MetricDuck MCP Server Privacy Policy

Overview

The MetricDuck MCP Server is a tool that allows AI assistants (like Claude, Cursor, and Windsurf) to access financial data from MetricDuck's API. This privacy policy describes what data is collected when you use the MCP server.

Data Collection

When you use the MetricDuck MCP Server, we collect the following information:

1. API Usage Logs

We automatically log:

• Endpoint accessed (e.g., /api/v1/companies/AAPL/overview)
• Timestamp of request
• Your user ID (from your MetricDuck account)
• Client type (MCP, web, or API)
• Tool name used (e.g., get_company_overview)
• Ticker symbols queried (e.g., AAPL, MSFT)
• Search queries submitted
• Response time and HTTP status code
• IP address and User-Agent string

2. No MCP Conversation Data

Important: We do NOT collect or store:

• Your conversations with Claude or other AI assistants
• The prompts you type to your AI assistant
• The responses Claude generates for you

We only see the API requests the MCP server makes on your behalf. Your conversations with AI assistants remain private between you and the AI provider (Anthropic, Cursor, etc.).

How We Use Your Data

We use the collected data to:

• Monitor API usage and enforce quota limits
• Improve the MCP server's performance and reliability
• Identify which features are most valuable to users
• Detect and fix bugs or coverage gaps
• Prevent abuse and ensure fair usage
• Provide customer support

Data Retention

• API usage logs: Retained for 90 days, then automatically deleted
• Aggregated analytics: Retained indefinitely (e.g., "Tool X was used Y times in total")
• Account data: Retained while your account is active

You can request deletion of your data at any time by contacting [email protected]

Data Sharing

We do NOT sell or share your data with third parties, except:

• To comply with legal requirements (e.g., subpoena, court order)
• To protect our rights, safety, or property
• With service providers who help operate our systems (e.g., Supabase for database hosting, Google Cloud for API hosting)

Service providers are contractually required to protect your data and use it only for providing services to us.

Your Rights

You have the right to:

• Access your data: Request a copy of your API usage logs
• Delete your data: Request deletion of your usage logs
• Opt out of analytics: Contact support to exclude your data from aggregated analytics
• Cancel your account: Delete your MetricDuck account at any time
• Export your data: Download your usage data in CSV format

To exercise these rights, contact us at [email protected]

Security

We take reasonable measures to protect your data:

• All API communication uses HTTPS/TLS encryption
• API keys are hashed and stored securely
• Access to logs is restricted to authorized personnel only
• Regular security audits and updates

However, no method of transmission over the Internet is 100% secure. Use the service at your own risk.

Children's Privacy

The MetricDuck MCP Server is not intended for use by children under 13 years old. We do not knowingly collect data from children. If you believe we have collected data from a child, contact us immediately at [email protected]

International Users

MetricDuck is based in the United States. Your data may be transferred to and processed in the United States or other countries where our service providers operate. By using the MCP server, you consent to this transfer.

If you are in the European Union, you have additional rights under GDPR. Contact [email protected] for more information.

Contact Us

Questions about this privacy policy? Contact us:

• Email: [email protected]
• Website: https://metricduck.com
• Discord: https://discord.gg/metricduck (coming soon)

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by:

• Posting the new policy on this page
• Updating the "Effective Date" at the top
• Sending an email to your registered email address (for material changes)

Check this page periodically for updates. Continued use of the MCP server after changes constitutes acceptance of the updated policy.

GDPR & CCPA Compliance

For European Union Users (GDPR)

Under GDPR, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Erase your data ("right to be forgotten")
• Restrict processing of your data
• Data portability (receive your data in machine-readable format)
• Object to processing
• Lodge a complaint with your supervisory authority

For California Users (CCPA)

Under CCPA, you have the right to:

• Know what personal information is collected
• Know if personal information is sold or disclosed (we do not sell data)
• Access your personal information
• Delete your personal information
• Opt-out of sale of personal information (not applicable - we don't sell data)
• Non-discrimination for exercising your rights

To exercise these rights, contact [email protected] with "GDPR Request" or "CCPA Request" in the subject line.