Privacy Policy

Last updated: June 5, 2026

This Privacy Policy explains how JK Labs Africa ("MCP Studio", "we", "us") collects, uses, and protects your information when you use MCP Studio (the "Service"), available at https://mcp-studio.app. By using the Service, you agree to this policy.

MCP Studio is a platform that lets you connect your SQL databases (PostgreSQL, MySQL) to AI assistants through the Model Context Protocol. We designed it to keep you in control of your data.

1. Information we collect

Account information (via Google Sign-In)

When you sign in with Google, we receive from your Google account the data you authorize: your name, email address, profile picture, and Google account identifier. We use this only to create and secure your account and to identify you when you sign in.

Database connection details

To connect your databases, you provide connection details (host, port, database name, username, password, and optional SSH tunnel settings). Credentials are encrypted at rest using AES-256 (Fernet) and are decrypted only at the moment they are used to connect to your database. We never display them back to you in clear text and never include them in logs.

AI configuration (optional)

If you choose to use AI-assisted features, you may provide your own Anthropic API key, stored encrypted. When you use these features, the relevant request is sent to Anthropic to generate tool descriptions or assist configuration.

Technical and usage data

We may collect standard technical data such as IP address, browser type, and timestamps, and application logs needed to operate and secure the Service. A session token (JWT) is stored in your browser's local storage to keep you signed in.

2. How we use your information

3. Google user data — Limited Use

MCP Studio's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We use Google account data solely to authenticate you and provide the sign-in feature. We do not sell this data, use it for advertising, or share it with third parties except as needed to provide the Service or as required by law.

4. How we store and protect data

Database credentials and API keys are encrypted at rest. Access to resources is scoped per user. We apply reasonable technical and organizational measures to protect your data. No method of transmission or storage is 100% secure, but we work to protect your information.

5. Sharing and third-party services

We do not sell your personal information. We share data only with service providers that help us run the Service, and only as needed:

We may disclose information if required by law or to protect rights, safety, and the integrity of the Service.

6. Data retention

We retain your account data while your account is active. You may delete your account at any time; we then delete or anonymize your personal data within a reasonable period, except where retention is required by law.

7. Your rights

Depending on your location, you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. To exercise these rights, contact us at tech@djoli.africa.

8. Children

The Service is not directed to individuals under 16. We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.

9. International transfers

Your data may be processed in countries other than your own. Where required, we use appropriate safeguards for such transfers.

10. Changes to this policy

We may update this policy from time to time. We will post the updated version here and revise the "Last updated" date. Significant changes may be communicated by email.

11. Contact

Questions about this policy or your data? Contact us at tech@djoli.africa.