Privacy Policy

Last updated: March 6, 2026

This Privacy Policy explains how PathFinder collects, uses, stores, shares, and protects your information. By using the Service, you consent to the data practices described in this policy.

1. Definitions

"Service" means the PathFinder software, including the Google Workspace add-on, Vercel Edge proxy, Apps Script library, APIs, and all supporting infrastructure.
"Personal Data" means any information that identifies or can be used to identify you, directly or indirectly.
"Processing" means any operation performed on Personal Data, including collection, storage, use, transmission, and deletion.

2. Data Controller

PathFinder operates as the data controller for the Personal Data collected through the Service. For questions about how your data is processed, contact: support@pathfinder-mcp.com

3. Data We Collect

3.1 Data You Provide

Data	Purpose	Legal Basis
Email address	Account identification, subscription management, service communications	Contract performance
Payment information	Subscription billing (processed by LemonSqueezy — we never receive or store credit card numbers)	Contract performance

3.2 Data Collected Automatically

Data	Purpose	Legal Basis
Apps Script deployment URL	Routing MCP requests to your Google account	Contract performance
API key hashes (SHA-256)	Authentication — plaintext tokens are never stored	Contract performance
Subscription status	Access gating	Contract performance
Audit log entries (timestamp, tool name, success/failure)	Security monitoring, abuse prevention, debugging	Legitimate interest
IP address (transient)	Rate limiting, abuse prevention — not stored beyond request lifecycle	Legitimate interest

3.3 Data We Do NOT Collect

PathFinder is architecturally designed so that your spreadsheet data never passes through our servers.

Spreadsheet content: Your data stays within Google's infrastructure. Code execution occurs inside your Google account via Apps Script. Our proxy forwards requests but does not persist request bodies or response payloads.
Google OAuth credentials: We never access, receive, or store your Google passwords, session cookies, or OAuth refresh tokens.
AI conversation content: We do not see, intercept, store, or process prompts or responses between you and your AI tool.
Browser tracking data: Our landing page does not use cookies, analytics scripts, tracking pixels, or fingerprinting.

4. How Data Flows

When your AI tool sends an MCP request through PathFinder:

The request reaches our Vercel Edge proxy.
The proxy validates your Proxy Token (hash comparison) and checks subscription status via Supabase.
If valid, the proxy forwards the request to your Apps Script deployment URL.
Apps Script executes the code inside your Google account and returns the result to the proxy.
The proxy relays the response to your AI tool.
The proxy logs metadata (timestamp, tool name, success/failure) to the audit log. Request and response payloads are not logged or stored.

5. How We Use Your Data

We use collected data exclusively for:

Authenticating your requests and enforcing permission tiers.
Managing your subscription and processing payments.
Detecting and preventing abuse, fraud, and security threats.
Communicating service-critical information (outages, security incidents, Terms changes).
Improving the reliability and performance of the Service.

We do not:

Sell, rent, or trade your Personal Data to any third party.
Use your data for advertising, profiling, or marketing purposes.
Share your data with third parties for their independent use.
Use your data to train AI models.

6. Third-Party Sub-Processors

We use the following sub-processors to operate the Service:

Provider	Purpose	Data Processed	Location
Supabase	Authentication database	Email, API key hashes, subscription status, audit logs	US (AWS)
Vercel	Edge proxy, landing page hosting	Request metadata (transient), IP addresses (transient)	Global edge network
LemonSqueezy	Payment processing	Email, payment information	US
Google	Apps Script execution	Code executes in your account under your permissions	Per your Google settings

We require all sub-processors to maintain appropriate security measures. We do not transfer your data to any sub-processor not listed here without updating this policy.

7. Data Retention

Data	Retention Period
Account data (email, deployment URL)	Duration of active subscription + 30 days after cancellation
API key hashes	Until token is revoked or account is deleted
Audit log entries	90 days, then automatically deleted
Payment records	As required by LemonSqueezy and applicable tax law

Upon account deletion, all Personal Data under our direct control is permanently deleted within 30 days. Data held by sub-processors is deleted according to their retention policies.

8. Data Security

We implement the following security measures:

All Proxy Tokens are SHA-256 hashed before storage. Plaintext tokens are never persisted.
All data in transit is encrypted via HTTPS/TLS.
Database access is restricted via row-level security (RLS) policies.
Principle of least privilege is applied to all service accounts and API keys.
Infrastructure credentials are stored as environment variables, never in code.

No system is 100% secure. While we take reasonable measures to protect your data, we cannot guarantee absolute security. You are responsible for safeguarding your Proxy Token.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your Personal Data:

9.1 All Users

Access: Request a copy of the Personal Data we hold about you.
Correction: Request correction of inaccurate Personal Data.
Deletion: Request deletion of your Personal Data and account.
Data Portability: Request your data in a structured, machine-readable format.

9.2 EEA/UK Residents (GDPR)

In addition to the above, if you are in the European Economic Area or United Kingdom:

Restriction: Request that we restrict processing of your Personal Data under certain circumstances.
Objection: Object to processing based on legitimate interest.
Withdraw Consent: Where processing is based on consent, withdraw consent at any time without affecting prior processing.
Supervisory Authority: You have the right to lodge a complaint with your local data protection authority.

Legal bases for processing: Contract performance (account operation, subscription management), Legitimate interest (security, abuse prevention, service improvement).

9.3 California Residents (CCPA/CPRA)

Right to Know: You may request disclosure of the categories and specific pieces of Personal Data we collect.
Right to Delete: You may request deletion of your Personal Data, subject to legal exceptions.
Right to Opt-Out of Sale: We do not sell your Personal Data. No opt-out is necessary.
Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

In the preceding 12 months, we have collected: identifiers (email), internet activity (audit logs), and commercial information (subscription status). We have not sold any Personal Data.

9.4 Exercising Your Rights

To exercise any of the above rights, email support@pathfinder-mcp.com with the subject line "Privacy Request." We will verify your identity and respond within 30 days (or sooner where required by law).

10. International Data Transfers

Your data may be processed in the United States and other countries where our sub-processors operate. If you are located outside the United States, you consent to the transfer of your data to the US. We ensure appropriate safeguards are in place for international transfers as required by applicable law.

11. Children

The Service is not directed at individuals under 18 years of age. We do not knowingly collect Personal Data from children. If we learn that we have collected data from a child, we will delete it promptly. If you believe a child has provided us Personal Data, contact us immediately.

12. Cookies and Tracking

The PathFinder landing page and legal pages do not use cookies, analytics scripts, tracking pixels, browser fingerprinting, or any other tracking technology. The Vercel Edge proxy processes requests statelessly and does not set cookies.

13. Do Not Track

We honor Do Not Track (DNT) browser signals. Since we do not engage in tracking, no action is required on our part.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the email address on your account at least 14 days before taking effect. The "Last updated" date at the top reflects the most recent revision. Continued use of the Service after changes constitutes acceptance.

15. Contact

For privacy questions, data requests, or concerns:

Email: support@pathfinder-mcp.com

We aim to respond to all inquiries within 30 days.