Privacy Policy

Last updated: January 2026

What we collect

When you use Google MCP Server, we store:

• API Key - A randomly generated key to authenticate your MCP client
• OAuth Tokens - Access and refresh tokens from Google to make API calls on your behalf
• Scopes - Which Google products you authorized (Calendar, Sheets)

What we don't collect

• Your Google password
• Your email address or personal information
• Your calendar events or spreadsheet data
• Usage logs or analytics

How your data flows

When your AI assistant makes a request:

• Your MCP client sends the request to our server with your API key
• We use your stored OAuth token to call Google's API
• Google's response passes through our server to your client
• We do not log, store, or inspect the content of these requests

Data retention

• API keys and tokens - Stored until you revoke them or they expire
• OAuth states - Temporary data deleted after 10 minutes

How to delete your data

You can delete all your stored data at any time:

• Delete your API key: curl -X DELETE https://google-mcp.openbsp.dev/key/YOUR_API_KEY
• Revoke from Google: Google Account Permissions

Third parties

We use:

• Cloudflare - Hosting and infrastructure
• Google APIs - Calendar and Sheets access

We do not sell or share your data with any other third parties.

Contact

For questions about this policy, open an issue on GitHub.

← Back to home