Back to home
MCPity

MCPity Studio

AI → Engine

Privacy

Privacy Policy

Last updated: April 2026
01

Information We Collect

Account Information

When you register, we collect your email address, display name, and authentication credentials. If you sign in via GitHub, we receive your GitHub profile information as permitted by your GitHub settings.

Usage Data

We collect information about how you use the Service, including generation requests (prompts and metadata, not full outputs), project activity, engine connection events, and feature usage patterns.

Payment Information

Payment processing is handled by Stripe. We do not store your credit card number. We receive and store your Stripe customer ID, subscription status, and billing history.

Technical Data

Browser type, device information, IP address, and log data for security and performance monitoring.

02

API Keys & BYOK Data

Your Claude API key is encrypted at rest using AES-256 encryption in our Supabase database. Your API key is only decrypted server-side during generation requests you initiate. We never log, proxy, or intercept the content of your API calls. API key validation occurs via a secure edge function and the result (valid / invalid) is stored - never the key itself in plaintext.

03

How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve the Service
  • Process subscriptions and NOVA generation payments
  • Enforce tier-based usage limits (generation counts, cloud engine time, MCP connections)
  • Send transactional emails (confirmations, password resets, billing receipts)
  • Monitor and prevent abuse or unauthorized access
  • Improve AI prompt quality via aggregated, anonymized usage analytics
04

Data Storage & Security

Your data is stored in Supabase (hosted on AWS) with row-level security (RLS) policies ensuring you can only access your own data. All connections use TLS encryption in transit. Cloud engine sessions are ephemeral - session data is saved to Supabase Storage but cloud containers are destroyed after session end. We use Vercel for frontend hosting with automatic HTTPS.

05

Generated Code & Content

AI-generated code outputs belong to you. We do not claim ownership of code generated using your API key. Prompts and generation metadata may be retained for your generation history feature and are deleted according to your tier's retention period (session-only for Free, 90 days for Pro, 365 days for Premium). NOVA video/VFX outputs are stored in Supabase Storage and are accessible to you; they may be deleted after 90 days of account inactivity.

06

MCP Bridge & Engine Connections

When you connect a game engine (Unity, Unreal, Blender) via the MCP Bridge, connection metadata (engine type, plugin version, connection status) is logged. Scene context data exchanged over the bridge is processed in real-time and not permanently stored unless you explicitly save it (e.g., viewport snapshots, scene exports). WebSocket connections are authenticated via plugin auth tokens tied to your account.

07

Third-Party Services

We use the following third-party services:

Supabase

Database, auth, storage, real-time

Stripe

Payment processing & subscriptions

Vercel

Frontend hosting & edge functions

RunPod

GPU for cloud engine & NOVA

Anthropic

Claude AI via your BYOK key

Resend

Transactional email delivery

Each third-party service is bound by its own privacy policy. We share only the minimum data required for each service to function.

08

Cookies & Tracking

We use essential cookies for authentication session management (Supabase auth tokens). We do not use third-party advertising cookies or tracking pixels. We may use anonymized analytics to understand feature usage patterns.

09

Your Rights

You have the right to:

  • Access your personal data stored in our systems
  • Correct inaccurate information via the Settings page
  • Delete your account and associated data
  • Export your scripts, projects, and generation history
  • Revoke your API key at any time via the Settings page

To exercise these rights, contact us at hi@mcpity.com or use the in-app Settings page.

10

Data Retention

Account data is retained while your account is active. Upon account deletion, personal data is removed within 30 days. Anonymized aggregate usage data may be retained indefinitely for service improvement.

Generation History Retention by Tier

Free

Current session

Pro

90 days

Max

365 days

11

Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we discover we have inadvertently collected such data, we will delete it promptly.

12

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 14 days before taking effect. The "Last updated" date at the top of this page reflects the most recent revision.

13

Contact

For privacy-related questions or requests, contact us at hi@mcpity.com.

Terms of Service·Create Account·Sign In

© 2026 MCPity. All rights reserved.