Skip to content
English
Contact us
  • There are no suggestions because the search field is empty.

MCP Server privacy policy

1. Scope

This Privacy Policy applies only to the Spaces MCP Server operated by Technis for access through Model Context Protocol (MCP) clients, including clients such as ChatGPT and other AI assistants that can call MCP tools.

This Privacy Policy applies to data processed by the Spaces MCP Server when a user:

  • authenticates to the MCP server;
  • sends tool requests to the MCP server;
  • receives data from the MCP server in response to those requests; or
  • uses the MCP server through an MCP client that intermediates requests and responses.

This Privacy Policy does not replace the broader Technis privacy and data processing documentation for websites, products, or services outside th MCP Server. Where another Technis policy also applies, this document is intended to be the service-specific notice for the MCP server.

2. Controller and Contact

The joint data processors are Technis SA, a Swiss company with its head office at Place de la Gare 10, 1003 Lausanne, Switzerland and Technis s.a.s., a French company with its head office at 242, boulevard Voltaire, 75011 Paris, France. (hereinafter jointly referred to as “data controller” or “Technis”).

    For privacy questions or rights requests, you may contact: dpo@technis.com

    3. What the Technis MCP Server Does

    The Technis MCP Server allows authorized users to access their private workspace data through MCP tools. Depending on the tool used, the server may return information about:

    • the authenticated user and their access context;
    • their organization and its settings;
    • sites, zones, passages, devices, floor plans, and analytics metrics;
    • reports and shared reports;
    • permissions, roles, and other authorization-related context needed to answer the request.

    This information helps Technis or the used MCP client such as ChatGPT to fulfill user's requests.

    4. Categories of Personal Data We Process

    Depending on the tool invoked and the user’s permissions, the Spaces MCP Server may process and return the following categories of personal data.

    4.1 Account and profile data

    • user ID;
    • first name and last name;
    • full display name;
    • email address;
    • phone number;
    • profile picture URL;
    • preferred language;
    • account status;
    • account creation date and recent connection metadata;
    • custom profile attributes associated with the user account.

    4.2 Organization and membership data

    • organization membership and organization IDs;
    • organization names, types, parent relationships, and status;
    • membership role data and permission-related data;
    • organization domains;
    • organization main contact details;
    • organization address, phone number, country, and language;
    • organization entitlements and product access;
    • organization attributes and configuration fields.

    4.3 Report, workspace, and attribution data

    • report ownership or attribution fields such as user ID or user name;
    • organization context attached to reports or dashboards;
    • shared report metadata;
    • resource identifiers for sites, zones, passages, floor plans, and devices when those identifiers are associated with a user’s authorized workspace context.

    4.4 Audit, operational, and diagnostic data

    • creator and updater fields such as createdBy and updatedBy;
    • timestamps such as createdAt, updatedAt, and lastConnectionAt;
    • access-control context used to enforce permissions;
    • request metadata, server logs, audit logs, and troubleshooting records;
    • nested data structures returned by tools where user-related or organization-related fields appear inside another object;
    • technical and debug information generated during operation, error handling, abuse prevention, or support.

    4.5 Authentication and security data

    • authentication context derived from the user session or access token;
    • organization context associated with the authenticated session;
    • security and authorization metadata required to validate access and enforce permissions.

    5. Data We Do Not Collect Through the MCP Server

    The Spaces MCP Server is not designed to solicit or require:

    • passwords;
    • multi-factor authentication codes;
    • payment card data;
    • government-issued identification numbers;
    • special-category or sensitive health data;
    • biometric identifiers;
    • queries made to the MCP clients such as ChatGPT.

    Users should not provide that data through MCP prompts or tool arguments unless Technis has expressly documented a specific supported workflow requiring it.

    6. Sources of Personal Data

    We obtain personal data processed through the Technis MCP Server from:

    • the authenticated user;
    • your organization or workspace administrator;
    • Technis account, access-management, and authorization systems;
    • Application data and associated backend services;
    • MCP client requests and tool arguments sent on the user’s behalf.

