Privacy Policy

PatchOps Privacy Policy

PatchOps is a custom-built MCP management platform. This page explains the data we need to run your dashboard and MCP workflows. We never sell user data.

Last updated: March 3, 2026
Quick Summary
  • We collect only what we need to run your dashboard and MCP connections.
  • Stored connection credentials and tokens are encrypted.
  • We track tool usage so your analytics and billing stay accurate.
  • You decide which third-party providers to connect.
  • We never sell your data.
Table of Contents
Data We CollectHow We Use DataSharing & DisclosureSecurity & RetentionYour ChoicesChildren's PrivacyInternational UsersGoverning LawContact

This Privacy Policy explains how PatchOps (“we,” “us,” “our”) collects, uses, and protects information across the PatchOps website, dashboard, APIs, MCP servers, code execution features, and connected integrations (collectively, the “Service”). We keep data collection focused on what is needed to run the dashboard, power MCP workflows, and keep accounts secure.

Data We Collect

We collect information necessary to provide the dashboard and integrations you use, keep the Service reliable, and comply with legal obligations.

Account & Profile

  • Name, email, and profile details so we can create your account and show them in the dashboard.
  • Role, account status, and login timestamps so we can manage access.

Authentication & OAuth

  • OAuth identifiers, tokens, scopes, and expirations so your connected providers stay linked.
  • Session cookies and JWT data to keep your sessions secure.

Connections & Credentials

  • Connection names, provider type, MCP server URLs, and instance IDs so the dashboard can manage each integration.
  • API keys and tokens you provide, stored in encrypted form so calls can be made on your behalf.

Usage, Analytics & Logs

  • Tool call metadata (provider, tool name, timing, success) so we can show usage analytics and support billing.
  • Prompt sessions and code execution inputs so MCP workflows can be tracked and improved.
  • IP address, device/browser identifiers, and user agent to keep accounts secure and troubleshoot issues.

Billing & Payments

  • Plan name, usage totals, and overage settings so invoices and limits are accurate.
  • Stripe customer and subscription IDs. Payment card data is handled directly by Stripe.

Communications

  • Support requests, feedback, and delivery status for emails we send you.
  • Waitlist submissions when applicable.

How We Use Data

  • Power the dashboard and MCP workflows you use.
  • Authenticate users, secure sessions, and protect credentials.
  • Operate MCP servers, route tool calls, and show usage analytics.
  • Debug issues, keep uptime reliable, and maintain audit logs.
  • Calculate usage limits, overages, and subscription billing.
  • Send account, billing, and security notifications.
  • Comply with legal obligations and enforce our Terms.

Sharing & Disclosure

We do not sell user data. We share information only as needed to provide the Service and your dashboard:

  • Service providers for hosting, databases, and email delivery (e.g., Supabase, Azure Communication Services).
  • Payment processing via Stripe for subscriptions and invoices.
  • Third-party connectors you enable (e.g., Corva, Enverus, GeoForce, Google, Microsoft, and similar providers).
  • Legal or regulatory requests when required by law.
  • Business transfers in the event of a merger, acquisition, or asset sale.

Security & Retention

We use encryption for stored credentials and secure cookies for sessions. We retain data only as long as necessary for the purposes described in this policy.

Retention Periods

  • Account data — retained for the duration of your account plus 30 days after deletion to allow for recovery.
  • Tool call and usage logs — retained for 12 months for analytics and billing accuracy, then automatically purged.
  • Prompt sessions and code execution logs — retained for 12 months, then automatically purged.
  • Billing and payment records — retained for 7 years to meet tax and accounting obligations.
  • OAuth tokens — access tokens expire after 1 hour; refresh tokens expire after 30 days. Expired tokens are cleaned up automatically.
  • Audit logs — retained for 24 months for security and compliance purposes.

You can request early deletion of your data by contacting support. Account deletion removes all associated data except where retention is required by law.

Your Choices

  • Update account information and manage connection settings in your dashboard.
  • Revoke OAuth access at any time through your provider or in PatchOps.
  • Opt out of non-essential emails and usage alerts where available.
  • Request account deletion or data export by contacting support.

Children's Privacy

PatchOps is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will delete that information promptly. If you believe a child has provided us with personal data, please contact us at support@patchops.ai.

International Users

PatchOps and its service providers may process data in multiple regions, including the United States, to keep the Service reliable. If you are located in the European Economic Area (EEA), United Kingdom, or other regions with data protection laws, you may have the right to access, correct, delete, or port your personal data, as well as the right to restrict or object to certain processing. To exercise these rights, contact us at support@patchops.ai. We process data based on your consent, contractual necessity, or our legitimate interests in operating the Service.

Governing Law

This Privacy Policy is governed by the laws of the State of Texas, United States, without regard to conflict of law provisions.

Contact

Questions about privacy? Email us at support@patchops.ai.