1. What Is MCP and Who This Policy Covers
Model Context Protocol (MCP) is an open standard that lets AI tools — such as Claude, ChatGPT, or any MCP-compatible assistant — connect directly to external data sources. CreatorSense AI ("we," "our," "us") offers MCP servers that give authorised AI tools read access to your CreatorSense account data.
This policy applies specifically to data accessed through the CreatorSense MCP servers (Creator MCP and Agency MCP). It supplements our main Privacy Policy, which governs data collected through the web app and Chrome extensions. Where this policy and the main Privacy Policy conflict, this policy takes precedence for MCP interactions.
MCP server access is currently in development ("coming soon"). This policy will be effective from the date the MCP servers become available to users.
2. What Data MCP Servers Can Access
The MCP servers provide AI tools with read-only access to data already held in your CreatorSense account. No additional data is collected from your connected platforms specifically for MCP. The data accessible depends on your subscription tier:
2.1 Creator MCP
- Unified revenue figures across your connected platforms (net of fees)
- Platform-level revenue breakdowns and growth trends
- ORACLE analytics — platform mix, income trajectory, forecasts
- ARIA insights and recommended actions generated from your data
- TaxWise monthly set-aside estimates (Pro and above)
- Audience metrics and content performance summaries
2.2 Agency MCP
- Portfolio-level revenue and growth across your managed roster
- Per-creator revenue breakdowns (aggregated, not raw platform credentials)
- Creator risk signals and churn indicators
- Roster-level ARIA insights and strategic briefs
2.3 What MCP Servers Cannot Access
MCP servers have no access to:
- Your platform credentials, OAuth tokens, or login details
- Private messages or direct messages on any connected platform
- Payment card details or bank account information
- Audience members' personal data (all audience data is aggregated)
- Data from other CreatorSense users
- Admin or internal operational data
3. How Authentication Works
To connect an AI tool to a CreatorSense MCP server, you must authenticate using your CreatorSense account credentials or an API key generated within your account settings. The AI tool presents this credential with each request; no credential is stored by the AI tool provider on our behalf.
You can generate, rotate, and revoke MCP API keys at any time from Settings → Integrations → MCP in your CreatorSense dashboard. Revoking a key immediately terminates all AI tool access using that key.
Authentication tokens are transmitted over TLS and are not logged in plain text. We retain token identifiers (not the tokens themselves) in our access logs for security audit purposes for up to 90 days.
4. Data Minimisation — What Each Query Returns
MCP servers are designed to return only the data necessary to answer the specific query made by the AI tool. For example, a query asking "what did I earn last month on YouTube?" returns only the relevant revenue figure — not your full account data.
Data returned via MCP is the same data visible to you in your CreatorSense dashboard. We do not provide AI tools with more granular access than you have yourself.
5. What We Log
We log the following for each MCP request for security and performance purposes:
- Timestamp of the request
- API key identifier (not the key value)
- Query type / tool name called (e.g., "get_revenue_summary")
- Response status code (success or error)
- Response time in milliseconds
- Subscription plan at time of request
We do not log:
- The full content of queries (the natural language question typed by you or your AI)
- The full data payload returned in responses
- Which AI tool provider is making the request
Request logs are retained for 90 days then permanently deleted.
6. Third-Party AI Tools
When you connect an AI tool (Claude, ChatGPT, or another MCP-compatible assistant) to a CreatorSense MCP server, that AI tool provider's own privacy policy governs how they handle your queries and any data they receive. We are not responsible for the data practices of third-party AI providers.
We recommend reviewing the privacy policy of any AI tool you connect before enabling MCP access, particularly regarding:
- Whether they use your conversation content to train their models
- How long they retain conversation history
- Whether they share your queries with sub-processors
We do not receive or store any data from the AI provider about your use of their tool beyond what is described in Section 5 above.
7. Data Security for MCP Connections
All MCP data transfers are protected by:
- TLS 1.2 or higher encryption in transit
- API key authentication on every request
- Rate limiting per API key to prevent abuse
- IP-based anomaly detection for unusual access patterns
- Automatic key invalidation if suspicious activity is detected
In the event of a suspected MCP API key compromise, contact us immediately at support@creatorsenseai.com. We will invalidate the key within 1 business hour of notification.
8. Your Controls
You can, at any time:
- Revoke MCP access — delete your API key from Settings → Integrations → MCP. The AI tool loses access immediately.
- Rotate your API key — generate a new key; the old key is invalidated instantly.
- View access logs — see a record of recent MCP requests from Settings → Integrations → MCP → Activity.
- Disconnect your CreatorSense account entirely — this revokes all MCP access and triggers data deletion per our main Privacy Policy Section 5.
9. Retention of MCP-Accessed Data
MCP servers return data in real time; we do not store a separate copy of data served through MCP. The underlying account data is retained per our main Data Retention Policy. MCP request logs (as described in Section 5) are retained for 90 days.
10. Children's Privacy
MCP servers are not intended for users under 18. By enabling MCP access, you confirm you are at least 18 years of age.
11. Changes to This Policy
We may update this policy as the MCP servers evolve. Material changes will be notified via email to account holders with active MCP keys at least 14 days before taking effect. Continued use of MCP servers after that date constitutes acceptance.
12. Contact
Questions about this policy or your MCP data: support@creatorsenseai.com
Registered address: CreatorSense AI, New South Wales, Australia.