Privacy Policy

1. Introduction

This Privacy Policy explains how n8n-mcp ("we", "us", or "our") collects, uses, and protects your personal information when you use our hosted service. We are committed to protecting your privacy and being transparent about our data practices.

By using n8n-mcp, you agree to the collection and use of information in accordance with this policy. This policy should be read in conjunction with our Terms of Service.

GDPR & CCPA Compliance: This policy is designed to comply with the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).

2. Data Controller Information

Service Name: n8n-mcp Hosted Service
Operated by: Ai Advisors Romuald Czlonkowski (individual developer)
Location: Poland (European Union)
Contact: privacy@n8n-mcp.com

n8n-mcp is an independent, community-driven project. We are not affiliated with n8n.io (the workflow automation platform).

3. What Data We Collect

A. Account Information (via Auth0)

When you create an account, we collect:

• Email address (required) - For account authentication and important notifications
• Full name (optional) - For personalization
• OAuth provider information - If you sign in with Google, GitHub, or Microsoft
• Profile picture URL - From your OAuth provider, if available

B. API Keys (n8n-mcp)

We store information about your n8n-mcp API keys:

• Key hash (SHA-256) - We NEVER store plaintext keys
• Key prefix - First 10 characters for display (e.g., "nmcp_abc12...")
• Key metadata - Creation date, last used timestamp, active status
• Key name - Optional user-defined label

C. n8n Instance Configuration

IMPORTANT: Your n8n API credentials are encrypted and NEVER exposed to you after initial setup:

• Instance URL - Your n8n server address (e.g., https://n8n.example.com)
• n8n API key (encrypted) - Encrypted with AES-256-GCM, server-side only
• Instance status - Active/inactive flag
• Last validated - Timestamp of last successful connection test

D. Usage Data (Hosted Service)

We log all API requests for billing and rate limiting:

• Request metadata - Timestamp, user ID, MCP tool name, success/failure status
• Rate limit violations - When you exceed your tier limits
• Error messages - Technical errors only (NO workflow content or user data)
• IP address - Temporarily for rate limiting (not stored long-term)
• User agent - To identify which MCP client you're using (Claude Desktop, Cursor, Windsurf etc.)

E. Subscription Data (via Stripe)

If you subscribe to a paid tier:

• Stripe customer ID - Links your account to Stripe
• Subscription tier - Free, Supporter, or Enterprise
• Subscription status - Active, cancelled, past_due, etc.
• Billing period - Current period start/end dates

Note: Credit card details are handled entirely by Stripe and NEVER touch our servers.

F. Anonymous Telemetry (n8n-mcp Package)

The upstream n8n-mcp package (the MCP server running on our servers) collects anonymous telemetry:

• Hashed User ID - Machine-derived identifier (NOT traceable to you)
• Tool Usage Statistics - Which MCP tools you use, how often, and performance metrics
• Sanitized Workflow Patterns - Workflow structure ONLY (see Data Sanitization section)
• Error Categories - Error types without user data in messages

Purpose: This data helps us improve n8n-mcp for the entire community and create new services. All data is anonymized before collection.

G. What We DO NOT Collect

We explicitly DO NOT collect:

• Your n8n workflow contents or actual data/parameters
• Personal information within workflows (PII)
• API keys, tokens, or credentials from workflows
• URLs, endpoints, or hostnames from workflows
• Email addresses from workflow data
• File paths or directory structures
• Database connection strings
• Authentication information
• Credit card details (handled by Stripe only)
• Browsing history or cross-site tracking
• Device fingerprints

4. How We Use Your Data

Service Functionality

• Authentication - Verify your identity and maintain your session
• MCP Tool Execution - Execute n8n operations on your behalf
• Rate Limiting - Enforce tier-based usage limits
• Billing - Process subscription payments and manage your plan

Telemetry & Product Improvement

We use anonymized telemetry data to:

• Analyze usage patterns - Understand which features are most valuable
• Train AI models - Improve workflow suggestions, error detection, and tool recommendations (using sanitized patterns only)
• Identify bugs and errors - Analyze error categories to fix issues
• Optimize performance - Identify slow tools and bottlenecks
• Community benefit - improvements go back to the open-source n8n-mcp package

IMPORTANT: All telemetry data is anonymized and sanitized BEFORE collection. There is NO personally identifiable information (PII) in our telemetry data, and no way to identify individual users. If you decide to opt-our of telemetry or delete your account, we will record your anonymous identifier in our database for 30 days to ensure we can remove your data from our telemetry database. Even at that point, we cannot identify you as an individual user.

Communication

• Transactional emails - Account confirmations, password resets, billing notifications
• Service updates - Critical announcements, planned maintenance, security alerts
• Support requests - Respond to your questions and issues

Note: We do NOT send marketing emails or newsletters. All emails are strictly transactional.