    7. Why We Process This Data

    We process personal data through the Spaces MCP Server to:

    • authenticate users and establish their session context;
    • verify permissions and enforce access controls;
    • retrieve and return the workspace data requested by the user;
    • provide organization, reporting, analytics, and operational features;
    • show attribution, ownership, or membership context where relevant to the requested result;
    • maintain security, integrity, and abuse prevention controls;
    • log, monitor, diagnose, and fix service errors;
    • comply with legal, regulatory, audit, and contractual obligations.

    8. Legal Bases

    Where applicable under Swiss, EEA, or UK privacy law, we process personal data for one or more of the following reasons:

    • performance of a contract or pre-contractual steps;
    • our legitimate interests in operating, securing, supporting, and improving the Spaces MCP Server;
    • compliance with legal obligations;
    • consent, where consent is specifically required by applicable law or a particular workflow.

    9. How the MCP Server Shares Data

    Technis may share personal data processed through the Spaces MCP Server with:

    • affiliated Technis entities involved in operating the service;
    • infrastructure, hosting, security, analytics, logging, and support providers acting on our behalf;
    • the customer organization that administers the workspace;
    • legal, regulatory, or public authorities where required by law;
    • another recipient where disclosure is necessary to establish, exercise, or defend legal claims.

    If you use the Technis MCP Server through a third-party MCP client, including ChatGPT or another AI assistant, that client provider will also receive the prompts, tool arguments, and MCP server responses shown in the client. That third-party provider processes data under its own terms and privacy policy, not under this Privacy Policy alone.

    10. International Transfers

    Technis may process data using service providers located in jurisdictions outside the user’s country. Where required by applicable law, Technis will use appropriate safeguards for international transfers.

    If the Technis MCP Server is accessed through a third-party MCP client, that client provider may independently transfer or process prompts and responses in other jurisdictions under its own legal terms and safeguards.

    11. Retention

    We retain personal data processed through the Technis MCP Server only for as long as reasonably necessary for:

    • the user-facing functionality requested;
    • security monitoring and access-control enforcement;
    • troubleshooting and support;
    • audit and compliance obligations;
    • contractual and legal recordkeeping requirements.

    Retention periods may differ depending on the type of data, the customer relationship, the tool invoked, and any legal or security obligations that apply.

    12. Security

    Technis applies technical and organizational measures intended to protect data processed through the MCP Server against unauthorized access, misuse, loss, disclosure, or alteration. These measures include access control, permission enforcement, logging, and service-level security controls appropriate to the system and its risk profile.

    13. User Rights

    Subject to applicable law, users may have the right to:

    • access their personal data;
    • request correction of inaccurate data;
    • request deletion of data in certain circumstances;
    • request restriction of processing;
    • object to certain processing;
    • request portability where applicable;
    • withdraw consent where processing relies on consent.

    Rights requests may be limited where Technis must retain or process data for security, contractual, legal, or compliance reasons, or where the data is managed under a customer organization’s administrative control.

    14. Service-Specific Transparency for MCP Responses

    Because the Technis MCP Server may return structured objects to an MCP client, personal data may appear:

    • as top-level fields;
    • inside nested objects;
    • in membership, role, attribution, or organization sub-objects;
    • in audit, operational, or diagnostic metadata;
    • in identifiers and labels associated with the user’s authorized workspace context.

    This policy is intended to cover those structured and nested response fields, including user-related, organization-related, attribution-related, audit-related, and debug-related data that may be returned where relevant to the requested workflow.

    15. Changes to This Policy

    Technis may update this Privacy Policy from time to time to reflect changes to the Technis MCP Server, applicable law, security practices, or the categories of data processed by the service. The latest version should be published wherever the Technis MCP Server privacy notice is made available to users and reviewers.