Privacy Policy

1. Introduction

This Privacy Policy explains how n8n-mcp ("we", "us", or "our") collects, uses, and protects your personal information when you use our services: the MCP Dashboard (dashboard.n8n-mcp.com) and the AI Chat & Agent (app.n8n-mcp.com). We are committed to protecting your privacy and being transparent about our data practices.

Where data practices differ between services, we clearly indicate which service a section applies to. Sections without a label apply to both services.

By using n8n-mcp, you agree to the collection and use of information in accordance with this policy. This policy should be read in conjunction with our Terms of Service.

GDPR & CCPA Compliance: This policy is designed to comply with the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).

2. Data Controller Information

Service Name: n8n-mcp Hosted Service
Operated by: Ai Advisors Romuald Czlonkowski (individual developer)
Location: Poland (European Union)
Contact: privacy@n8n-mcp.com

n8n-mcp is an independent, community-driven project. We are not affiliated with n8n.io (the workflow automation platform).

3. What Data We Collect

A. Account Information (via Auth0)

When you create an account, we collect:

• Email address (required) — For account authentication and important notifications
• Full name (optional) — For personalization
• OAuth provider information — If you sign in with Google, GitHub, or Microsoft
• Profile picture URL — From your OAuth provider, if available

B. API Keys (n8n-mcp)

We store information about your n8n-mcp API keys:

• Key hash (SHA-256) — We NEVER store plaintext keys
• Key prefix — First 10 characters for display (e.g., "nmcp_abc12...")
• Key metadata — Creation date, last used timestamp, active status
• Key name — Optional user-defined label

C. n8n Instance Configuration

IMPORTANT: Your n8n API credentials are encrypted and NEVER exposed to you after initial setup:

• Instance URL — Your n8n server address (e.g., https://n8n.example.com)
• n8n API key (encrypted) — Encrypted with AES-256-GCM, server-side only
• Instance status — Active/inactive flag
• Last validated — Timestamp of last successful connection test

D. Usage Data (Hosted Service)

We log all API requests for billing and rate limiting:

• Request metadata — Timestamp, user ID, MCP tool name, success/failure status
• Rate limit violations — When you exceed your tier limits
• Error messages — Technical errors only (NO workflow content or user data)
• IP address — Temporarily for rate limiting (not stored long-term)
• User agent — To identify which MCP client you're using (Claude Desktop, Cursor, Windsurf etc.)

E. Subscription Data (via Stripe)

If you subscribe to a paid tier:

• Stripe customer ID — Links your account to Stripe
• Subscription tier — Free, Supporter, or Enterprise
• Subscription status — Active, cancelled, past_due, etc.
• Billing period — Current period start/end dates

Note: Credit card details are handled entirely by Stripe and NEVER touch our servers.

F. Anonymous Telemetry (n8n-mcp Package)

The upstream n8n-mcp package (the MCP server running on our servers) collects anonymous telemetry:

• Hashed User ID — Machine-derived identifier (NOT traceable to you)
• Tool Usage Statistics — Which MCP tools you use, how often, and performance metrics
• Sanitized Workflow Patterns — Workflow structure ONLY (see Data Sanitization section)
• Error Categories — Error types without user data in messages

Purpose: This data helps us improve n8n-mcp for the entire community and create new services. All data is anonymized before collection.

G. AI Chat & Agent Data

Applies to: AI Chat & Agent only

When you use our AI Chat or AI Agent features, we additionally collect:

• Conversation messages — Your messages and AI responses during chat sessions, stored to maintain conversation history
• Conversation traces — Structured logs of conversations including messages, tool calls, and AI responses, used for AI model improvement (see Section 7)
• AI-extracted preferences — The system may automatically extract and store your preferences and workflow patterns from conversations to personalize future interactions (authenticated users only)
• Workflow cache queries — Your workflow descriptions are compared against a cache of pre-built workflows to find relevant matches
• Input safety classification — Your messages are analyzed for content safety before processing; the classification result is logged but the message content is not separately stored by this process

Anonymous users: If you use AI Chat without an account, a browser-derived fingerprint is used solely to maintain your session and enforce rate limits. This fingerprint is not used for tracking or advertising and is not linked to any personal identity.

H. What We DO NOT Collect

We explicitly DO NOT collect:

• Personal information within workflows (PII)
• API keys, tokens, or credentials from your workflows
• Database connection strings or authentication secrets
• Credit card details (handled by Stripe only)
• Browsing history or cross-site tracking
• Device fingerprints for tracking or advertising (fingerprints used solely for anonymous session management are described in Section 3G)

Note: In MCP Dashboard mode, we do not access or store your workflow contents — only metadata for telemetry. In AI Chat & Agent mode, workflow content is processed by AI models to fulfill your requests but is not used for purposes other than providing the service and model improvement (subject to your opt-out preferences).

4. How We Use Your Data

Service Functionality

• Authentication — Verify your identity and maintain your session
• MCP Tool Execution — Execute n8n operations on your behalf (MCP Dashboard)
• AI Chat & Agent — Process your messages through AI models to generate, modify, and manage n8n workflows; extract and store your preferences to personalize future interactions
• Rate Limiting — Enforce tier-based usage limits
• Billing — Process subscription payments and manage your plan

Telemetry & Product Improvement

We use anonymized telemetry data to:

• Analyze usage patterns — Understand which features are most valuable
• Train AI models — Improve workflow generation quality using sanitized telemetry patterns (MCP Dashboard) and conversation traces (AI Chat, subject to opt-out — see Section 7)
• Identify bugs and errors — Analyze error categories to fix issues
• Optimize performance — Identify slow tools and bottlenecks
• Community benefit — Improvements go back to the open-source n8n-mcp package

IMPORTANT: All telemetry data is anonymized and sanitized BEFORE collection. There is NO personally identifiable information (PII) in our telemetry data, and no way to identify individual users. If you decide to opt-out of telemetry or delete your account, we will record your anonymous identifier in our database for 30 days to ensure we can remove your data from our telemetry database. Even at that point, we cannot identify you as an individual user.

Communication

• Transactional emails — Account confirmations, password resets, billing notifications
• Service updates — Critical announcements, planned maintenance, security alerts
• Support requests — Respond to your questions and issues

Note: We do NOT send marketing emails or newsletters. All emails are strictly transactional.

What We DO NOT Do

• Sell your data to third parties
• Use your data for advertising
• Share data with partners (except service providers listed in Section 8)
• Track you across other websites
• Build user profiles for marketing

Legal Basis for Processing (GDPR Article 6)

We process your personal data under the following legal bases:

• Contract Performance (Article 6(1)(b)) — Account creation and management, AI Chat and Agent features (processing your messages to provide the service you requested), MCP bridge operations, subscription billing
• Legitimate Interest (Article 6(1)(f)) — AI model improvement using conversation traces, service security and abuse prevention, anonymous telemetry for product improvement, input safety classification
• Consent (Article 6(1)(a)) — Marketing communications (if any in the future), optional data sharing beyond what is required for service operation

You can object to processing based on legitimate interest at any time by contacting privacy@n8n-mcp.com.

5. Data Sanitization Process

When collecting workflow patterns for telemetry, we automatically sanitize ALL sensitive data:

Example

Guarantees

• NO personal information in sanitized data
• NO way to reverse sanitization
• NO way to identify users from telemetry
• Automatic process (not manual review)
• Sanitization happens BEFORE data is saved to the telemetry database (in-memory)

6. Telemetry Opt-Out

You have full control over telemetry collection. You can opt-out at any time:

Dashboard Profile

1. Go to Account Profile
2. Find "Telemetry & Privacy" section
3. Toggle "Telemetry Collection" to OFF
4. Changes take effect immediately

What Happens When You Opt-Out

• NO telemetry sent to our servers
• NO workflow patterns collected
• NO usage statistics tracked
• Service continues to work normally
• We lose valuable data to improve the project for everyone

What Still Happens

• Account data still collected (required for service)
• Usage logs still created (required for billing/rate limiting)
• n8n credentials still encrypted and stored

Note: Opt-out applies to the n8n-mcp package (MCP server). Hosted service usage logs (API requests) cannot be disabled as they're required for billing and rate limiting.

7. AI Model Training

What We Train AI Models For

• Workflow generation quality — Improve accuracy of AI-generated n8n workflows
• Workflow pattern recognition — Suggest better workflow structures
• Error prediction — Identify common mistakes before they happen
• Tool recommendations — Suggest which n8n nodes work well together

What Data Is Used

MCP Dashboard (telemetry)

• Sanitized, anonymized workflow patterns only (see Section 5)
• NO personal information, workflow data, or credentials

AI Chat & Agent (conversation traces)

• Conversation traces: your messages, AI responses, and tool call results in structured format
• Traces include: user tier, model used, duration, and token counts
• Traces do NOT include: email address, account details, or n8n instance credentials
• Used to fine-tune and evaluate AI models for workflow generation

How Models Are Trained

• Machine learning on aggregate patterns from thousands of users
• Fine-tuning on conversation traces to improve workflow generation quality
• Models are trained on our own infrastructure — conversation data is not shared with third parties for training purposes

Your Rights

• MCP Dashboard telemetry: Opt-out in Settings to stop new telemetry collection (see Section 6)
• AI Chat conversation traces: Supporter tier and above can opt out of training data collection in Privacy settings. When opted out, your conversations are still processed for the service but not saved as training data
• Request deletion of your data (see Section 11)
• Cannot "un-train" models (data already processed into model weights)

Note: Free and anonymous users contribute conversation traces as part of using the free tier. To opt out of training data collection, upgrade to a Supporter plan.

8. Third-Party Services

We use the following third-party services to operate n8n-mcp. Each has their own privacy policy:

Auth0 (Authentication)

• Purpose: User authentication, OAuth 2.1 flows, session management
• Data shared: Email, name, OAuth provider ID, authentication events
• Privacy Policy: https://auth0.com/privacy

Supabase (Database & Telemetry Storage)

• Purpose: PostgreSQL database, backend services, telemetry storage
• Data stored: ALL user data, usage logs, anonymized telemetry
• Location: European Union (EU data center)
• Encryption: At rest (Supabase-managed), in transit (TLS 1.3)
• Backups: Automatic daily (retained 7 days on free tier)
• Privacy Policy: https://supabase.com/privacy

Stripe (Payments)

• Purpose: Subscription billing, payment processing, invoicing
• Data shared: Email, customer metadata (user_id), subscription tier
• Data processed by Stripe: Credit card details, billing info (NEVER touches our servers)
• PCI Compliance: Stripe is PCI DSS Level 1 compliant
• Privacy Policy: https://stripe.com/privacy

Hetzner (Infrastructure Hosting)

• Purpose: Server hosting
• Location: Germany (EU data center)
• Data processed: All HTTP traffic, temporary logs
• GDPR: Compliant (EU-based company)
• Privacy Policy: https://www.hetzner.com/legal/privacy-policy

Grafana Cloud (Log Aggregation & Monitoring)

• Purpose: Centralized log aggregation and operational monitoring
• Data shared: Server logs containing request metadata (timestamps, IP addresses, error messages, response times). No conversation content or workflow data is included in logs
• Location: United States (Grafana Labs)
• Privacy Policy: https://grafana.com/legal/privacy-policy

Together.ai (AI Inference)

Applies to: AI Chat & Agent — all users

• Purpose: Hosts AI models used for chat orchestration (paid users), conversation title generation, and document conversion (all users)
• Data shared: User messages, conversation context, system prompts, uploaded document content (for conversion)
• Location: United States
• Privacy Policy: https://www.together.ai/privacy

MiniMax (AI Inference)

Applies to: AI Chat — free and anonymous users

• Purpose: Hosts AI models used for chat orchestration
• Data shared: User messages, conversation context, system prompts
• Location: Data processed via API (provider based in China)
• Privacy Policy: https://platform.minimax.io/protocol/privacy-policy

Moonshot AI (Fallback AI Inference)

Applies to: AI Chat & Agent — fallback only

• Purpose: Fallback AI provider when the primary provider is temporarily unavailable
• Data shared: User messages, conversation context, system prompts (only during failover)
• Location: Data processed via API (provider based in China)
• Privacy Policy: https://kimi-ai.chat/privacy-policy

Modal (Self-Hosted AI Infrastructure)

Applies to: AI Chat & Agent

• Purpose: Hosts our fine-tuned AI models for workflow generation and updates
• Data shared: Workflow descriptions and system prompts (no user identity or account data)
• Location: United States
• Note: These are our own models running on Modal's GPU infrastructure — Modal does not access the inference data
• Privacy Policy: https://modal.com/legal/privacy-policy

vast.ai (GPU Compute)

Applies to: AI Chat & Agent

• Purpose: GPU compute for workflow search ranking and content safety classification
• Data shared: Search queries (for ranking), user input text (for safety classification)
• Location: Various data centers (EU preferred where available)
• Note: These are our own models running on vast.ai GPU instances — vast.ai does not access the inference data
• Privacy Policy: https://vast.ai/privacy

Services NOT Used

We explicitly do NOT use:

• Google Analytics or any analytics tracking
• Facebook/LinkedIn/Twitter tracking pixels
• Advertising networks
• Marketing automation platforms
• CRM systems (HubSpot, Salesforce, etc.)

9. Data Storage & Security

Encryption

• At rest: AES-256 (Supabase-managed)
• In transit: TLS 1.3 (HTTPS only)
• API keys: SHA-256 hashed (plaintext never stored)
• n8n credentials: AES-256-GCM encrypted (server-side only, per-user derived keys)
• Sessions: In-memory (ephemeral, cleared on restart), 1-hour TTL

Storage Infrastructure

• Primary database: Supabase PostgreSQL (EU data center)
• Backups: Daily automatic (retained 7 days)
• Server: Hetzner Germany
• Sessions: In-memory only (no disk storage)

Access Controls

• Developer access only (individual project, no team)
• Database: Row Level Security (RLS) policies
• API: Bearer token authentication (nmcp_ keys)
• Server: SSH keys only, no password authentication

Security Measures

We implement comprehensive security controls across all layers of our infrastructure:

Authentication & Authorization

• OAuth 2.1: Secure authentication via Auth0 with social login support (Google, GitHub)
• Session management: In-memory sessions with 1-hour TTL, automatic expiration and eviction
• CSRF protection: Built-in Auth0 protections against cross-site request forgery
• JWT validation: Token signature verification and expiration checks
• Authorization: Users can only access their own data (multi-tenant isolation)

API Key Security (Two-Tier System)

• n8n-mcp keys: SHA-256 hashed storage, timing-safe comparison, never logged in plaintext
• n8n credentials: AES-256-GCM encryption with per-user derived keys, decrypted server-side only
• Key rotation: Automated invalidation of old keys after rotation
• Secure generation: Cryptographically secure random key generation (no predictable patterns)

Database Security

• Row Level Security (RLS): PostgreSQL policies enforce data isolation per user
• Parameterized queries: All SQL queries use prepared statements (no SQL injection)
• Encryption at rest: AES-256 encryption managed by Supabase
• TLS connections: All database connections require SSL/TLS (sslmode=require)

Input Validation & Injection Prevention

• XSS protection: HTML encoding and Content Security Policy (CSP) headers
• SQL injection: Parameterized queries prevent all SQL injection attacks
• Command injection: No user input passed to shell commands
• API validation: Strict input validation on all endpoints (UUIDs, pagination, JSON payloads)

Rate Limiting & Abuse Prevention

• Per-user limits: 50 requests/minute (free tier), 100 requests/minute (supporter tier)
• IP-based limiting: Prevents single IP abuse and brute force attacks
• Rate limit headers: X-RateLimit-Limit and X-RateLimit-Remaining for transparency
• Account enumeration: Protected against email existence detection

SSL/TLS Configuration

• HTTPS enforcement: All HTTP traffic redirects to HTTPS
• TLS 1.3: Modern encryption protocol (TLS 1.0/1.1 disabled)
• Automatic certificates: Let's Encrypt via Caddy with auto-renewal
• HSTS headers: Strict-Transport-Security enforces HTTPS
• Certificate validation: Full chain verification (root, intermediate, leaf)

Infrastructure Security

• Docker isolation: Containers run as non-root user with minimal capabilities
• SSH hardening: Key-only authentication (no password login)
• Firewall rules: Only essential ports open
• Automated updates: Security patches applied automatically
• Fail2ban protection: Brute force attack prevention on SSH

Payment Security (Stripe)