What We DO NOT Do

• Sell your data to third parties
• Use your data for advertising
• Share data with partners (except service providers listed in Section 8)
• Track you across other websites
• Build user profiles for marketing

5. Data Sanitization Process

When collecting workflow patterns for telemetry, we automatically sanitize ALL sensitive data:

Example

Guarantees

• NO personal information in sanitized data
• NO way to reverse sanitization
• NO way to identify users from telemetry
• Automatic process (not manual review)
• Sanitization happens BEFORE data is saved to the telemetry database (in-memory)

6. Telemetry Opt-Out

You have full control over telemetry collection. You can opt-out at any time:

Dashboard Profile

1. Go to Account Profile
2. Find "Telemetry & Privacy" section
3. Toggle "Telemetry Collection" to OFF
4. Changes take effect immediately

What Happens When You Opt-Out

• NO telemetry sent to our servers
• NO workflow patterns collected
• NO usage statistics tracked
• Service continues to work normally
• We lose valuable data to improve the project for everyone

What Still Happens

• Account data still collected (required for service)
• Usage logs still created (required for billing/rate limiting)
• n8n credentials still encrypted and stored

Note: Opt-out applies to the n8n-mcp package (MCP server). Hosted service usage logs (API requests) cannot be disabled as they're required for billing and rate limiting.

7. AI Model Training

What We Train AI Models For

• Workflow pattern recognition - Suggest better workflow structures
• Error prediction - Identify common mistakes before they happen
• Tool recommendations - Suggest which n8n nodes work well together
• Performance optimization - Identify bottlenecks and inefficiencies

What Data Is Used

• ONLY sanitized, anonymized workflow patterns (see Section 5)
• NO personal information
• NO actual workflow data or parameters
• NO API keys, credentials, or sensitive info

How Models Are Trained

• Machine learning on aggregate patterns from thousands of users
• NO individual user data is identifiable

Your Rights

• Opt-out of telemetry to stop new data collection (see Section 6)
• Request deletion of your telemetry data (see Section 11)
• Cannot "un-train" models (data already processed into aggregates)

8. Third-Party Services

We use the following third-party services to operate n8n-mcp. Each has their own privacy policy:

Auth0 (Authentication)

• Purpose: User authentication, OAuth 2.1 flows, session management
• Data shared: Email, name, OAuth provider ID, authentication events
• Privacy Policy: https://auth0.com/privacy

Supabase (Database & Telemetry Storage)

• Purpose: PostgreSQL database, backend services, telemetry storage
• Data stored: ALL user data, usage logs, anonymized telemetry
• Location: European Union (EU data center)
• Encryption: At rest (Supabase-managed), in transit (TLS 1.3)
• Backups: Automatic daily (retained 7 days on free tier)
• Privacy Policy: https://supabase.com/privacy

Stripe (Payments)

• Purpose: Subscription billing, payment processing, invoicing
• Data shared: Email, customer metadata (user_id), subscription tier
• Data processed by Stripe: Credit card details, billing info (NEVER touches our servers)
• PCI Compliance: Stripe is PCI DSS Level 1 compliant
• Privacy Policy: https://stripe.com/privacy

Hetzner (Infrastructure Hosting)

• Purpose: Server hosting
• Location: Germany (EU data center)
• Data processed: All HTTP traffic, temporary logs
• GDPR: Compliant (EU-based company)
• Privacy Policy: https://www.hetzner.com/legal/privacy-policy

Services NOT Used

We explicitly do NOT use:

• Google Analytics or any analytics tracking
• Facebook/LinkedIn/Twitter tracking pixels
• Advertising networks
• Marketing automation platforms
• CRM systems (HubSpot, Salesforce, etc.)

9. Data Storage & Security

Encryption

• At rest: AES-256 (Supabase-managed)
• In transit: TLS 1.3 (HTTPS only)
• API keys: SHA-256 hashed (plaintext never stored)
• n8n credentials: AES-256-GCM encrypted (server-side only, per-user derived keys)
• Sessions: In-memory (ephemeral, cleared on restart), 1-hour TTL

Storage Infrastructure

• Primary database: Supabase PostgreSQL (EU data center)
• Backups: Daily automatic (retained 7 days)
• Server: Hetzner Germany
• Sessions: In-memory only (no disk storage)

Access Controls

• Developer access only (individual project, no team)
• Database: Row Level Security (RLS) policies
• API: Bearer token authentication (nmcp_ keys)
• Server: SSH keys only, no password authentication

Security Measures

We implement comprehensive security controls across all layers of our infrastructure:

