Legal

Privacy Policy

Last updated: 21 June 2026

This Privacy Policy explains how Comis d.o.o. (“Comis”, “we”, “us”) processes personal data in connection with the MCP Peek desktop application and the mcppeek.com website. MCP Peek is local-first by design: most of what you do happens on your machine and never reaches us.

Data controller:
Comis d.o.o.
Dalmatinova ulica 8
1000 Ljubljana, Slovenia
Company reg. no. 2238047000 · VAT SI48786853
support@mcppeek.com

In short

• The app runs locally — your server configurations, the MCP traffic you inspect, and your results stay on your machine. The app’s UI makes no network calls of its own.
• Connection secrets (bearer tokens, OAuth credentials) are stored in your operating system’s keychain, not by us.
• Crash reports are on by default but can be turned off; they are EU-hosted and scrubbed of arguments, URLs and secrets.
• Product analytics are off by default and opt-in.
• The website sets no cookies and embeds no third-party tracking scripts. When you click a download button we record a single anonymous, cookieless event (which platform) to count downloads — no personal data, so no cookie banner is needed.
• We never sell your personal data.

What stays on your device

Your server configurations and the MCP requests and responses you inspect or proxy remain on your machine. The application does not transmit them to us. Connection secrets are stored in your operating system’s secure store — Keychain on macOS, Credential Manager on Windows, and the Secret Service / libsecret on Linux.

Data we process, and why

Crash reports (EU-hosted)

To diagnose and fix stability problems, the app sends automatic crash reports. These are on by default and can be disabled at any time in the app’s settings, and are stripped of arguments, URLs and secrets before they leave your machine — a report tells us where the app failed, not what you were inspecting. Crash data is processed on our behalf by a specialist crash-reporting provider hosted in the European Union. Legal basis: our legitimate interest in the security and stability of the Software (Art. 6(1)(f) GDPR).

Product analytics (opt-in, EU)

We collect product-usage analytics only if you explicitly enable them. When enabled, we process limited, pseudonymous usage signals through an EU-based product-analytics provider; analytics never include your server configurations or MCP traffic. Legal basis: your consent (Art. 6(1)(a) GDPR), which you can withdraw at any time by turning analytics off.

Purchases & licensing — Lemon Squeezy

Purchases of MCP Peek Pro are processed by Lemon Squeezy, which acts as our Merchant of Record and as an independent controller for payment processing under its privacy policy. Lemon Squeezy handles your name, email and billing/payment details; we receive only the information needed to deliver and support your licence (such as your order and licence key and the email address associated with the purchase). We do not receive or store your full card details. When you activate Pro, the app contacts our own licensing service with your licence key and a randomly generated device identifier (a UUID — not a hardware fingerprint); no email or machine details are sent, and the service confirms your purchase with the payment provider server-side. Legal basis: performance of a contract (Art. 6(1)(b)) and compliance with our legal obligations, such as tax and accounting (Art. 6(1)(c)).

Waitlist sign-ups

If you submit your email to be notified about availability, we process that email to send you launch updates. Submissions are handled by a third-party form provider on our behalf, and we may use an email-delivery provider to contact you. Legal basis: your consent (Art. 6(1)(a)). You can ask us to remove you at any time.

Support requests

If you email us, we process your email address and the contents of your message to respond. Legal basis: our legitimate interest in responding to you, or taking steps at your request (Art. 6(1)(f)/(b)).

Feedback, bug reports & changelog

If you post feedback, feature requests, bug reports, comments or votes, or subscribe to our changelog, this is handled on our behalf by a third-party feedback and changelog provider. It processes the name and email you provide, the content you submit, and basic usage data, so we can manage feedback, respond, and keep you informed about changes. The feedback and changelog portal runs on a separate subdomain operated by that provider under its own privacy and cookie notices. Legal basis: your consent when you choose to participate (Art. 6(1)(a)) and our legitimate interest in supporting and improving the Software (Art. 6(1)(f)).

Website hosting & downloads

The website and application downloads are served through our hosting and content-delivery (CDN) provider. Like any web server, it processes technical request data such as IP address, user-agent and timestamps to deliver content and protect against abuse. Legal basis: our legitimate interest in operating and securing the Services (Art. 6(1)(f)).

Download analytics (anonymous, EU)

When you click a download button on this website, we send a single anonymous event to our EU-based product-analytics provider recording which platform you chose (and, if present, the referring site and campaign parameters), so we can count downloads and see which channels they come from. This event sets no cookies, stores nothing on your device, creates no user profile, and contains no personal data — it is analysed only in aggregate. Legal basis: our legitimate interest in measuring downloads (Art. 6(1)(f) GDPR).

Cookies

This website (mcppeek.com) does not use advertising cookies and embeds no third-party tracking scripts. The anonymous download event described above sets no cookies and stores nothing on your device. Our hosting/CDN provider may set strictly necessary cookies to protect and deliver the site. Because we set no non-essential cookies here, no cookie-consent banner is required on this website. Our feedback and changelog portal is hosted on a separate subdomain by a third-party provider, which may set its own cookies and is governed by that provider’s privacy and cookie notices.

Recipients of your data

We share personal data only with the service providers needed to run the Services, acting as our processors (or, for payments, as an independent controller). By category, these are:

• a crash-reporting provider (EU-hosted);
• a product-analytics provider (EU) — for opt-in app analytics and anonymous website download events;
• Lemon Squeezy — our payment provider and Merchant of Record (named because it is the seller of record for your purchase);
• a form-handling and email-delivery provider — for waitlist sign-ups;
• a feedback, bug-tracking and changelog provider — for our public feedback board and changelog; and
• a hosting and content-delivery (CDN) provider — for the website and downloads.

We can provide the specific identity of any current provider on request. We do not sell personal data or share it for third-party advertising.

International transfers

Crash reporting and opt-in analytics are hosted in the EU. Some providers — for example our payment provider — may process data outside the European Economic Area. Where data is transferred outside the EEA, we rely on an adequacy decision or appropriate safeguards such as the European Commission’s Standard Contractual Clauses.

Retention

• Crash reports: kept only as long as needed to investigate stability issues, then deleted or aggregated.
• Analytics: retained while you keep analytics enabled.
• Purchase & licence records and invoices: retained for as long as required by applicable tax and accounting law.
• Waitlist: until you unsubscribe or shortly after launch communications are complete.
• Support emails: kept as long as needed to handle your request and for a reasonable period afterwards.

Your rights

Subject to applicable law, you have the right to access, rectify, erase, restrict or object to the processing of your personal data, to data portability, and to withdraw any consent you have given. To exercise these rights, email support@mcppeek.com. You also have the right to lodge a complaint with a supervisory authority — in Slovenia, the Information Commissioner (Informacijski pooblaščenec, ip-rs.si) — or with the authority in your country of residence.

Security

We apply appropriate technical and organisational measures to protect personal data, including storing connection secrets in your OS keychain, scrubbing crash reports before transmission, and using encryption in transit. No method of transmission or storage is completely secure, but we work to protect your information.

Children

MCP Peek is a developer tool intended for professional use and is not directed to children. We do not knowingly collect personal data from anyone under 16.

Changes to this policy

We may update this Privacy Policy from time to time. We will post the current version here with a revised “Last updated” date and, for material changes, provide reasonable notice.

Contact

Questions about your data or this policy? Email support@mcppeek.com.