Fastweigh MCP

Privacy Policy

Last updated: 2026-04-24

The Fastweigh MCP server (this site) is an OAuth-protected bridge between AI clients that speak the Model Context Protocol and the Fastweigh GraphQL API. This policy explains what it stores and why.

What we store

• OAuth grant records: the client that was authorized, which scopes were granted, and an encrypted copy of your Fastweigh API key. Keys are encrypted at rest using token material that only the MCP client holds; a complete storage leak does not reveal keys.
• Audit logs: for each tool invocation we record the tenant ID, a human-readable key name, a SHA-256 hash of the submitted code, the duration, the response size, and whether it errored. We do not store raw code, raw GraphQL queries, variable values, or response bodies.
• Rate-limit counters: per-key call counts in rolling 60-second windows.

What we never store

• Raw Fastweigh API keys (only encrypted copies tied to OAuth tokens).
• The contents of your GraphQL queries, variables, or responses.
• Personally identifiable information from your Fastweigh tenant.

How data is used

Audit logs are used to detect abuse, respond to incidents, and debug errors. They are not shared with third parties.

Retention

Audit rows are retained for 90 days. OAuth refresh tokens expire after 30 days of non-use. You can revoke a grant at any time by re-authorizing with a new key or by contacting Fastweigh support.

Contact

For privacy questions, contact support@fastweigh.com.