Authentication & Authorization

• OAuth 2.1: Secure authentication via Auth0 with social login support (Google, GitHub)
• Session management: In-memory sessions with 1-hour TTL, automatic expiration and eviction
• CSRF protection: Built-in Auth0 protections against cross-site request forgery
• JWT validation: Token signature verification and expiration checks
• Authorization: Users can only access their own data (multi-tenant isolation)

API Key Security (Two-Tier System)

• n8n-mcp keys: SHA-256 hashed storage, timing-safe comparison, never logged in plaintext
• n8n credentials: AES-256-GCM encryption with per-user derived keys, decrypted server-side only
• Key rotation: Automated invalidation of old keys after rotation
• Secure generation: Cryptographically secure random key generation (no predictable patterns)

Database Security

• Row Level Security (RLS): PostgreSQL policies enforce data isolation per user
• Parameterized queries: All SQL queries use prepared statements (no SQL injection)
• Encryption at rest: AES-256 encryption managed by Supabase
• TLS connections: All database connections require SSL/TLS (sslmode=require)

Input Validation & Injection Prevention

• XSS protection: HTML encoding and Content Security Policy (CSP) headers
• SQL injection: Parameterized queries prevent all SQL injection attacks
• Command injection: No user input passed to shell commands
• API validation: Strict input validation on all endpoints (UUIDs, pagination, JSON payloads)

Rate Limiting & Abuse Prevention

• Per-user limits: 50 requests/minute (free tier), 100 requests/minute (supporter tier)
• IP-based limiting: Prevents single IP abuse and brute force attacks
• Rate limit headers: X-RateLimit-Limit and X-RateLimit-Remaining for transparency
• Account enumeration: Protected against email existence detection

SSL/TLS Configuration

• HTTPS enforcement: All HTTP traffic redirects to HTTPS
• TLS 1.3: Modern encryption protocol (TLS 1.0/1.1 disabled)
• Automatic certificates: Let's Encrypt via Caddy with auto-renewal
• HSTS headers: Strict-Transport-Security enforces HTTPS
• Certificate validation: Full chain verification (root, intermediate, leaf)

Infrastructure Security

• Docker isolation: Containers run as non-root user with minimal capabilities
• SSH hardening: Key-only authentication (no password login)
• Firewall rules: Only essential ports open
• Automated updates: Security patches applied automatically
• Fail2ban protection: Brute force attack prevention on SSH

Payment Security (Stripe)

• PCI DSS compliant: Stripe handles all credit card processing (Level 1 certified)
• Webhook validation: Signature verification prevents replay attacks
• No card storage: Credit card data never touches our servers
• 3D Secure: Enhanced authentication for card transactions

Monitoring & Scanning

• Dependency scanning: Automated vulnerability detection via Dependabot
• Container scanning: Docker image security analysis (Snyk/Trivy)
• Penetration testing: Regular OWASP Top 10 security validation
• Audit logging: Security events logged for compliance (account deletions, access changes)

GDPR & Privacy Compliance

• Data minimization: Only essential data collected and retained
• Right to deletion: Automated account and data deletion within GDPR timelines
• 1-hour cooldown: Re-registration prevention after account deletion (compliance requirement)
• Telemetry sanitization: Automatic removal of PII before data collection
• Breach notification: 72-hour notification protocol per GDPR requirements

Note: While we implement industry-standard security measures, no system is 100% secure. You are responsible for protecting your account credentials and n8n instance.

10. Data Retention

Current Retention Policies

• Account data: Retained while account is active
• API keys: Retained until regenerated or account deleted
• Usage logs: 90 days, then automatically deleted
• Telemetry data: Retained indefinitely for long-term analysis and AI training
• Sessions: Expire after 1 hour of inactivity
• OAuth tokens (revoked): Auto-deleted after 30 days
• Subscription data: Retained while subscription active

Account Deletion

When you delete your account via the multi-step deletion process:

• Immediate deletion: Account, API keys, n8n instances, usage logs, preferences, feedback, all sessions
• Immediate cancellation: Active Stripe subscriptions (if any)
• 1-hour cooldown: Cannot re-register with the same email for 1 hour (GDPR compliance)
• Within 30 days: Telemetry data (automated deletion process)
• Retained 7 years: Deletion audit log with timestamp, IP, and user agent (legal/tax compliance)
• Cannot delete: Stripe customer records (7-year financial/tax compliance requirement)
• Cannot delete: Data already processed into trained AI models (aggregated into patterns)

Multi-Step Confirmation

To prevent accidental deletion, we require three confirmation steps:

• Step 1: Acknowledge warning and consequences
• Step 2: Optional telemetry deletion request generation
• Step 3: Type "DELETE" to confirm (case-sensitive)

This process ensures you are fully aware of the consequences and prevents accidental clicks from deleting your account.

