Privacy Policy & Terms
Summary: Live Marketing Data MCP connects your Google Analytics, Google Search Console, and Meta Ads accounts to Claude (the AI assistant) so you can query your marketing data in natural language. We access only the data necessary to answer your questions. We do not sell, share, or store your marketing data beyond what is needed to process your request.
1. Who We Are
Live Marketing Data MCP (“we”, “our”, or “the Service”) is a Model Context Protocol (MCP) server that allows users of Claude (Anthropic’s AI assistant) to connect their advertising and analytics platforms and retrieve marketing data through natural language queries.
This Service is operated by PromptFlow. Contact details are provided in Section 10 below.
2. What This Service Does
Live Marketing Data MCP acts as a secure bridge between Claude and your marketing platforms. When you ask Claude a question about your marketing performance (e.g. “Show me my top campaigns this week”), the MCP server:
- Receives the query from Claude.
- Calls the relevant API (Google Analytics 4, Google Search Console, or Meta Ads) using your pre-authorized credentials.
- Returns the data to Claude for analysis and display.
The MCP server runs locally on your machine or in your own environment. Query results are never stored by us.
3. What Data We Collect and Why
3.1 OAuth Access Tokens (Google & Meta)
When you connect Google or Meta accounts, you authorize the Service via OAuth 2.0. The resulting access and refresh tokens are:
- Encrypted using AES-256-GCM before any storage.
- Temporarily held in a secure Supabase database (less than 5 minutes) solely to transfer them from the browser OAuth flow to your locally running MCP process.
- Permanently deleted from our database immediately after your MCP client picks them up.
- Stored locally on your machine in an encrypted file protected by a machine-specific key.
3.2 Configuration Data
The following are stored only on your local machine in an encrypted configuration file:
- Google Analytics 4 property IDs you have selected.
- Google Search Console site URLs you have selected.
- Meta Ads account IDs you have selected.
- Your product license key.
This data never leaves your machine except to authenticate API calls on your behalf.
3.3 API Query Results
Data retrieved from Google Analytics, Search Console, or Meta Ads in response to your queries is passed directly to Claude within your session. We do not log, store, or retain any query results.
3.4 Data We Do NOT Collect
- We do not collect names, email addresses, or personal identifiers (other than what is contained in your license key for activation purposes).
- We do not collect any end-user data from your analytics or advertising audiences.
- We do not use cookies or track browsing behavior.
- We do not collect usage analytics or telemetry from the MCP server.
4. Google API Services — Limited Use Disclosure
Live Marketing Data MCP’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically, data obtained through Google APIs is used exclusively as follows:
| Google API Scope | Permission | Purpose & Use |
|---|---|---|
analytics.readonly |
Read-only access to Google Analytics 4 data | Retrieve website traffic and conversion metrics in response to user queries in Claude. Data is displayed to the user and not stored. |
webmasters.readonly |
Read-only access to Search Console data | Retrieve search performance metrics (clicks, impressions, rankings) in response to user queries in Claude. Data is displayed to the user and not stored. |
We do not:
- Use Google user data to develop, improve, or train AI or machine learning models.
- Sell Google user data to third parties.
- Transfer Google user data to third parties except as necessary to provide the service (i.e., passing results to Claude within your session).
- Use Google user data for advertising or serving ads.
- Allow humans to read your Google user data, unless you have given express permission, we are required to by law, or it is necessary for security purposes.
5. Meta Ads API — Data Use
| Meta API Permission | Purpose & Use |
|---|---|
ads_read |
Read-only access to your Meta ad account performance data (campaigns, ad sets, ads, spend, impressions, clicks). Used solely to answer your queries in Claude. Data is displayed to you and not stored. |
We do not request permissions to manage, create, or modify your Meta ads. We do not share Meta Ads data with third parties.
6. How We Store and Protect Your Data
6.1 Encryption in Transit
All communication between the MCP server, our Supabase backend, and third-party APIs (Google, Meta) uses HTTPS/TLS encryption.
6.2 Encryption at Rest
OAuth tokens are encrypted with AES-256-GCM using a key derived via HKDF before being stored in Supabase. They are automatically deleted from Supabase within 5 minutes (sooner in normal operation). Local configuration files are encrypted with a machine-specific key using Fernet (AES-128-CBC + HMAC-SHA256).
6.3 Temporary Cloud Storage
Encrypted tokens reside in our Supabase database only during the brief handoff period between your browser completing OAuth authorization and your local MCP process collecting the token. Tokens older than 5 minutes are treated as expired and rejected. Row-Level Security policies prevent any access without a valid pickup credential.
6.4 Local Storage
Credentials stored on your machine are accessible only to your user account and are protected by machine-specific encryption. We have no ability to access locally stored credentials.
7. Data Sharing and Third Parties
We do not sell, rent, or share your personal data or marketing data with third parties, with the following narrow exceptions:
- Claude (Anthropic): Query results are sent to Claude within your active session as the core function of the Service. This is governed by Anthropic’s Privacy Policy.
- Supabase: Used as the temporary encrypted token relay. Supabase processes data under its Privacy Policy.
- Legal requirements: We may disclose data if required by law, court order, or governmental authority.
8. Your Rights and Choices
8.1 Revoking Access
You can revoke this application’s access to your Google account at any time via Google Account Permissions. You can revoke Meta access via Facebook App Settings.
8.2 Deleting Local Data
You can delete all locally stored credentials by removing the encrypted configuration file (.mcp_key) from your user data directory. This will require you to re-authorize all connected accounts.
