Privacy Policy
Last updated: March 31, 2026
1. Introduction & Controller Identity
This Privacy Policy explains how Micipi LTD (“Micipi,” “we,” “us,” or “our”), a company incorporated in England and Wales under company number 16314495, collects, uses, stores, and protects your personal data when you use the Micipi platform at micipi.com (the “Service”).
Micipi LTD is the data controller responsible for your personal data. If you have any questions about this Privacy Policy or our data practices, you may contact us at support@micipi.com.
2. Legal Basis
We process personal data in compliance with applicable data protection legislation, including the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), the California Consumer Privacy Act (CCPA), and the Brazilian Lei Geral de Proteção de Dados (LGPD). The specific legal bases for each processing activity are detailed in Section 5.
3. What We Collect
3.1 Account Information
When you create an account via Clerk (our third-party authentication provider), we collect your email address, display name, and profile information you choose to provide. Clerk may also provide us with your authentication identifiers and account metadata.
3.2 Usage Data
We automatically collect information about how you interact with the Service, including pages visited, features used, actions taken, timestamps, referring URLs, and session duration.
3.3 Device and Browser Information
We collect information about the device and browser you use to access the Service, including IP address, browser type and version, operating system, device type, screen resolution, and language preferences.
3.4 Payment Information
Payment processing is handled by Stripe. We do not store your credit card numbers or full payment details on our servers. We receive and store limited billing information from Stripe, such as the last four digits of your card, card brand, billing address, and transaction history, for record-keeping and support purposes.
3.5 MCP Server Content and Metadata
When you create, publish, or deploy MCP servers through the Service, we collect and store the server code, configuration files, metadata (name, description, version, tags), and associated analytics (usage statistics, error logs).
3.6 AI Interaction Data
When you use AI-assisted features of the Service, we collect the prompts you submit, the generated content and responses, and associated metadata such as timestamps and feature context. This data is used to provide the Service and may be used in anonymised form to improve our AI capabilities.
3.7 Cookies and Similar Technologies
We use cookies and similar technologies to provide essential functionality, remember your preferences, and understand how the Service is used. For details, see Section 12.
4. How We Use Data
We use the personal data we collect for the following purposes:
- Service Provision: To create and manage your account, deliver the features you request, process transactions, and provide customer support.
- Service Improvement: To understand how users interact with the Service, identify issues, and develop new features and functionality.
- Security: To detect, prevent, and respond to fraud, abuse, security incidents, and other harmful activity.
- Billing: To process payments, manage subscriptions, track credit usage, and maintain financial records.
- Communication: To send you transactional emails (receipts, account notifications, security alerts), and, where you have opted in, marketing communications about new features and updates.
- Legal Compliance: To comply with applicable laws, regulations, and legal processes, and to enforce our Terms of Service.
5. Legal Bases for Processing
Under the UK GDPR and EU GDPR (Article 6), we rely on the following legal bases for processing your personal data:
- Performance of Contract (Article 6(1)(b)): Processing necessary for the performance of our contract with you (the Terms of Service), including account management, service delivery, and billing.
- Legitimate Interests (Article 6(1)(f)): Processing necessary for our legitimate interests, such as improving the Service, ensuring security, and preventing fraud, where these interests are not overridden by your rights and freedoms.
- Consent (Article 6(1)(a)): Where you have given consent, such as for marketing communications or optional analytics. You may withdraw consent at any time.
- Legal Obligation (Article 6(1)(c)): Processing necessary to comply with legal obligations, such as financial record-keeping requirements.
6. Sub-Processors
We share personal data with the following third-party sub-processors to operate the Service:
| Processor | Purpose | Location |
|---|---|---|
| Cloudflare | CDN, edge hosting, DDoS protection | Global |
| Stripe | Payment processing | US |
| Clerk | Authentication | US |
| Neon | Database hosting | US |
| Vercel | Web hosting, analytics | US |
Each sub-processor is contractually obligated to process personal data only as necessary to provide their services to us and in accordance with applicable data protection law.
7. International Data Transfers
As several of our sub-processors are located in the United States, your personal data may be transferred to and processed in countries outside the United Kingdom and the European Economic Area. Where such transfers occur, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission;
- The UK International Data Transfer Agreement (IDTA) or UK Addendum to the EU SCCs;
- Adequacy decisions where applicable.
You may request a copy of the relevant transfer mechanism by contacting us at support@micipi.com.
8. Data Retention
We retain your personal data for the following periods:
- Account data: For the duration of your account plus thirty (30) days after account deletion.
