Privacy Policy

Effective Date: April 1, 2026 · Last Updated: April 1, 2026

1. Introduction

Cyber Craft Solutions LLC ("CCS," "we," "us," or "our") operates CraftedTrust ("Service"), a security intelligence layer for MCP trust decisions. This Privacy Policy explains how we collect, use, store, and protect information when you use our Service at mcp.craftedtrust.com.

2. Information We Collect

2.1 Information You Provide

  • Server URLs: When you submit an MCP server for scanning, we collect the URL you provide.
  • Email Addresses: When you sign up for waitlists, certification notifications, or publisher accounts, we collect your email address.
  • Publisher Review Data: When you purchase Assisted Review or apply for certification, we collect publisher information, server details, and payment information (processed by Stripe - we do not store credit card numbers).

2.2 Information We Generate

  • Scan Results: When we scan an MCP server, we generate and store trust scores, factor breakdowns, discovered tools/resources, network behavior data, and other scan findings.
  • Usage Metadata: We collect IP addresses for rate limiting purposes only. These are stored temporarily and automatically purged.

2.3 Information We Do NOT Collect

  • We do not use cookies for tracking or advertising.
  • We do not use third-party analytics services (no Google Analytics, no Mixpanel, no Facebook Pixel).
  • We do not use ad networks or sell data to third parties.
  • We do not track browsing behavior across other websites.

3. How We Store Your Data

All data is stored in Cloudflare D1, a serverless SQLite database running on Cloudflare's global edge network. Data is encrypted at rest using Cloudflare's infrastructure-level encryption. We do not operate our own database servers.

4. How We Use Your Data

  • Scan Results: Published in the CraftedTrust registry to help the community make informed decisions about MCP server safety.
  • Email Addresses: Used solely to notify you about features you signed up for (certification availability, dashboard access). We will never sell your email or send unsolicited marketing.
  • IP Addresses: Used only for rate limiting API requests. Not logged permanently.

5. Data Sharing

We do not share personal data with third parties. Scan results (server URLs and trust scores) are public by design. Public certification status is also public when a server is Standard Certified or Premium Certified.

We use Stripe for self-serve payment processing. When you purchase Assisted Review or certification, Stripe collects and processes your payment information under their own privacy policy. Custom enterprise scope may be handled by invoice or custom written terms.

6. Data Retention

  • Scan Results: Retained indefinitely as part of the public registry.
  • Waitlist Emails: Retained until the feature launches and you are notified, or until you request deletion.
  • Rate Limit Data: Automatically purged within 1 hour.

7. Your Rights

7.1 GDPR (European Users)

If you are located in the European Economic Area, you have the right to:

  • Access, correct, or delete your personal data
  • Object to or restrict processing of your data
  • Data portability
  • Withdraw consent at any time

7.2 California Privacy Rights (CCPA/CPRA)

California residents have the right to:

  • Know what personal information we collect
  • Request deletion of personal information
  • Opt-out of the sale of personal information (we do not sell personal information)
  • Non-discrimination for exercising privacy rights

8. Data Deletion Requests

To request deletion of your personal data, contact us at:
cyber.craft@craftedcybersolutions.com

We will process deletion requests within 30 days.

9. Cookies

CraftedTrust does not currently use cookies. If we add analytics or session management in the future, this policy will be updated and you will be notified.

10. Children's Privacy

CraftedTrust is not directed at children under 13. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date.

12. Contact

Cyber Craft Solutions LLC
Email: cyber.craft@craftedcybersolutions.com