may be
processed in SquareMCP-managed infrastructure as part of the service. The exact data
path depends on the deployment architecture and connector configuration.
</p>
<p>
Pilot and production customers are responsible for evaluating which systems they choose
to connect and which tool permissions they enable for their users and agents.
</p>
</section>
<section class="legal-section">
<h2>Authentication credentials and tokens</h2>
<p>
SquareMCP may process API keys, OAuth credentials, session metadata, audit records, and
related access-control data needed to operate the service. We use these credentials only
to authenticate approved integrations and support the configured deployment.
</p>
</section>
<section class="legal-section">
<h2>Sharing</h2>
<p>
We do not sell personal information. We may share information with infrastructure,
hosting, email, or support providers only to the extent reasonably necessary to run the
service, support customers, comply with law, or protect SquareMCP and its users.
We do not sell personal information. We do not share your connected platform content
or credentials with third parties except as required to operate the service (e.g., using
a cloud hosting provider). We may disclose information if required by law or to protect
the security of the service and its users.
</p>
</section>
<section class="legal-section">
<h2>Retention</h2>
<h2>OAuth and third-party authorization</h2>
<p>
We retain information for as long as reasonably necessary to evaluate pilots, deliver
services, maintain records, and meet legal, operational, or security obligations.
SquareMCP uses OAuth 2.0 to authorize AI systems (Claude, ChatGPT) to access your
SquareMCP account. When you complete an OAuth flow from an AI assistant, you are granting
that AI system permission to call SquareMCP tools on your behalf. You can revoke this
access at any time by disconnecting the AI system from app.squaremcp.com.
</p>
<p>
SquareMCP does not have access to your Anthropic or OpenAI account credentials.
</p>
</section>
<section class="legal-section">
<h2>Data retention</h2>
<p>
Account data and connected platform credentials are retained as long as your account is
active. Request logs are retained for up to 90 days for operational and security purposes.
You may request deletion of your account and associated data at any time by emailing
<a href="mailto:info@squaremcp.com">info@squaremcp.com</a>.
</p>
</section>
<section class="legal-section">
<h2>Security</h2>
<p>
We use reasonable administrative, technical, and operational measures to protect
information. No system can guarantee absolute security, and you should not submit
information through the service unless you are comfortable with that risk profile.
Connected platform credentials are stored encrypted. We use HTTPS for all communications.
Webhook endpoints use HMAC signature validation. OAuth tokens are stored server-side and
not exposed to the browser. No system can guarantee absolute security.
</p>
</section>
<section class="legal-section">
<h2>Your choices</h2>
<p>
You may contact us to request access, correction, or deletion of personal information we
hold about you, subject to legal and operational limits.
</p>
<h2>Your rights and choices</h2>
<p>You can:</p>
<ul>
<li>disconnect any connected platform at any time from app.squaremcp.com</li>
<li>revoke AI system OAuth access from app.squaremcp.com</li>
<li>request deletion of your account and data by emailing info@squaremcp.com</li>
<li>request a copy of data we hold about you</li>
</ul>
</section>
<section class="legal-section">
@@ -123,13 +156,10 @@
<p>
Questions about this Privacy Policy can be sent to
<a class="footer-link" href="mailto:info@squaremcp.com">info@squaremcp.com</a>.
<br>
HERONS LLC, 10704 NW 51 St, Coral Springs, FL 33076.
</p>
</section>
<div class="legal-note">
This page is a general website and pilot-stage privacy policy. It should be reviewed and
adapted if SquareMCP moves into broader commercial availability or regulated deployments.
</div>
</article>
</main>
</body>

20
product/site/terms.html
View File

@@ -28,22 +28,23 @@
<article class="legal-card">
<div class="legal-eyebrow">Legal</div>
<h1 class="legal-title">Terms of Service</h1>
<p class="legal-subhead">Last updated May 5, 2026</p>
<p class="legal-subhead">Last updated June 12, 2026</p>
<section class="legal-section">
<h2>Agreement</h2>
<p>
These Terms of Service govern your access to and use of SquareMCP, including the
squaremcp.com website, pilot engagements, managed deployments, and related support.
By using SquareMCP, you agree to these Terms.
squaremcp.com and app.squaremcp.com websites, the SquareMCP MCP server, and related
support. By using SquareMCP, you agree to these Terms.
</p>
</section>
<section class="legal-section">
<h2>Service description</h2>
<p>
SquareMCP provides managed MCP infrastructure and related services for connecting AI
agents to customer-approved internal tools, systems, and data sources.
SquareMCP provides an MCP server and related services that connect AI assistants
(such as Claude and ChatGPT) to your personal and business accounts, including email,
social media platforms, and productivity tools like Obsidian.
</p>
</section>
@@ -60,8 +61,7 @@
<h2>Customer responsibilities</h2>
<p>You are responsible for:</p>
<ul>
<li>providing accurate information during pilot intake and onboarding</li>
<li>ensuring you have authority to connect systems, accounts, and data sources</li>
<li>ensuring you have authority to connect the accounts and platforms you link to SquareMCP</li>
<li>configuring appropriate permissions, approvals, and internal safeguards</li>
<li>reviewing agent behavior and tool outputs before relying on them in production workflows</li>
<li>complying with applicable laws, regulations, and contractual obligations</li>
@@ -127,13 +127,9 @@
<p>
Questions about these Terms can be sent to
<a class="footer-link" href="mailto:info@squaremcp.com">info@squaremcp.com</a>.
<br>HERONS LLC, 10704 NW 51 St, Coral Springs, FL 33076.
</p>
</section>
<div class="legal-note">
These Terms are a practical baseline for the current SquareMCP pilot site. They should be
reviewed by counsel before broad commercial rollout or regulated-enterprise contracting.
</div>
</article>
</main>
</body>