yuukiii/hermes-mcp
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
f084be6bc64b0e767537cc640a0e580ecf63e1b0
hermes-mcp/product/site/privacy.html

167 lines
8.9 KiB
HTML
Raw Blame History

<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>Privacy Policy — SquareMCP</title>
<meta
name="description"
content="SquareMCP privacy policy — how we handle your account data, connected platform credentials, and content when you use SquareMCP with Claude or ChatGPT."
/>
<link rel="stylesheet" href="./styles.css?v=20260505b" />
</head>
<body class="legal-shell">
<nav class="topbar">
<div class="wrap topbar-row">
<a class="brand" href="/">
<img class="brand-logo" src="./squaremcp-logo.svg" alt="" />
<span class="brand-text">SquareMCP</span>
</a>
<div class="topbar-actions">
<a class="topbar-link" href="/terms">Terms</a>
<a class="button secondary" href="mailto:info@squaremcp.com">Contact</a>
</div>
</div>
</nav>
<main class="legal-main">
<article class="legal-card">
<div class="legal-eyebrow">Legal</div>
<h1 class="legal-title">Privacy Policy</h1>
<p class="legal-subhead">Last updated June 12, 2026</p>
<section class="legal-section">
<h2>Scope</h2>
<p>
This Privacy Policy describes how SquareMCP (operated by HERONS LLC) collects, uses, and
protects information when you use squaremcp.com, app.squaremcp.com, or the SquareMCP MCP
server at hermes.squaremcp.com. This includes when you connect SquareMCP to Claude,
ChatGPT, or other AI systems.
</p>
</section>
<section class="legal-section">
<h2>Information we collect</h2>
<p>We collect:</p>
<ul>
<li><strong>Account information</strong> — your email address and password when you create a SquareMCP account at app.squaremcp.com.</li>
<li><strong>Connected platform credentials</strong> — API keys, OAuth access tokens, app passwords, and account identifiers for platforms you choose to connect (Obsidian, email accounts, Facebook Pages, Instagram Business accounts, and others). These are stored encrypted and used only to execute the actions you request.</li>
<li><strong>Request logs</strong> — records of tool calls made through SquareMCP, including which platform was called, timestamp, and outcome. We do not log the full content of emails, notes, or social media posts.</li>
<li><strong>Communications</strong> — emails or messages you send to info@squaremcp.com or through the site contact form.</li>
</ul>
</section>
<section class="legal-section">
<h2>How AI systems interact with your data</h2>
<p>
SquareMCP acts as a bridge between AI systems (such as Claude by Anthropic and ChatGPT by
OpenAI) and your connected accounts. When you authorize SquareMCP from within an AI assistant:
</p>
<ul>
<li>The AI system sends requests to SquareMCP describing what action to perform (e.g., "search notes for topic X", "post to Facebook page").</li>
<li>SquareMCP uses your stored credentials to carry out the action on your behalf.</li>
<li>Results are returned to the AI system so it can respond to you.</li>
</ul>
<p>
SquareMCP does not train AI models on your data. SquareMCP does not share your connected
platform content or credentials with AI providers — the AI system sends instructions to
SquareMCP; SquareMCP sends results back to the AI system. What the AI provider does with
those results is governed by that provider's own privacy policy (Anthropic's for Claude;
OpenAI's for ChatGPT).
</p>
</section>
<section class="legal-section">
<h2>Connected platforms and what we access</h2>
<p>When you connect a platform, SquareMCP accesses only what is needed to perform the actions you request:</p>
<ul>
<li><strong>Obsidian vault</strong> — note content, titles, and paths in your vault. SquareMCP can read, write, search, and append notes. Your vault is accessed via an API key you generate in your Obsidian configuration.</li>
<li><strong>Email (Gmail, Yahoo, IMAP/SMTP)</strong> — inbox messages, message content, and the ability to send email from your configured accounts. SquareMCP connects via IMAP for reading and SMTP for sending using credentials you provide. We do not store email content beyond what is needed to respond to your current request.</li>
<li><strong>Facebook Pages</strong> — your Facebook Business Page info, existing posts, and the ability to publish new posts and photos on your behalf. Access uses a Page access token you authorize via the Facebook Developer Console.</li>
<li><strong>Instagram Business</strong> — your Instagram Business account profile, media, and the ability to publish photos and reels. Access is linked to your Facebook Page authorization.</li>
<li><strong>Other platforms</strong> — LinkedIn, Twitter/X, TikTok, WhatsApp, Telegram, Discord, and Slack integrations follow the same principle: SquareMCP uses only the credentials and permissions you explicitly provide and performs only the actions you request.</li>
</ul>
<p>
You can disconnect any platform at any time from app.squaremcp.com. Disconnecting removes
stored credentials for that platform.
</p>
</section>
<section class="legal-section">
<h2>How we use information</h2>
<p>We use information to:</p>
<ul>
<li>authenticate your account and authorize AI system access via OAuth</li>
<li>execute platform actions you request through connected AI assistants</li>
<li>maintain request logs for debugging, security, and operational purposes</li>
<li>communicate about your account, service changes, and support</li>
</ul>
</section>
<section class="legal-section">
<h2>Sharing</h2>
<p>
We do not sell personal information. We do not share your connected platform content
or credentials with third parties except as required to operate the service (e.g., using
a cloud hosting provider). We may disclose information if required by law or to protect
the security of the service and its users.
</p>
</section>
<section class="legal-section">
<h2>OAuth and third-party authorization</h2>
<p>
SquareMCP uses OAuth 2.0 to authorize AI systems (Claude, ChatGPT) to access your
SquareMCP account. When you complete an OAuth flow from an AI assistant, you are granting
that AI system permission to call SquareMCP tools on your behalf. You can revoke this
access at any time by disconnecting the AI system from app.squaremcp.com.
</p>
<p>
SquareMCP does not have access to your Anthropic or OpenAI account credentials.
</p>
</section>
<section class="legal-section">
<h2>Data retention</h2>
<p>
Account data and connected platform credentials are retained as long as your account is
active. Request logs are retained for up to 90 days for operational and security purposes.
You may request deletion of your account and associated data at any time by emailing
<a href="mailto:info@squaremcp.com">info@squaremcp.com</a>.
</p>
</section>
<section class="legal-section">
<h2>Security</h2>
<p>
Connected platform credentials are stored encrypted. We use HTTPS for all communications.
Webhook endpoints use HMAC signature validation. OAuth tokens are stored server-side and
not exposed to the browser. No system can guarantee absolute security.
</p>
</section>
<section class="legal-section">
<h2>Your rights and choices</h2>
<p>You can:</p>
<ul>
<li>disconnect any connected platform at any time from app.squaremcp.com</li>
<li>revoke AI system OAuth access from app.squaremcp.com</li>
<li>request deletion of your account and data by emailing info@squaremcp.com</li>
<li>request a copy of data we hold about you</li>
</ul>
</section>
<section class="legal-section">
<h2>Contact</h2>
<p>
Questions about this Privacy Policy can be sent to
<a class="footer-link" href="mailto:info@squaremcp.com">info@squaremcp.com</a>.
<br>
HERONS LLC, 10704 NW 51 St, Coral Springs, FL 33076.
</p>
</section>
</article>
</main>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink