Privacy Policy

Last updated: August 7, 2025

FedMCP Exchange ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

Information We Collect

Account Information

  • Name and email address
  • Organization name and type
  • Government agency affiliation (if applicable)
  • OAuth provider information (GitHub, Google, Microsoft)

Usage Information

  • Connector downloads and usage patterns
  • API access logs and audit trails
  • License validation requests
  • Error logs and performance metrics

Technical Information

  • IP addresses (anonymized after 30 days)
  • Browser type and version
  • Operating system information
  • Session cookies (essential for authentication)

How We Use Your Information

Service Delivery

  • • Provide access to FedMCP connectors
  • • Process license validations
  • • Deliver technical support
  • • Send service notifications

Security & Compliance

  • • Maintain audit logs for compliance
  • • Detect and prevent fraud
  • • Ensure license compliance
  • • Monitor for security threats

Improvement

  • • Analyze usage patterns
  • • Improve connector performance
  • • Develop new features
  • • Enhance user experience

Communication

  • • Send account updates
  • • Notify about new connectors
  • • Share security advisories
  • • Provide compliance updates

Government Compliance

FedRAMP & FISMA Alignment

FedMCP Exchange operates in alignment with federal privacy requirements:

  • Data is stored in FedRAMP-authorized cloud environments
  • Access controls follow NIST 800-53 guidelines
  • Audit logs maintained per FISMA requirements
  • Annual security assessments conducted

Data Sharing and Disclosure

We DO NOT:

  • Sell your personal information
  • Share data for marketing purposes
  • Use data for advertising

We MAY share data:

  • With service providers under strict confidentiality agreements
  • To comply with legal obligations or court orders
  • To protect against fraud or security threats
  • With your explicit consent

Data Security

Encryption

All data encrypted at rest and in transit using industry standards

Access Control

Role-based access with multi-factor authentication

Monitoring

24/7 security monitoring and incident response

Your Rights

You have the right to:

Access Your Data

Request a copy of your personal information

Correct Inaccuracies

Update or correct your information

Delete Your Data

Request deletion of your account and data

Opt-Out

Opt-out of non-essential communications

Data Retention

We retain data only as long as necessary to provide services and meet legal obligations:

Data TypeRetention Period
Account InformationDuration of account + 90 days
Audit Logs7 years (compliance requirement)
Usage Analytics2 years
IP Addresses30 days (then anonymized)

Contact Us

Questions About Privacy?

Our privacy team is here to help with any questions or concerns about how we handle your data.

support@peregrinetec.com
Peregrine Tec LLC, USA

Policy Updates

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through the Exchange dashboard. Your continued use of the service after such modifications will constitute your acknowledgment and acceptance of the updated Privacy Policy.

Back to Exchange