Telemetry Retention

Telemetry data is retained indefinitely for long-term analysis and AI model training. However:

• New collection stops immediately when you opt-out
• Your telemetry data is deleted within 30 days when you delete your account
• Data already used in trained models cannot be removed

11. Your Rights (GDPR/CCPA)

Right to Access

You can view your data at any time:

• Account profile: /dashboard/account/profile
• API keys: /dashboard/settings
• Subscription: /dashboard/billing
• n8n instances: /dashboard/instances

Telemetry data: Cannot be viewed (anonymized, no link to you)

Right to Correction

• Update profile: /dashboard/account/profile
• Change email: Via Auth0 (automatic sync)
• Update instances: /dashboard/instances

Right to Deletion

Telemetry Deletion

You can request telemetry deletion separately from account deletion:

1. Go to Account Profile
2. Find "Telemetry & Privacy" section
3. Click "Request Telemetry Deletion"
4. Copy the generated deletion request UUID (optional - for follow-up)
5. Telemetry data deleted within 30 days automatically

Note: You do not need to contact support. The deletion happens automatically within the 30-day GDPR requirement.

What gets deleted:

• User account and profile
• All API keys
• All n8n instance configurations
• All usage logs
• Subscription records (Stripe subscription cancelled)
• OAuth tokens
• Telemetry data (within 30 days)

What cannot be deleted:

• Stripe customer record (7-year financial/tax compliance requirement)
• Data already used in trained AI models (processed into aggregates)
• Aggregate statistics (anonymized, no link to you)

Right to Data Portability

To request a copy of your data: privacy@n8n-mcp.com

We'll send you a JSON export within 30 days containing:

• Account information
• API key metadata (NOT plaintext keys)
• n8n instance URLs (NOT encrypted credentials)
• Usage statistics

Note: Telemetry data cannot be exported (anonymized, no link to you)

Right to Object

• Telemetry: Opt-out in /dashboard/settings or via CLI
• Subscription: Cancel anytime in /dashboard/billing

How to Exercise Your Rights

Email: privacy@n8n-mcp.com
Response time: 30 days (GDPR requirement)
Free of charge

12. Cookies

Essential Cookies Only

We only use essential cookies required for service functionality:

Auth0 Session Cookie (appSession)

• Purpose: Maintain your logged-in session
• Type: HttpOnly, Secure, SameSite=Lax
• Duration: Session (expires when you close browser)
• Contains: Encrypted session token

CSRF Token

• Purpose: Security (prevent cross-site request forgery)
• Type: HttpOnly, Secure
• Duration: Session

What We DO NOT Use

• Advertising cookies
• Tracking cookies
• Analytics cookies (no Google Analytics)
• Third-party cookies

Cookie Consent NOT Required

Under GDPR/CCPA, cookie consent banners are only required for non-essential cookies. Since we only use essential cookies, no consent banner is needed.

13. International Data Transfers

Your data may be processed in multiple locations:

• Primary server: Germany (Hetzner, EU data center)
• Database: Supabase (EU data region)
• Authentication: Auth0 (global infrastructure)
• Payments: Stripe (US-based, Standard Contractual Clauses for EU)

GDPR Safeguards

• Encryption at rest and in transit
• Access controls and audit logging
• Data Processing Agreements with all service providers
• Standard Contractual Clauses where applicable

14. Children's Privacy

n8n-mcp is NOT directed at children under 16 years old. We do not knowingly collect personal data from children.

If you believe we have collected data from a child, please contact us immediately at privacy@n8n-mcp.com and we will delete it.

15. Data Breach Notification

In the event of a data breach:

• Notification timeline: Within 72 hours of discovery (GDPR requirement)
• Notification method: Email + dashboard banner
• Information provided: What happened, what data was affected, what we're doing
• Supervisory authority: Serious breaches reported to UODO (Polish Data Protection Authority)

Telemetry data: Low risk (already anonymized, no PII). We will notify if sanitization process fails.

16. Changes to This Policy

We may update this Privacy Policy from time to time. When we do:

• Updated "Last updated" date at the top
• Notice via email + dashboard banner
• Material changes: 30-day notice before taking effect
• Continued use = acceptance of updated policy

17. Contact Us

Privacy Inquiries

Email: privacy@n8n-mcp.com
Response time: 30 days maximum

General Support

Email: support@n8n-mcp.com

Upstream Privacy Policy

For details about n8n-mcp package telemetry: n8n-mcp PRIVACY.md

Data Protection Authority (Poland)

Polish Supervisory Authority (UODO)
Website: https://uodo.gov.pl

EU residents have the right to lodge a complaint with their local data protection authority.