• PCI DSS compliant: Stripe handles all credit card processing (Level 1 certified)
• Webhook validation: Signature verification prevents replay attacks
• No card storage: Credit card data never touches our servers
• 3D Secure: Enhanced authentication for card transactions

Monitoring & Scanning

• Dependency scanning: Automated vulnerability detection via Dependabot
• Container scanning: Docker image security analysis (Snyk/Trivy)
• Penetration testing: Regular OWASP Top 10 security validation
• Audit logging: Security events logged for compliance (account deletions, access changes)

GDPR & Privacy Compliance

• Data minimization: Only essential data collected and retained
• Right to deletion: Automated account and data deletion within GDPR timelines
• 1-hour cooldown: Re-registration prevention after account deletion (compliance requirement)
• Telemetry sanitization: Automatic removal of PII before data collection
• Breach notification: 72-hour notification protocol per GDPR requirements

Note: While we implement industry-standard security measures, no system is 100% secure. You are responsible for protecting your account credentials and n8n instance.

10. Data Retention

Current Retention Policies

MCP Dashboard

• Account data: Retained while account is active
• API keys: Retained until regenerated or account deleted
• Usage logs: 90 days, then automatically deleted
• Telemetry data: Retained indefinitely for long-term analysis and AI training
• Sessions: Expire after 1 hour of inactivity
• OAuth tokens (revoked): Auto-deleted after 30 days
• Subscription data: Retained while subscription active

AI Chat & Agent

• Conversation messages: Retained while account is active; deleted on account deletion
• Conversation traces: Retained indefinitely for AI model training (subject to training opt-out)
• AI-extracted preferences (memories): Retained while account is active; deleted on account deletion or manually via Settings
• Anonymous session data: Expires after 24 hours

Account Deletion

When you delete your account via the multi-step deletion process:

• Immediate deletion: Account, API keys, n8n instances, usage logs, preferences, feedback, all sessions
• Immediate cancellation: Active Stripe subscriptions (if any)
• 1-hour cooldown: Cannot re-register with the same email for 1 hour (GDPR compliance)
• Within 30 days: Telemetry data (automated deletion process)
• Retained 7 years: Deletion audit log with timestamp, IP, and user agent (legal/tax compliance)
• Cannot delete: Stripe customer records (7-year financial/tax compliance requirement)
• Cannot delete: Data already processed into trained AI models (aggregated into patterns)

Multi-Step Confirmation

To prevent accidental deletion, we require three confirmation steps:

• Step 1: Acknowledge warning and consequences
• Step 2: Optional telemetry deletion request generation
• Step 3: Type "DELETE" to confirm (case-sensitive)

This process ensures you are fully aware of the consequences and prevents accidental clicks from deleting your account.

Telemetry Retention

Telemetry data is retained indefinitely for long-term analysis and AI model training. However:

• New collection stops immediately when you opt-out
• Your telemetry data is deleted within 30 days when you delete your account
• Data already used in trained models cannot be removed

11. Your Rights (GDPR/CCPA)

Right to Access

You can view your data at any time:

• Account profile: /dashboard/account/profile
• API keys: /dashboard/settings
• Subscription: /dashboard/billing
• n8n instances: /dashboard/instances

Telemetry data: Cannot be viewed (anonymized, no link to you)

Right to Correction

• Update profile: /dashboard/account/profile
• Change email: Via Auth0 (automatic sync)
• Update instances: /dashboard/instances

Right to Deletion

Telemetry Deletion

You can request telemetry deletion separately from account deletion:

1. Go to Account Profile
2. Find "Telemetry & Privacy" section
3. Click "Request Telemetry Deletion"
4. Copy the generated deletion request UUID (optional — for follow-up)
5. Telemetry data deleted within 30 days automatically

Note: You do not need to contact support. The deletion happens automatically within the 30-day GDPR requirement.

