Privacy Policy
Last updated: July 2, 2026
Toolport is a local-first MCP gateway. This policy explains what data we do and don't collect across the Toolport desktop app, the marketing site at toolport.app, and the hosted Toolport Teams service. Toolport is operated by South Forge AI ("we", "us"). Questions: support@toolport.app.
The short version
The Toolport desktop app and its gateway run entirely on your machine. Your MCP server credentials (API keys and OAuth tokens) are stored in your operating system's keychain and are never sent to us. The app has no account and no telemetry, and it does not phone home. We only receive data when you use our website or sign up for the hosted Teams service.
The desktop app and gateway
- Credentials stay local. Keys and tokens for the MCP servers you connect live in your OS keychain (macOS Keychain, Windows Credential Manager, or the Linux Secret Service) and are injected at runtime. They never leave your device.
- No telemetry. The app does not collect usage analytics or transmit your servers, tools, or activity to us. Diagnostics you choose to export are shown to you first and shared only if you send them.
- Updates. To check for new versions, the app requests a small release manifest from GitHub. That request is subject to GitHub's own privacy practices.
The website (toolport.app)
- Analytics. We use privacy-conscious analytics (Cloudflare Web Analytics and PostHog) to understand aggregate traffic and which pages are useful. We do not sell this data.
- Contact / lead forms. If you submit an email through a form (for example, a Teams inquiry), we store it to reply to you and may send it to ourselves by email.
Hosted Toolport Teams
If you create or join a hosted Teams account, we store what's needed to run it:
- Account identity: your email address and, if you sign in with GitHub or Google, the identifier and basic profile that provider returns.
- Team data: team and membership records, roles, seat count, and the team's shared MCP server configuration. Server secrets are stripped before that configuration is stored, so members' API keys never leave their own machines.
- Billing state: subscription and seat status. Card details are handled by Stripe; we never see or store them.
- Session: a login cookie so you stay signed in.
Sub-processors
Hosted Teams and the website rely on a small set of providers, each handling only what their function requires:
- Neon — hosted Postgres database (account and team records).
- Resend — transactional email (magic-link sign-in).
- Stripe — payment processing.
- GitHub and Google — optional OAuth sign-in.
- Cloudflare — website hosting and analytics.
- PostHog — product/website analytics.
Retention
We keep hosted Teams account and team data while your account is active. Close your account, or email support@toolport.app, and we delete it (subject to any records we're legally required to keep, such as billing history).
Your rights
You can request access to, export of, or deletion of the personal data we hold about you by emailing support@toolport.app. Depending on where you live, you may have additional rights under laws such as the GDPR or CCPA; we honor those requests.
Children
Toolport is a developer tool and is not directed to children under 16. We do not knowingly collect their data.
Changes
We'll update this page and the date above when this policy changes. Material changes to the hosted service will be communicated by email where appropriate.
Contact: support@toolport.app