Security & Transparency

At MCPHub, we believe transparency is the most important factor for security. Instead of hiding behind compliance badges, we give you complete visibility into how your data is being used.

Transparency-First Security

We prioritize transparency over compliance certifications. You can see exactly what happens with your data through our comprehensive request logging and monitoring tools.

πŸ” Complete Request Transparency

The cornerstone of our security approach is giving you complete visibility into every interaction with MCPHub services.

Request History Logging

πŸ“Š MCP Request Monitoring

  • β€’ Every MCP server interaction logged
  • β€’ Complete request parameters visible
  • β€’ Full response data accessible
  • β€’ Response times and status tracking
  • β€’ Server-level usage analytics

πŸ€– LLM Request Tracking

  • β€’ All AI model interactions logged
  • β€’ Token usage and cost transparency
  • β€’ Model selection and parameters
  • β€’ Session and conversation tracking
  • β€’ Performance metrics available

βœ… Access Your Request History

View detailed logs of all your interactions with MCPHub services. See exactly what data was sent, what responses were received, and how your credits were used.

View Request History

πŸ” Authentication & Access Control

Secure Authentication

  • OAuth 2.0 Integration - Secure authentication via Google and GitHub
  • No password storage - We never store or handle your passwords
  • JWT tokens - Secure, stateless authentication for API access
  • Session management - Automatic session expiration and renewal

API Key Security

πŸ”‘ Key Types Available

  • β€’ Permanent Keys - For production LLM applications
  • β€’ Transient Keys - 12-hour expiry for testing
  • β€’ Scoped Permissions - Limited to specific functions
  • β€’ Usage Tracking - Monitor every API call

πŸ›‘οΈ Key Management

  • β€’ Instant Revocation - Delete compromised keys immediately
  • β€’ Usage Analytics - Detect unusual activity patterns
  • β€’ Copy Protection - Secure key display and copying
  • β€’ Audit Trail - Complete history of key usage

🌐 Data Protection & Privacy

Encryption Standards

πŸ”’ Data in Transit

  • β€’ TLS 1.3 encryption for all connections
  • β€’ HTTPS-only communication
  • β€’ Certificate pinning for API endpoints
  • β€’ End-to-end encryption for sensitive data

πŸ’Ύ Data at Rest

  • β€’ AES-256 encryption for stored data
  • β€’ Encrypted database storage
  • β€’ Secure API key storage
  • β€’ Regular security audits

Privacy Principles

  • Minimal data collection - We only collect what's necessary for service operation
  • User-controlled data - You own your data and can delete it anytime
  • No conversation mining - We don't analyze or store your MCP interactions for training
  • Transparent logging - All data usage is visible in your request history

πŸ“ˆ Our Transparency Approach

Why We Choose Transparency Over Compliance Badges

Traditional approach: Companies display SOC 2, GDPR, ISO 27001 badges to signal trustworthiness, but these certifications often obscure what actually happens with your data.

Our approach: Instead of hiding behind compliance frameworks, we give you direct visibility into every interaction with our services through comprehensive request logging and monitoring.

What this means for you: You can see exactly what data is sent to which services, what responses you receive, and how your credits are being used - complete transparency.

πŸ” What You Can Monitor

  • β€’ Request Parameters - See exactly what data is sent
  • β€’ Response Data - View complete responses received
  • β€’ Credit Usage - Track how credits are consumed
  • β€’ Performance Metrics - Response times and success rates
  • β€’ Server Interactions - Which MCP servers were accessed
  • β€’ Error Details - Complete error information when issues occur

πŸ› οΈ Tools for Transparency

  • β€’ Real-time Logging - Immediate visibility into all requests
  • β€’ Exportable Data - Copy request/response data to clipboard
  • β€’ Filterable History - Search and filter by date, server, status
  • β€’ Detailed Analytics - Usage patterns and trends
  • β€’ API Access - Programmatic access to your own logs
  • β€’ No Hidden Processes - Every interaction is logged and visible

πŸ—οΈ Infrastructure Security

Secure by Design

🌐 Network Security

  • β€’ WAF (Web Application Firewall) protection
  • β€’ DDoS mitigation and rate limiting
  • β€’ VPC isolation for sensitive operations
  • β€’ Regular security monitoring and alerting

☁️ Cloud Infrastructure

  • β€’ Enterprise-grade cloud hosting
  • β€’ Multi-region deployment for reliability
  • β€’ Automated backup and disaster recovery
  • β€’ High availability architecture

MCP Server Isolation

Sandboxed Environment

All MCP servers run in isolated containers with limited permissions. They cannot access your personal data or other servers' information without explicit authorization. Every interaction is logged and visible to you.

πŸ“Š How Our Transparency Works

1

Every Request is Logged

When you interact with MCP servers or use LLM services, every request is automatically logged with complete details including parameters, responses, timing, and credit usage.

2

Real-Time Visibility

Access your request history in real-time through the Settings β†’ Request History page. See what's happening with your data as it happens.

3

Exportable Data

Copy any request or response data to your clipboard for analysis, debugging, or record-keeping. Your data is always accessible to you.

4

No Hidden Processes

Unlike services that hide behind compliance frameworks, we show you exactly what happens with your data. No black boxes, no hidden processes.

πŸ”’ Data Protection Practices

What We Protect

  • API Keys - Encrypted storage with secure access controls
  • Authentication Tokens - Short-lived, automatically rotating tokens
  • Request Logs - Encrypted storage with user-controlled access
  • Personal Information - Minimal collection, maximum protection

What We Don't Do

❌ We Never:

  • β€’ Store your MCP server responses for training or analysis
  • β€’ Share your data with third parties without explicit consent
  • β€’ Use your conversations to improve AI models
  • β€’ Hide what data we collect or how we use it
  • β€’ Require you to trust us blindly - everything is transparent

🚨 Security Incident Response

In the unlikely event of a security incident, our transparency-first approach extends to our response:

  • Immediate notification - Users are notified promptly of any security events
  • Complete disclosure - Full details about what happened and what data was affected
  • Transparent timeline - Clear timeline of events and our response actions
  • Preventive measures - Public disclosure of steps taken to prevent future incidents

🀝 Your Security Controls

πŸŽ›οΈ What You Control

  • β€’ API Key Creation - Choose permanent or transient keys
  • β€’ Server Selection - Choose which MCP servers to trust
  • β€’ Data Retention - Request deletion of your data anytime
  • β€’ Access Monitoring - View all access to your account
  • β€’ Service Usage - Enable/disable specific features

πŸ“‹ Security Tools Available

  • β€’ Request History - Complete interaction logs
  • β€’ API Key Management - Create and manage access keys
  • β€’ Usage Monitoring - Track credit consumption
  • β€’ Account Settings - Control your profile and preferences
  • β€’ Data Export - Download your complete data

πŸ’¬ Questions About Security?

We're Here to Help

Have questions about our security practices? Want to understand how your data is handled? We believe in complete transparency and are happy to answer any security-related questions.

Ask Security QuestionsView Your Request History