8.3 Data Portability & Erasure
Because we do not retain your marketing data after it is delivered to Claude, there is no stored data to export or erase beyond the encrypted tokens. Any tokens in temporary Supabase storage are automatically purged within 5 minutes. You may request confirmation of erasure by contacting us.
9. Children’s Privacy
This Service is intended for business users managing advertising and analytics accounts. It is not directed at individuals under the age of 18. We do not knowingly collect personal information from minors.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. For material changes, we will notify users via a notice on our website. Continued use of the Service after changes are posted constitutes acceptance of the updated policy.
11. Contact Us
If you have questions, requests, or concerns regarding this Privacy Policy or our data practices, please contact us:
Summary: PromptFlow Pro is a Chrome extension that adds a searchable prompt library sidebar inside ChatGPT, Claude, and Gemini. We collect only what is needed to activate and manage your license. We do not collect your prompts, AI replies, browsing history, or any chat content.
1. What We Collect
1.1 License & Activation Data
To verify your license and manage seat limits, we collect:
- Your license key and license status.
- Activation count and seat usage.
- Short-lived session tokens issued on each activation.
- Trial counters (for free trial management).
- A randomly generated
installIdand your Chrome extension ID — used to identify a device without identifying you personally.
1.2 Purchase Data
When you purchase via LemonSqueezy, a webhook delivers your purchaser email to our server. We store it as a non-reversible hash (SHA-256) for license verification purposes only. We do not store your email in plain text and we do not use it for marketing without your consent.
1.3 What We Do NOT Collect
- Your prompts, AI replies, or model outputs.
- Your browsing history or visited URLs.
- Any content from your ChatGPT, Claude, or Gemini sessions.
- Personal documents or clipboard contents.
2. Where Data Is Stored
| Data | Location | Retention |
|---|---|---|
| License snapshot & UI preferences | chrome.storage.local (your device) | Until extension is uninstalled |
| License records, activations, sessions, trials | Cloudflare D1 (our server) | While license is active + reasonable fraud-prevention period |
| Hashed purchaser email | Cloudflare D1 (our server) | Same as above |
| Session tokens | Cloudflare D1 (our server) | Auto-expire after 72 hours |
3. How We Use Your Data
- To verify and activate your license.
- To run and enforce trial limits.
- To issue short-lived session tokens for authenticated requests.
- To enforce seat limits and prevent license abuse.
- To provide customer support.
4. Third-Party Services
| Service | Purpose |
|---|---|
| Cloudflare Workers & D1 | Licensing backend hosting and database |
| LemonSqueezy | Payment processing and license delivery |
We do not sell personal data to any third party. Legal disclosure may occur if required by law.
5. Security
All communication between the extension and our licensing server uses HTTPS. Session tokens are signed and short-lived. We apply least-privilege access across all infrastructure.
6. Children’s Privacy
PromptFlow Pro is not intended for children under 13. We do not knowingly collect data from minors.
7. Your Rights
Under GDPR and CCPA, you have the right to access, correct, or delete personal data we hold about you. To exercise these rights, email support@promptflow.digital. You may also uninstall the extension at any time, which removes all local data.
8. Contact
These Terms of Service apply to all PromptFlow products: Live Marketing Data MCP and PromptFlow Pro (Chrome extension), operated by PromptFlow / AR2OUR.
1. License & Use
We grant you a non-exclusive, non-transferable license to use PromptFlow products subject to the seat limits of your purchased plan. You may not:
- Reverse engineer, decompile, or disassemble any part of our software.
- Resell, sublicense, or share license keys beyond purchased seats.
- Use the software for any illegal purpose or in violation of applicable laws.
2. Payments & Refunds
Payments are processed by LemonSqueezy and are subject to their terms and refund policies. Fraudulent chargebacks or disputed transactions may result in immediate license revocation. The Live Marketing Data MCP is sold as a one-time purchase; PromptFlow Pro may be sold as one-time or subscription depending on the plan.
3. Seat Management & Anti-Abuse
Licenses are limited to the number of seats purchased. We may require purchaser email verification to replace devices once seats are full. Excessive device changes or concurrent usage beyond your plan may be rate-limited or suspended.
4. Third-Party Services
Our products integrate with third-party platforms including Google Analytics, Google Search Console, Meta Ads, ChatGPT (OpenAI), Claude (Anthropic), and Gemini (Google). Your use of those platforms is governed by their respective terms. We are not responsible for their availability, behavior, or results.
5. Acceptable Use
You agree not to use our products to generate illegal content, infringe intellectual property rights, or conduct activities that harm our services or other users. We reserve the right to suspend or terminate access to protect service integrity.
6. Intellectual Property
All PromptFlow software, branding, and content is owned by AR2OUR / PromptFlow. No intellectual property rights are transferred to you under these Terms.
7. Warranty Disclaimer
Our products are provided “as is” and “as available” without warranties of any kind, express or implied, including fitness for a particular purpose or uninterrupted availability.
8. Limitation of Liability
To the maximum extent permitted by applicable law, PromptFlow shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of profits, data, or business opportunities, arising from your use of our products.
9. Termination
You may stop using our products at any time. We may suspend or terminate your access for violations of these Terms, fraudulent activity, or to protect the integrity of our services. Upon termination, your license rights cease immediately.
10. Changes to Terms
We may update these Terms from time to time. Continued use of our products after changes are posted constitutes acceptance of the updated Terms. We will update the “Last updated” date at the top of this page for any material changes.
11. Governing Law
These Terms are governed by the laws of your country of residence, subject to mandatory local consumer protections that cannot be waived by contract.