Privacy Policy

Your data, your control. Learn how our self-hosted Google Workspace MCP Server prioritizes your privacy and security.

Self-Hosted Complete control over your infrastructure
Local Storage Your credentials never leave your server
No Third Parties Direct connection to Google APIs only

Privacy Overview

Understanding the privacy benefits of self-hosted MCP

Complete Data Sovereignty

The Google Workspace MCP Server is designed as a self-hosted solution, meaning you maintain complete control over your data and infrastructure. Unlike cloud-based services, your sensitive information never passes through third-party servers or external processing systems.

Privacy by Design

Our architecture follows privacy-by-design principles, ensuring that privacy protection is built into the system from the ground up. The server operates as a secure bridge between your AI assistant and Google Workspace, without storing or transmitting your data to external parties.

Transparent Operation

As an open-source project, every aspect of the MCP server's operation is transparent and auditable. You can review the source code, understand exactly how your data is handled, and even modify the implementation to meet your specific privacy requirements.

Data Handling

How your data is processed and stored

1

OAuth Authentication

Your credentials are stored locally in encrypted files on your server. No credentials are transmitted to external services.

2

API Requests

The server makes direct API calls to Google services on your behalf, acting as a secure proxy without data retention.

3

Response Handling

API responses are passed directly to your AI assistant without logging, storing, or processing personal data.

Core Privacy Principles

No Data Retention: The server does not store your emails, documents, calendar events, or other personal data unless you choose to download attachments locally.
Local Encryption: All stored credentials are encrypted using industry-standard encryption methods.
Minimal Processing: Data is processed only as necessary to fulfill API requests and is not analyzed or modified.
Direct Communication: All API requests go directly to Google's servers without intermediary processing.

Self-Hosted Benefits

Advantages of running your own MCP server

Complete Control

You decide where your server runs, how it's configured, and who has access. No dependency on external service providers or their policies.

Full Transparency

Open-source codebase means you can audit every line of code, understand exactly how your data flows, and verify security implementations.

Regulatory Compliance

Meet strict compliance requirements like GDPR, HIPAA, or SOX by keeping all data processing within your controlled environment.

Customization

Modify the server to meet your specific privacy, security, or functional requirements without vendor limitations.

Cost Control

No recurring subscription fees or usage-based charges. Pay only for the infrastructure you choose to use.

Performance

Optimize performance for your specific use case and infrastructure without shared resource constraints.

Managed Cloud

How Workspace MCP Cloud handles your data

Stateless by Default

Cloud deployments run in stateless mode by default. Credentials and session tokens are held in memory for the duration of a request and are never written to disk. File-based debug logging is disabled entirely, and attachments are returned as base64-encoded payloads rather than saved to the filesystem. The result is a deployment with zero persistent state on the host. If your workflow benefits from persistent sessions or disk-based credential storage, stateless mode can be disabled — the full range of storage backends (encrypted disk, Valkey/Redis) is available on request.

Same Options, Managed for You

Every configuration flag available to self-hosted operators is available in a Cloud deployment. The maintainers handle infrastructure, upgrades, and TLS termination — you choose how the server behaves.

Tool tiers Core, Extended, or Complete — choose the surface area your team needs
Read-only mode Restrict the server to read-only OAuth scopes with write tools disabled at startup
Granular permissions Per-service permission levels — e.g. gmail:organize, drive:readonly
Storage backends Memory (default), encrypted disk, or Valkey/Redis for multi-instance session persistence
External OAuth provider Delegate authentication to your own identity system — the server validates bearer tokens only
Custom OAuth client Bring your own Google OAuth client ID so API access stays under your GCP project

Data Path

Cloud instances follow the same data path as self-hosted: your client sends a request, the server calls Google's APIs with the authenticated user's token, and returns the response. No data is logged, cached, or forwarded elsewhere. The server never contacts any endpoint you did not configure.

Security Practices

Built-in security measures and best practices

Authentication & Authorization

  • OAuth 2.0 and 2.1 with PKCE for secure authentication
  • Automatic token refresh without manual intervention
  • Scope-limited permissions following principle of least privilege
  • Read-only mode and granular per-service permission levels
  • Bearer-token multi-user sessions with pluggable storage backends

Data Protection

  • Local credential storage with file-system level encryption
  • No persistent logging of sensitive data
  • HTTPS-only communication with Google APIs
  • Automatic credential rotation and expiry handling
  • Sensitive path blocking — .env, .ssh/, .aws/, and credential files always denied

Infrastructure Security

  • Container-based deployment for isolation
  • Stateless mode — zero disk writes for locked-down containers
  • No external dependencies beyond Google APIs
  • Support for reverse proxy and TLS termination
  • No telemetry, no analytics, no license server, no SaaS dependency

Operational Security

  • Minimal attack surface with focused functionality
  • Regular security updates and dependency management
  • Comprehensive logging for security monitoring
  • Thread-safe session management

Recommended Security Practices

Use HTTPS: Deploy with proper TLS certificates for production use

Firewall Rules: Restrict access to only necessary ports and IP ranges

Regular Updates: Keep the server and dependencies updated with security patches

Monitor Access: Implement logging and monitoring for security events

Compliance & Standards

Meeting modern privacy and security standards

GDPR Compliance

Self-hosting ensures data remains within your jurisdiction and control, making GDPR compliance straightforward. You are the data controller, with no third-party processors involved.

Right to data portability Data minimization Consent management

HIPAA Ready

The self-hosted architecture supports HIPAA compliance requirements by keeping all PHI within your controlled environment and providing necessary security controls.

Administrative safeguards Physical safeguards Technical safeguards

SOX Compliance

Maintains audit trails and data integrity controls required for Sarbanes-Oxley compliance, with full control over access logs and data handling procedures.

Audit trails Access controls Data integrity

ISO 27001 Ready

Implements security best practices aligned with ISO 27001 standards, providing a foundation for information security management systems.

Risk management Security controls Continuous improvement

Compliance Responsibility

While the Google Workspace MCP Server provides the technical foundation for compliance, achieving full compliance depends on your implementation, deployment, and operational practices. Consider consulting with compliance experts for your specific requirements.

Questions About Privacy?

Have questions about our privacy practices or need clarification on how your data is handled? We're committed to transparency and are happy to help.

Open GitHub Issue View Documentation