Privacy Policy

Last updated: May 4, 2026

Scope

This Privacy Policy applies to the BTNOMB MCP Service at mcp.btnomb.com and is part of the broader BTNOMB privacy framework. For the consolidated privacy policy covering all BTNOMB properties, see cleanroom.btnomb.com/privacy.

What We Collect

BTNOMB MCP Service collects the minimum data necessary to operate:

• Email address — submitted via the library submission form for delivery notifications
• Library names and descriptions — submitted for MCP conversion (to fulfill your request)
• Wallet address — if you pay via USDC on Base (x402 protocol)
• Payment records — transaction hashes, credit balances, and purchase history
• Usage analytics — page views and session data via Google Analytics (anonymized IP)
• Server logs — IP address, user agent, timestamps (retained 90 days)

How We Use It

• To process and fulfill MCP conversion requests
• To send conversion status updates via email
• To process payments and manage credit balances
• To improve the platform based on usage patterns
• To comply with legal obligations

We do not use your data for advertising or profiling.

Third-Party Services

We share data with third parties only as necessary to operate the Service:

• Google Analytics — anonymized usage analytics (privacy policy)
• OpenRouter — AI pipeline for generating MCP servers. Library names and descriptions are sent for processing.
• Stripe — card payment processing. Card details never touch our servers. (privacy policy)
• Base L2 (Coinbase) — on-chain USDC payment settlement. Wallet addresses and transactions are publicly visible on-chain.
• Resend — email delivery (privacy policy)
• Cloudflare — CDN, DNS, DDoS protection (privacy policy)

We do not sell, rent, or share your personal data for marketing purposes.

Cookies

• Session cookies — for authentication and CSRF protection (expire on browser close)
• Google Analytics cookies — for anonymized usage analytics (_ga, _gid)
• Cloudflare cookies — for security and performance

Data Retention

• Account data (email, credits) — retained while active, 12 months after last activity
• Submission records (library names, conversion logs) — retained indefinitely for service improvement
• Payment records — 7 years for tax/accounting compliance
• Server logs — 90 days, then deleted

Your Rights (GDPR)

If you are in the EEA or UK, you have the right to: access, rectification, erasure, restriction, data portability, objection, and withdrawal of consent. Our legal bases are contract performance, legitimate interest, and consent. Email [email protected] to exercise these rights. We respond within 30 days.

Your Rights (CCPA)

If you are a California resident, you have the right to: know what data we collect, request deletion, correct inaccurate data, and opt out of sale (we do not sell data). Email [email protected]. We respond within 45 days.

International Transfers

Our servers are in the United States. For EEA/UK users, we rely on Standard Contractual Clauses for international data transfers.

Changes

We may update this policy. Material changes will be posted here with a revised date. Continued use constitutes acceptance.

Contact

Privacy questions or deletion requests: [email protected]