SCALABLY.

Connector Privacy Policy

Applies to ScalablyAI open-source MCP connectors · Last updated June 2026

ScalablyAI publishes open-source MCP connectors (such as the Shopify Admin MCP) that run locally on your own machine, under your own credentials. They are thin, read-only bridges between your MCP client and a third-party API. This policy describes how they handle data.

Data collection

The connectors collect no personal data and contain no telemetry, analytics, tracking, or external reporting. They do not phone home to ScalablyAI or anyone else.

Data usage

Any data you query from a connected service (e.g. your Shopify store) is returned to your local MCP client solely to fulfil your request. It is not used for any other purpose.

Data storage

The connectors store nothing persistently. Credentials and access tokens are held in memory only for the life of the running process and are never written to disk. The only network destination is the connected service's own official API.

Third-party sharing

None. Data flows only between your machine and the connected service's API. No third party — including ScalablyAI, the connector's author — ever receives your data or credentials.

Data retention

No data is retained after the connector process exits.

Security

• Network destinations are restricted by an allowlist (e.g. Shopify connector only contacts *.myshopify.com), defeating SSRF.
• Access tokens, client secrets, and API token prefixes are redacted from all logs and error messages.
• The Shopify connector is read-only and rejects write operations at the query-parser level before any request is sent.

Contact

Questions about this policy: [email protected]

← Back to scalably.io