Privacy Policy

Privacy Policy

Last Updated: August 10, 2025

1. Introduction

Welcome to WeaveMCP ("Company," "we," "us," or "our"), a service operated by Sparkle Partners, LLC. We are committed to protecting your privacy and ensuring that your personal data is handled transparently.

This Privacy Policy explains how we collect, use, store, and share information when you use our website weavemcp.com, our web application console.weavemcp.com, the Weave Agent, the Weave CLI, and other related services (collectively, the “Services”). Our Services are intended for customers located and operating within the United States.

By accessing our Services, you agree to this Privacy Policy. If you do not agree, please do not use our Services.


2. Information We Collect

WeaveMCP collects data necessary to provide our connectivity and governance services. We categorize this data into two types:

a) Account and Configuration Data (Directly Provided)

When you create an account or configure our Services, we collect:

  • User Information: Your full name and email address.
  • Company Information: Your company's name (if applicable), used for billing and account organization.
  • Authentication Information: Data required to secure your account, which may include a securely hashed password or authentication tokens from third-party identity providers (e.g., Google, GitHub).
  • Connector Configuration: Information required to connect to public tools and services, which may include OAuth tokens or API keys.
  • Third-Party Service Permissions: When you authorize a connection to a third-party service (e.g., GitHub), we receive an authentication token associated with your user account for that service. The scope of our access and the actions we can perform on your behalf are determined by the permissions granted to your user account on that third-party service.
  • Weave Agent Configuration: Metadata about your deployed Weave Agent, such as its version and connection status.

Important Note on Credentials: For public connectors, we use industry-standard OAuth where possible to avoid handling your passwords.

b) Usage and Operational Data (Automatically Collected)

As you use our Services, we automatically collect:

  • Audit Log Metadata: To provide governance and observability, we collect metadata about MCP tool usage. This includes the user who initiated the call, the tool that was called, the timestamp, and the success/failure status.
  • Weave Agent Health Metrics: We collect operational data from the Weave Agent, such as uptime, resource usage, and error logs, to ensure its stability and performance.
  • Website and App Analytics: When you interact with our website or web application, we may collect your IP address, browser type, device information, and usage patterns to improve our Services.

3. How We Use Your Information

We use the collected data to:

  • Provide, operate, and maintain the Services.
  • Manage and proxy MCP connections through your Unified Weave Endpoint.
  • Provide you with centralized audit logs and connection health dashboards.
  • Monitor the health and performance of the Weave Agent.
  • Communicate with you regarding your account, support requests, updates, and security notices.
  • Improve and optimize the user experience of our website and applications.
  • Process payments and manage subscriptions.
  • Ensure compliance with legal, security, and contractual requirements.

We do not sell or rent your personal information to third parties.


4. Legal Basis for Processing Personal Data

We process personal data based on our interest in providing and improving the Services, and to fulfill our contractual obligations to you as a customer.


5. How We Share Your Information

We may share your information only in the following limited circumstances:

  • Service Providers (Sub-processors): We use third-party companies to host our infrastructure, process payments, and provide other essential services. These providers are bound by strict confidentiality and data protection agreements.
  • Legal Compliance: If required by law, subpoena, or other valid legal process.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new entity, subject to the terms of this Privacy Policy.

6. Third-Party Service Providers (Sub-processors)

We rely on the following third-party service providers to deliver our Services:

Provider Purpose Data Shared Location
Amazon Web Services (AWS) Cloud hosting for app infrastructure Account data, configurations, logs U.S.
Cloudflare Website hosting, CDN & security IP address, browser metadata Global
PostHog Product analytics & usage monitoring IP address, usage patterns, user ID U.S.
Crisp Customer support & communication Name, email, conversation history E.U.
Stripe Payment and subscription billing Name, email, billing information. We do not store or access full credit card data. U.S.

7. Data Retention

We retain your data only for as long as necessary to provide our Services or comply with legal obligations.

  • Account and Configuration Data: Retained for the lifetime of your active account. Data is scheduled for deletion within 30 days after you delete your account.
  • Audit Log Metadata: Retained for a limited period (e.g., 90 days) to provide you with historical observability, then securely deleted or anonymized.
  • Inactive Accounts: We may delete accounts and associated data after 12 months of inactivity.
  • Backup and Legal Archives: Certain data may be retained in secure backup archives for a longer period to comply with disaster recovery and legal requirements.

8. Data Location

Our services are hosted and operated exclusively within the United States. By using the Services, you consent to the processing and storage of your data in the United States.


9. Data Security

We implement industry-standard technical and organizational security measures to protect your data, including:

  • Encryption of data in transit (TLS) and at rest.
  • Secure access controls and role-based permissions for our internal systems.
  • Regular security monitoring and vulnerability scanning.

While we take extensive measures to secure your data, no online service can guarantee 100% security.


10. Your Rights

Depending on your location and applicable law, you may have certain rights regarding your personal data, such as the right to request access to or deletion of your data. To inquire about your rights, please contact us at privacy@weavemcp.com.


11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our website and application to provide essential functionality and to gather analytics that help us improve our service. You can control cookie preferences through your browser settings.


12. Children’s Privacy

Our Services are not intended for or directed at children under the age of 16. We do not knowingly collect personal data from minors.


13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make significant changes, we will notify you via email or by posting a prominent notice on our website.


14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

📧 Email: privacy@weavemcp.com
🌐 Website: weavemcp.com

WeaveMCP c/o Sparkle Partners, LLC

Ready to Securely Connect Your Data?

Deploy your first Weave Agent and connect a private database in minutes.
Start your full-featured free trial today.

Sign Up For Free
(No Credit Card Needed)Contact Us
The Agentic Infrastructure Digest

Get product updates, security best practices, and technical deep-dives on the evolving MCP ecosystem.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Home
Pricing
Documentation
Sign In
See a Demo
Contact Us
Privacy Policy
Terms & Conditions
© 2025 WeaveMCP - All rights reserved