The security of MCP Analytics is our top priority. If you discover a security vulnerability, please follow these steps:

• Do not open a public GitHub issue
• Do not discuss the vulnerability publicly
• Do not exploit the vulnerability beyond verification

1. Email us immediately at security@mcpanalytics.ai
2. Include the following information:
   • Type of vulnerability
   • Affected components
   • Steps to reproduce
   • Potential impact
   • Any proof of concept (if available)

• We will acknowledge receipt within 24 hours
• We will provide a detailed response within 72 hours
• We will work with you to understand and resolve the issue
• We will credit you in our security acknowledgments (unless you prefer to remain anonymous)

• OAuth2 with PKCE flow via Auth0
• API key rotation and management
• Rate limiting per API key
• Session timeout controls

• TLS 1.3 for all data in transit
• AES-256 encryption for data at rest
• Ephemeral processing (no data persistence)
• Isolated Docker containers per analysis

• Regular security audits
• Automated vulnerability scanning
• DDoS protection via Cloudflare
• WAF (Web Application Firewall)
• Regular penetration testing

• No data retention after processing
• User data deletion upon request
• Encrypted data transmission
• Isolated processing environments

• Never share your API keys
• Rotate keys regularly
• Use environment variables for key storage
• Revoke compromised keys immediately

• Never upload sensitive data without proper authorization
• Ensure PII is properly anonymized
• Use encrypted connections only
• Verify report sharing permissions

• Keep MCP clients updated
• Review OAuth permissions carefully
• Monitor usage logs for anomalies
• Use separate keys for different environments

Security updates are released as soon as possible after discovery and verification.

• Email notifications to registered users
• Security advisory on GitHub
• Announcement on our Discord server
• Update on status.mcpanalytics.ai

• Latest version: Full security support
• Previous minor version: Critical security fixes only
• Older versions: Best effort basis

• Security architecture documentation
• Privacy policy details
• Data handling procedures
• Enterprise security options

For enterprise compliance requirements, please contact sales@mcpanalytics.ai

For security concerns, contact us at:

• Email: security@mcpanalytics.ai
• PGP Key: Available at mcpanalytics.ai/pgp

For general support:

• Email: support@mcpanalytics.ai
• Website: mcpanalytics.ai

Last updated: January 2025

Thank you for helping us keep MCP Analytics secure! 🔒