Privacy Policy
Last updated: March 2026
1. Information We Collect
We collect information you provide directly, including account information such as your name, email address, and authentication credentials. When you deploy MCP servers on our platform, we store server configuration data, tool definitions, and associated metadata. We also collect usage analytics including request logs, performance metrics, and feature interaction data to improve our services.
2. How We Use Your Data
Your data is used solely to provide, maintain, and improve the SmeltSec platform and its associated services. This includes operating your MCP servers, delivering security scan results, generating quality scores, and sending service notifications. We do not sell, rent, or trade your personal data or server configurations to third parties under any circumstances.
3. Security Scanning
To ensure platform safety, all MCP servers submitted to SmeltSec are subject to automated security analysis. This analysis includes static code scanning via Semgrep, secret detection via Gitleaks, vulnerability matching via OSV-Scanner, and LLM behavioral analysis to identify potentially harmful tool definitions. Scan results are stored and associated with your account. You may review your scan history at any time from your dashboard.
4. Data Retention
Data retention periods are determined by your subscription plan. Free plan accounts retain scan history and server logs for 30 days. Pro plan accounts retain data for 90 days. Enterprise plan accounts benefit from a 365-day retention period. Upon plan expiry or account deletion, data is permanently purged within 30 days. You may export your data at any time from the account settings page prior to deletion.
5. Contact
For privacy inquiries, contact privacy@smeltsec.com.