← local-mcp.com

Privacy Policy

Last updated: April 2, 2026

Overview

LMCP is designed from the ground up to keep your data on your machine. The core product — reading email, calendar, contacts, Teams messages, files, and other Mac apps — runs entirely locally. No personal data from these sources is ever transmitted to our servers or any third party.

What data LMCP does NOT collect

  • Email content, subjects, senders, or recipients
  • Calendar events, titles, attendees, or locations
  • Contact names, emails, or phone numbers
  • Microsoft Teams messages, channels, or chat content
  • OneDrive or local file contents
  • Notes, iMessages, or Safari bookmarks
  • OmniFocus tasks or project details
  • Any data processed by MCP tools at runtime

All tool execution happens on your Mac via local APIs (JXA, AppleScript, EventKit). The AI client (Claude Desktop, Cursor, etc.) receives results directly — nothing passes through our infrastructure.

What data we do collect

1. Anonymous heartbeats

Every 6 hours, the running server sends a heartbeat to our backend containing: server version, macOS version, CPU architecture (arm64/x86_64), approximate uptime, and a hashed machine identifier derived from your hardware UUID (not reversible to your identity). No personal information is included.

Heartbeats are used to: detect outdated versions and push updates, understand platform distribution (Apple Silicon vs Intel), and measure overall product health.

2. Installation events

When you run the installer, we record: npm package version, macOS version, CPU architecture, Node.js version, which AI clients were configured, your approximate location (city/country via IP geolocation), and an anonymous machine ID. Your IP address is used only for geolocation and is not stored.

3. License information

We store your email address and license key to allow the app to verify that it is authorized to run. No payment data is stored on our servers. License validation requires an outbound request from your Mac to verify the key is active.

4. Feedback and bug reports

If you submit a bug report or feature request via the report_bug or request_feature tools, we store the message text, server version, and optionally your email address if provided. This data is used only to respond to your report.

5. Website analytics

The local-mcp.com website uses Cloudflare Web Analytics — a cookieless, privacy-preserving analytics tool. It collects page views, referrer URLs, and country-level location. No cookies are set. No personal data is collected. No data is shared with advertising networks.

Cloud Relay (optional)

The Cloud Relay feature allows AI clients that cannot reach localhost (ChatGPT, Claude.ai web) to connect to your local MCP server via an encrypted WebSocket tunnel. When active, MCP requests are proxied through our infrastructure — but the content of tool responses (email, files, etc.) passes through encrypted and is never stored. The relay only persists your email address to maintain the tunnel association.

The Cloud Relay is opt-in and disabled by default. You can disable it at any time from the Settings page.

Data retention

  • Heartbeat records: 90 days rolling
  • Installation events: retained for product analytics, anonymized after 12 months
  • Account records: retained for account duration + 1 year
  • Feedback reports: retained until resolved or deleted on request

Third-party services

  • Railway — backend API hosting (EU and US regions).
  • Cloudflare — CDN, DNS, R2 storage for binary distribution, and website analytics.

None of these services receive your personal Mac data (email, calendar, files, etc.).

GDPR & data protection

Because LMCP processes personal data exclusively on your device, it is inherently compliant with GDPR, CCPA, and similar regulations. The data controller for any personal data we do hold (license email, feedback) is Colibird.

You have the right to: access the personal data we hold about you, request deletion of your data, and withdraw consent at any time. To exercise these rights, email [email protected].

Security

The local MCP server generates a unique random API key per installation to prevent unauthorized local access. All communication with our backend uses HTTPS/TLS. The Cloud Relay uses end-to-end encrypted WebSocket connections.

Changes to this policy

We may update this policy as the product evolves. Material changes will be announced via the in-app update mechanism. The "last updated" date at the top of this page always reflects the current version.

Contact

Questions about this policy: [email protected]
General support: [email protected]