What gets deleted:

• User account and profile
• All API keys
• All n8n instance configurations
• All usage logs
• Subscription records (Stripe subscription cancelled)
• OAuth tokens
• Telemetry data (within 30 days)

What cannot be deleted:

• Stripe customer record (7-year financial/tax compliance requirement)
• Data already used in trained AI models (processed into aggregates)
• Aggregate statistics (anonymized, no link to you)

Right to Data Portability

To request a copy of your data: privacy@n8n-mcp.com

We'll send you a JSON export within 30 days containing:

• Account information
• API key metadata (NOT plaintext keys)
• n8n instance URLs (NOT encrypted credentials)
• Usage statistics

Note: Telemetry data cannot be exported (anonymized, no link to you)

Right to Object

• Telemetry: Opt-out in /dashboard/settings or via CLI
• Subscription: Cancel anytime in /dashboard/billing

How to Exercise Your Rights

Email: privacy@n8n-mcp.com
Response time: 30 days (GDPR requirement)
Free of charge

12. Cookies

Essential Cookies Only

We only use essential cookies required for service functionality:

Auth0 Session Cookie (appSession)

• Purpose: Maintain your logged-in session
• Type: HttpOnly, Secure, SameSite=Lax
• Duration: Session (expires when you close browser)
• Contains: Encrypted session token

CSRF Token

• Purpose: Security (prevent cross-site request forgery)
• Type: HttpOnly, Secure
• Duration: Session

What We DO NOT Use

• Advertising cookies
• Tracking cookies
• Analytics cookies (no Google Analytics)
• Third-party cookies

Cookie Consent NOT Required

Under GDPR/CCPA, cookie consent banners are only required for non-essential cookies. Since we only use essential cookies, no consent banner is needed.

13. International Data Transfers

Your data may be processed in multiple locations:

MCP Dashboard

• Primary server: Germany (Hetzner, EU data center)
• Database: Supabase (EU data region)
• Authentication: Auth0 (global infrastructure)
• Payments: Stripe (US-based, Standard Contractual Clauses for EU)
• Log aggregation: Grafana Cloud (US-based) — server logs with request metadata only, no conversation or workflow content

AI Chat & Agent (additional transfers)

• AI inference (US): Together.ai, Modal — user messages processed for AI responses and workflow generation
• AI inference (China-based API): MiniMax (free/anonymous users), Moonshot AI (fallback) — user messages processed for AI responses
• GPU compute (various): vast.ai — search queries and input text processed for ranking and safety classification (EU preferred)

GDPR Safeguards

• Encryption at rest and in transit for all data
• Access controls and audit logging
• Data Processing Agreements with service providers where available
• Standard Contractual Clauses (SCCs) for US-based providers
• Data minimization for non-EU transfers — only the conversation context necessary for inference is sent, with no account details or credentials
• AI inference providers process data in-memory for inference only and do not persistently store your conversations
• For self-hosted models (Modal, vast.ai), we control the inference environment — the hosting provider does not have access to the data being processed

Note on China-based providers: MiniMax and Moonshot AI process data via their API endpoints. China is not recognized by the European Commission as providing an adequate level of data protection. We rely on contractual safeguards and data minimization (only conversation messages necessary for generating a response are transmitted, with no account identifiers). If you have concerns about data transfers to China, you can upgrade to a Supporter plan, which routes your requests through US-based providers only.

14. Children's Privacy

n8n-mcp is NOT directed at children under 16 years old. We do not knowingly collect personal data from children.

If you believe we have collected data from a child, please contact us immediately at privacy@n8n-mcp.com and we will delete it.

15. Data Breach Notification

In the event of a data breach:

• Notification timeline: Within 72 hours of discovery (GDPR requirement)
• Notification method: Email + dashboard banner
• Information provided: What happened, what data was affected, what we're doing
• Supervisory authority: Serious breaches reported to UODO (Polish Data Protection Authority)

Telemetry data: Low risk (already anonymized, no PII). We will notify if sanitization process fails.

16. Changes to This Policy

We may update this Privacy Policy from time to time. When we do:

• Updated "Last updated" date at the top
• Notice via email + dashboard banner
• Material changes: 30-day notice before taking effect
• Continued use = acceptance of updated policy

17. Contact Us

Privacy Inquiries

Email: privacy@n8n-mcp.com
Response time: 30 days maximum

General Support

Email: support@n8n-mcp.com

Upstream Privacy Policy

For details about n8n-mcp package telemetry: n8n-mcp PRIVACY.md

Data Protection Authority (Poland)

Polish Supervisory Authority (UODO)
Website: https://uodo.gov.pl

EU residents have the right to lodge a complaint with their local data protection authority.