Privacy Policy

Last Updated: August 28, 2025
Effective Date: August 28, 2025

1. Introduction

Welcome to the UK Companies MCP Server ("Service", "we", "us", or "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our Model Context Protocol (MCP) server to access UK company data through AI assistants like Claude.

We are committed to protecting your privacy and handling any data we collect with care and respect. Our service is designed with privacy by default - we collect only the minimal technical information necessary to provide and protect our service.

2. Information We Collect

2.1 Technical Information

We collect limited technical information solely for operational purposes:

IP Addresses: Collected automatically for rate limiting and abuse prevention
Request Metadata: HTTP headers, request paths, and response codes for diagnostics
Timestamps: Date and time of requests for diagnostic and rate limiting purposes
Usage Patterns: Aggregate request counts per endpoint for service monitoring

2.2 Information We Do NOT Collect

We do not collect, store, or process:

Personal identification information (names, email addresses, phone numbers)
Payment or financial information
Cookies or tracking pixels
Browser fingerprinting data
User account information
Query contents or search terms beyond what's necessary for immediate processing

3. How We Use Information

We use the collected technical information exclusively for:

3.1 Service Operations

Rate Limiting: Preventing abuse and ensuring fair access to all users
Diagnostic Logging: Identifying and resolving technical issues
Security Monitoring: Detecting and preventing malicious activities
Performance Optimization: Improving service response times and reliability

3.2 Legal and Safety

Complying with applicable laws and regulations
Protecting against fraudulent or illegal activities
Enforcing our terms of service

4. Data Retention

We maintain strict data retention policies:

Rate Limiting Data (IP addresses, request counts): Automatically deleted after 24 hours
Diagnostic Logs (errors, performance metrics): Automatically deleted after 7 days
Security Event Logs (blocked IPs, violations): Retained for up to 30 days for pattern analysis
Aggregated Statistics: May be retained indefinitely in anonymized form

All data deletion is automated and irreversible.

5. Data Security

We implement appropriate technical and organizational measures to protect your information:

Encryption: All data transmissions use industry-standard encryption (HTTPS/TLS)
Access Control: Limited access to technical data on a need-to-know basis
Infrastructure Security: Hosted on secure, professionally managed infrastructure
Regular Updates: Security patches and updates applied promptly
No Data Sales: We never sell, trade, or rent your information to third parties

6.1 Service Providers

We may share technical information with:

Infrastructure Providers: For hosting and content delivery (e.g., cloud services)
Security Services: For DDoS protection and security monitoring

6.2 Companies House Data

The company information accessed through our service is sourced from Companies House, the UK's official register of companies. This is public information and is not considered personal data under GDPR.

6.3 Legal Requirements

We may disclose information if required by law, court order, or government request.

7. Your Rights

Under the General Data Protection Regulation (GDPR) and UK data protection laws, you have the right to:

Access: Request information about what data we hold about you
Rectification: Request correction of inaccurate data
Erasure: Request deletion of your data (subject to legal obligations)
Restriction: Request limitation on how we process your data
Portability: Receive your data in a structured, machine-readable format
Object: Object to certain types of processing

To exercise these rights, please contact us using the information in Section 12.

8. International Data Transfers

Our service may be accessed globally. By using our service, you consent to the transfer of technical information across international borders. We ensure appropriate safeguards are in place for any international data transfers.

9. Children's Privacy

Our service is not directed to individuals under the age of 16. We do not knowingly collect information from children. If you believe we have inadvertently collected information from a child, please contact us immediately.

10. Cookies and Tracking

We do not use cookies, web beacons, or similar tracking technologies. All necessary operational data is handled server-side without requiring client-side storage.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. For significant changes, we may provide additional notice through our documentation or service announcements.

We encourage you to review this Privacy Policy periodically to stay informed about our data practices.

12. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: [email protected]
Website: https://www.companiesintheuk.co.uk/support/contact
Documentation: https://docs.companiesintheuk.co.uk

For data protection inquiries specific to GDPR, you may also contact: Data Protection Contact: [email protected]

13. Additional Information for EU/UK Residents

13.1 Legal Basis for Processing

We process technical information based on:

Legitimate Interests: For service operation, security, and improvement
Legal Obligations: When required by law

13.2 Data Protection Authority

You have the right to lodge a complaint with your local data protection authority:

UK: Information Commissioner's Office (ICO) - https://ico.org.uk
EU: Your local Data Protection Authority

13.3 Automated Decision Making

We do not use your data for automated decision-making or profiling that produces legal effects.

Acknowledgment

By using the UK Companies MCP Server, you acknowledge that you have read and understood this Privacy Policy and agree to the collection and use of technical information as described herein.

This policy is compliant with:

General Data Protection Regulation (GDPR)
UK Data Protection Act 2018
California Consumer Privacy Act (CCPA) where applicable

This privacy policy was last reviewed and updated on August 28, 2025.

1. Introduction​

2. Information We Collect​

2.1 Technical Information​

2.2 Information We Do NOT Collect​

3. How We Use Information​

3.1 Service Operations​

3.2 Legal and Safety​

4. Data Retention​

5. Data Security​

6. Data Sharing and Third Parties​

6.1 Service Providers​

6.2 Companies House Data​

6.3 Legal Requirements​

7. Your Rights​

8. International Data Transfers​

9. Children's Privacy​

10. Cookies and Tracking​

11. Changes to This Policy​

12. Contact Information​

13. Additional Information for EU/UK Residents​

13.1 Legal Basis for Processing​

13.2 Data Protection Authority​

13.3 Automated Decision Making​