- Billing and financial records: Seven (7) years, as required by applicable financial and tax regulations.
- Server and application logs: Ninety (90) days.
- Deleted account data: Purged within thirty (30) days of account deletion, except where retention is required by law.
After the applicable retention period expires, personal data is securely deleted or anonymised.
9. Your Rights
9.1 UK and EEA Residents
Under the UK GDPR and EU GDPR, you have the following rights:
- Access: The right to obtain confirmation of whether we process your personal data and to request a copy of that data.
- Rectification: The right to request correction of inaccurate or incomplete personal data.
- Erasure: The right to request deletion of your personal data, subject to legal retention requirements.
- Portability: The right to receive your personal data in a structured, commonly used, and machine-readable format.
- Restriction: The right to request restriction of processing in certain circumstances.
- Objection: The right to object to processing based on legitimate interests or for direct marketing purposes.
- Withdraw Consent: Where processing is based on consent, the right to withdraw consent at any time without affecting the lawfulness of prior processing.
- Lodge a Complaint: The right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk or your local supervisory authority.
9.2 California Residents (CCPA)
If you are a California resident, you have the following rights under the CCPA:
- Right to Know: The right to request information about the categories and specific pieces of personal information we have collected about you.
- Right to Delete: The right to request deletion of your personal information, subject to certain exceptions.
- Right to Opt-Out of Sale: We do not sell your personal information. If this changes, we will provide an opt-out mechanism.
- Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
9.3 Brazil Residents (LGPD)
If you are a resident of Brazil, you have the following rights under the LGPD:
- Confirmation of the existence of processing;
- Access to your personal data;
- Correction of incomplete, inaccurate, or outdated data;
- Anonymisation, blocking, or deletion of unnecessary or excessive data;
- Portability of your data to another service provider;
- Deletion of data processed with your consent;
- Information about public and private entities with which your data has been shared;
- Information about the possibility of denying consent and the consequences thereof.
9.4 Exercising Your Rights
To exercise any of these rights, please contact us at support@micipi.com. We will respond to your request within the timeframe required by applicable law (typically thirty days). We may need to verify your identity before processing your request.
10. AI Processing Disclosure
The Service uses artificial intelligence to assist with MCP server creation, code generation, and other functionality. When you use AI-assisted features:
- Your prompts and inputs are processed by AI models to generate responses and content;
- AI-generated content is provided without guarantee of accuracy — you are responsible for reviewing and validating all AI output before use;
- AI interaction data (prompts and generated responses) may be used in anonymised and aggregated form to improve the Service and our AI capabilities;
- We do not use your personal data to train third-party AI models without your explicit consent.
11. Children
The Service is intended for users who are at least eighteen (18) years of age. We do not knowingly collect personal data from children under 18. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that data promptly. If you believe that a child under 18 has provided personal data to us, please contact us at support@micipi.com.
12. Cookies
We use the following categories of cookies:
- Essential Cookies: Required for the Service to function, including authentication session cookies provided by Clerk. These cannot be disabled.
- Analytics Cookies: Used by Vercel Analytics to collect anonymised usage data to help us understand how the Service is used and to improve performance.
- Preference Cookies: Used to remember your settings and preferences, such as your selected theme (light/dark mode).
You can manage cookie preferences through your browser settings. Please note that disabling essential cookies may impair the functionality of the Service.
A detailed cookie policy may be published separately at a future date.
13. Security Measures
We implement appropriate technical and organisational measures to protect your personal data, including:
- Encryption of data in transit (TLS/SSL) and at rest;
- Access controls and role-based permissions for internal systems;
- Regular security assessments and vulnerability scanning;
- Secure development practices and code review;
- Incident response procedures for data breaches.
While we take reasonable measures to protect your data, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.
14. Do Not Track
We honour Do Not Track (DNT) signals sent by your browser. When we detect a DNT signal, we disable non-essential analytics and tracking for your session.
15. Changes to Policy
We may update this Privacy Policy from time to time. We will provide at least thirty (30) days’ notice of any material changes by posting the revised policy on the Service and, where practicable, notifying you by email. The “Last updated” date at the top of this policy indicates when the latest revisions were made.
Your continued use of the Service after the revised policy becomes effective constitutes your acceptance of the changes.
16. Contact
If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have a complaint, please contact us:
- Company: Micipi LTD (Company Number: 16314495)
- Email: support@micipi.com
- Data Protection Officer: support@micipi.com
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk, or with your local data protection supervisory authority.