Security First, Always

Your data never touches our servers. We're a secure proxy between your AI and your services. Zero storage, maximum protection.

SSL/TLS Encrypted
SOC 2 Partners
Zero Data Retention

Our Security Promise

What We Don't Store

  • • Email content, attachments, or metadata
  • • Calendar events or attendee information
  • • Contact names, emails, or phone numbers
  • • Drive files, documents, or folder structures
  • • Notion pages, Slack messages, or any service content

What We Do Protect

  • • Encrypted OAuth tokens (via Nango)
  • • Your authentication credentials (via Clerk)
  • • API request routing and authentication
  • • Connection status and service metadata
  • • All data transmission via HTTPS/TLS 1.3

How it works: When your AI requests data, we authenticate with your OAuth token, forward the request to the service (Google, Notion, etc.), and pass the response directly back. Nothing is stored. We're just a secure pipe.

Enterprise-Grade Security Features

Built on industry-leading security infrastructure

Zero Data Storage

We never store your emails, calendar events, contacts, or file contents. We're a secure proxy, not a data warehouse.

End-to-End Encryption

All OAuth tokens are encrypted at rest by Nango. API keys use AES-256 encryption. Everything transmits over HTTPS/TLS 1.3.

No Human Access

Your data flows directly between services and your AI. No human can read your emails, calendar, or files.

Granular Permissions

Connect only the services you need. Disconnect instantly. OAuth tokens deleted immediately on disconnection.

Infrastructure Security

Hosted on Render's SOC 2 Type II certified infrastructure with automatic SSL, DDoS protection, and security monitoring.

Real-Time Processing

Data passes through in milliseconds. No caching, no storage, no retention. Pure pass-through architecture.

Trusted Security Partners

We leverage the security certifications of industry leaders

Nango

Enterprise-grade OAuth token management

SOC 2 Type II
GDPR Compliant
End-to-end encryption

Clerk

Authentication and user management

SOC 2 Type II
GDPR & CCPA
SAML 2.0

Sentry

Error monitoring without data exposure

SOC 2 Type II
GDPR
ISO 27001

Render

Infrastructure and hosting

SOC 2 Type II
HIPAA
PCI DSS

Compliance & Certifications We Inherit

SOC 2 Type II
GDPR Compliant
CCPA Compliant
ISO 27001
HIPAA Ready
PCI DSS

Through our security partners, MCP Hubby benefits from enterprise-grade compliance and certifications without the overhead. Your data is protected by the same standards used by Fortune 500 companies.

Technical Security Implementation

Encryption

  • TLS 1.3 for all data in transit
  • AES-256-GCM for API keys at rest
  • OAuth tokens encrypted by Nango's secure vault
  • Encrypted webhooks with HMAC signature verification

Access Control

  • Strict user isolation - you can only access your own data
  • JWT-based authentication with short-lived tokens
  • Rate limiting on all API endpoints
  • IP-based blocking for suspicious activity

Monitoring & Response

  • Real-time error tracking with Sentry
  • Automated security scanning on all deployments
  • 24/7 infrastructure monitoring by Render
  • Immediate token revocation on suspicious activity

Data Handling

  • No persistent storage of user content
  • Request logs retained for 90 days (metadata only, no content)
  • Automatic token refresh handled by Nango
  • Immediate deletion on service disconnection

What We Do

  • Encrypt all data in transit and at rest
  • Use industry-standard OAuth 2.0 flows
  • Implement rate limiting and DDoS protection
  • Monitor for security threats 24/7
  • Regular security audits and updates
  • Immediate token revocation on request
  • Transparent security practices

What We Never Do

  • Store your emails, calendar, or files
  • Share or sell your data
  • Train AI models on your content
  • Allow human access to your data
  • Log sensitive content
  • Keep data after disconnection
  • Compromise on security for features

Security Questions?

We take security seriously. If you have questions about our security practices, found a vulnerability, or need more information for your compliance requirements, please reach out.

security@mcphubby.aiView Privacy Policy