Last updated: June 2026
MCP Village ("we", "us") provides website hosting that you edit by connecting your own AI assistant. This policy explains what we collect and why. We keep it short on purpose.
Account data. Your email address and authentication details, so you can sign in and we can contact you about your account.
Your site content. The pages, posts, media, and settings you create, stored so we can serve your website.
Form submissions. When a visitor submits a form on your site (name, email, message, etc.), we store it and forward it to you. You are the controller of that data; we process it on your behalf.
Analytics. Privacy-respecting, aggregate visit data (page views, approximate country) so you can see how your site is doing. We do not sell this or build cross-site advertising profiles.
You connect your own AI assistant (Claude, ChatGPT, Grok, or another) to your site via the Model Context Protocol, authorized by OAuth 2.1 with PKCE. We never receive your AI provider password. The connection is scoped to one site at a time, and can read and write only that site's content — its pages, posts, media, form submissions, contacts, and analytics. It can never reach your login identity, billing, custom-domain settings, stored secrets, or any other customer's site; those live on a separate system the AI connection cannot talk to.
What your AI provider sees. When your assistant edits your site, the instructions you give it and the site content it reads or writes pass through your AI provider (for example Anthropic, OpenAI, or xAI) and are handled under that provider's own privacy policy and terms. Choose a provider you trust. We pass along only what the connection you authorized requests — nothing more — and we don't see your conversation with your assistant.
On the sites we host we set a couple of first-party cookies to count visits and measure which pages turn visitors into enquiries. They don't identify a person by name, aren't shared with advertisers, and we don't use third-party advertising or cross-site tracking cookies. The MCP connection itself uses OAuth tokens, not cookies.
We don't sell your personal data. We don't use your site content to train AI models. We don't build cross-site advertising profiles. The connection your AI uses can only touch your website content, never your billing, identity, secrets, or another customer's site.
We rely on a small set of infrastructure providers to run the service — categories include cloud hosting, a content-delivery network and DNS, object storage for your media, and email delivery for forwarding your leads and account notices. They process data only to provide their part of the service, under their own security and privacy commitments.
Traffic is encrypted in transit with TLS. Access to your content is limited to your authenticated account and the AI connection you explicitly authorize, and each site is isolated so one account's connection can never reach another's data.
We keep your data while your account is active. You can export your entire site, your contacts, and your submissions at any time, and ask us to delete your account and its data by emailing [email protected].
Questions about this policy? Email [email protected].