Privacy Policy
Last Updated: January 1, 1970
1. Introduction
This privacy policy describes how GTM MCP Server ("we", "our", or "the service") handles your information. This service is operated from Poland, European Union, and complies with GDPR requirements.
2. Information We Collect
We do not collect, store, or process any personal information beyond what is strictly necessary for authentication.
What we DO NOT collect:
- No analytics or tracking tools
- No cookies (except session authentication)
- No user activity logging
- No personal data storage
- No advertisements or third-party trackers
- No CAPTCHA services
3. OAuth Authentication
We use Google OAuth 2.0 for authentication. During the sign-in process:
- You are redirected to Google's authentication page
- We receive an access token to interact with Google Tag Manager on your behalf
- The token is stored temporarily in your browser session
- We only request the minimum necessary permissions to access Google Tag Manager
4. Data Storage
This service is hosted on Cloudflare Workers:
- Session tokens are stored temporarily in Cloudflare Durable Objects for authentication
- No user data is permanently stored
- Sessions expire and are automatically deleted
- We do not have access to or store your Google account credentials
5. Google Tag Manager Access
The service requests access to your Google Tag Manager data to:
- List and view your GTM accounts, containers, and workspaces
- Create, read, update, and delete tags, triggers, and variables
- Publish container versions
All GTM operations are performed on your behalf and with your explicit consent through AI assistant interactions.
6. Data Sharing
We do not share any data with third parties. The only external service involved is:
- Google OAuth: For authentication purposes only
- Google Tag Manager API: To perform operations you request through your AI assistant
7. Your Rights (GDPR)
As a user in the European Union, you have the following rights:
- Right to Access: Request what data we have (none, beyond temporary session tokens)
- Right to Deletion: Request deletion of your session (automatic upon expiry)
- Right to Data Portability: Not applicable as we store no personal data
- Right to Withdraw Consent: Simply disconnect the service from your AI assistant
8. Security
- All connections use HTTPS encryption
- Session tokens are securely stored in Cloudflare Durable Objects
- OAuth tokens are never exposed in URLs or logs
- No persistent storage of credentials
9. Children's Privacy
This service is not intended for users under 16 years of age. We do not knowingly collect information from children.
10. Changes to Privacy Policy
We may update this privacy policy from time to time. The "Last Updated" date will be revised accordingly.
11. Contact
For privacy concerns or questions, please contact us through the GitHub repository.
12. Open Source
This service is open source. You can review the complete source code to verify our privacy claims at our GitHub repository.