MCPlato Privacy Policy

Last Updated: 2026-01-27

Overview

MCPlato is a local-first AI-powered office platform. We are committed to protecting your privacy and follow these core principles:

Local First - Your conversations are stored on your device and are not automatically uploaded to cloud servers

Transparent Permissions - Every tool invocation requires your explicit authorization, giving you full control over data access

1. Data Collection

Account Information

To provide our services, we need to collect the following account information:

Email address - Used for account login and important notifications
Password - Stored in encrypted form; we cannot view your plaintext password
Nickname and avatar - Optional, used to personalize your account

If you choose to sign in through a third-party service (Google or Apple), we will obtain your email and basic profile information. We will not access your other third-party service data (such as Gmail, Google Drive, or iCloud) without your authorization.

Device Information

To protect account security and provide technical support, we record:

Device identifier - An automatically generated unique ID that does not contain personally identifiable information
Operating system type and version
Application version number
Last login IP address - Used to detect abnormal login activity

Usage Data

On the server side, we only record the following statistical information:

AI usage - For billing and subscription management
AI model names used - For service optimization
Credit balance - For account management

Important Note: We do not store your conversation content on our servers.

On your device, the following data is stored locally:

Conversation history
Workspace configuration and session information
Tool permission authorization records
Image attachments and user files

Information We Do Not Collect

Conversation content (stored only on your local device)
Your file contents
Your custom keys and configurations
Browsing history or in-app behavioral tracking

2. Data Usage

Service Provision

We use the collected information to:

Verify your identity and manage your account
Synchronize subscription status and credits
Process payments and generate invoices
Provide technical support and customer service

Product Improvement

With your explicit consent, we may collect anonymous usage data for:

Understanding feature usage patterns
Analyzing application performance metrics
Collecting error and crash reports

You can disable anonymous data collection at any time in the application settings.

Communications

We will send you the following types of notifications:

Required Notifications (cannot be unsubscribed):

Account security alerts
Subscription change confirmations
Terms of service update notices

Optional Notifications (can be unsubscribed):

Product update announcements
New feature introductions

3. Data Sharing

AI Service Providers

When you use the AI conversation feature, we send the conversation context to AI service providers. This includes:

Your prompts and questions
Conversation history (as context)
Image attachments (if included in your conversation)

Payment Processing

We use Stripe to process all payment transactions. When you purchase a subscription, the following information is shared with Stripe:

Payment information (credit card number, expiration date)
Billing address
Email address

Stripe complies with PCI DSS Level 1 standards (the highest security level in the payment card industry). We do not store your full credit card number on our servers; we only retain the last four digits for account management purposes.

Third-Party Login Services

If you sign in with a Google or Apple account, these service providers share your basic account information (email, username, avatar) with us for authentication purposes. We do not access your other data on these platforms.

What We Will Not Do

Sell your personal information to third parties
Share your data with advertisers
Share your conversation content without your consent
Use your data for targeted advertising

4. Data Control

Access and Export

You can at any time:

View your account information and subscription history
Request a copy of your personal data stored by us

Modification and Correction

You can modify the following in the application settings:

Nickname and avatar
Email address (requires re-verification)
Password

Data Deletion

Deleting Local Data: You can delete locally stored conversations, workspaces, or all data at any time. Data deleted locally cannot be recovered.

Account Cancellation: You can contact us to cancel your account. After cancellation, the account enters a 30-day recovery period during which you can log in to restore it. After 30 days, the account will be permanently deleted.

Please note that payment records are retained for 7 years as required by tax and financial regulations.

Controlling Data Collection

In your privacy settings, you can:

Disable anonymous statistical data collection
Disable automatic error reporting
Manage marketing email subscription preferences

5. Data Security

Transmission Security

All network communications are encrypted to ensure the security of data during transmission.

Storage Security

Passwords are processed with one-way encryption and cannot be reversed to plaintext
Authentication credentials are protected by signatures to prevent tampering
Local data is protected by the operating system's security mechanisms

We recommend that you enable your operating system's full-disk encryption feature to enhance local data security.

Account Security

We employ multi-layer authentication mechanisms to protect your account security:

Short-term credentials for daily access
Long-term credentials for maintaining login sessions

Each device is managed independently, and you can remotely revoke access for specific devices. The system automatically detects abnormal login behavior to prevent unauthorized account access.

Data Retention

Local Data:

Conversation history - Retained permanently (unless you manually delete it)
Application logs - Automatically cleaned after 3 days

Server Data:

Account information - Deleted 30 days after account cancellation
Payment records - Retained for 7 years (legal requirement)
Usage statistics - Retained permanently (for billing purposes)

6. Protection of Minors

MCPlato services are intended for adult users. You must be at least 18 years old to register an account. If you are between 13 and 18 years old, you must use this service with the consent and supervision of a guardian.

If we discover that an account holder is under 18 years old and has not obtained guardian consent, we will request age verification or delete the account and its associated data.

Parents or guardians who discover that a minor has used MCPlato without permission should contact [email protected], and we will take immediate action to delete the relevant data.

7. Cross-Border Data Transfers

MCPlato's servers and third-party service providers are distributed across multiple regions worldwide. When you use our services, your data may be transferred between different regions:

Account data may be stored on our cloud servers
AI conversation context is sent to model providers' servers
Payment information is sent to Stripe's servers

All cross-border data transfers are encrypted, and only necessary data is transmitted. Your conversation history is stored on your local device by default and is not automatically synced to the cloud.

8. Privacy Policy Updates

We periodically review and update this privacy policy to reflect service changes or legal requirements. Update frequency includes:

Periodic review (at least once a year)
When laws and regulations change
When significant product feature changes occur

For significant changes, we will notify you 30 days in advance through the following means:

Email notification (sent to your registered email)
In-app pop-up notification
Official website announcement

Non-significant changes will be updated on the website with the last updated date noted.

If you do not accept the updated privacy policy, you can cancel your account and export your data before the changes take effect. Continued use of our services will be considered acceptance of the new privacy policy.

9. Contact Us

Privacy-Related Questions

If you have any questions about this privacy policy or need to exercise your data rights, please contact us through the following means:

Email: [email protected] Official Website: https://mcplato.com Response Time: 1-7 business days

Data Protection Complaints

If you believe there are issues with our privacy protection measures, you can file a complaint with us. We take every privacy complaint seriously and will respond within a reasonable timeframe.

Frequently Asked Questions

Can you see my conversation content?

No. Your conversation content is stored on your local device. Our servers do not store conversation content; they only record statistical information such as usage data.

Is my sensitive information secure?

Your sensitive information (such as custom keys) is stored on your local device and is not uploaded to our servers. We recommend that you enable your operating system's full-disk encryption feature to enhance the security of your local data.

How do I completely delete my data?

Delete local data: Completely uninstall the application and clean up local data. Delete server data: Cancel your account, and it will be permanently deleted after 30 days.

Can third-party tools access my data?

Third-party tools may request access to your files or data, which requires your explicit authorization.

Thank you for trusting MCPlato.

We are committed to protecting your privacy and providing a transparent, secure, local-first AI work platform.