Privacy Policy | NovoMCP

Privacy Policy

How we collect, use, and protect your information.

Effective Date: January 17, 2026 · Last Updated: January 17, 2026

NovoMCP ("we", "our", or "the Service") is a molecular intelligence MCP server operated by NovoQuantNexus. This privacy policy describes how we collect, use, and protect information when you use NovoMCP through Claude or other MCP-compatible clients.

1. Information We Collect

1.1 Account Information

When you register for NovoMCP, we collect:

  • Email address (for account identification)
  • Name (for display purposes)
  • Organization name (if applicable)

1.2 API Usage Data

When you use NovoMCP tools, we collect:

  • API key identifier (hashed, not the full key)
  • Timestamp of requests
  • Tool names invoked
  • Request count for rate limiting

1.3 Query Data

We process but do not persistently store:

  • SMILES strings submitted to tools
  • Search queries for literature/patents
  • Tool parameters

Important: We do not log or store the molecular structures you query beyond the duration of the request processing. Query data is not used for training or analytics.

1.4 What We Do NOT Collect

  • Conversation history with Claude
  • User-uploaded files or documents
  • Personal health information
  • Financial information

2. How We Use Information

2.1 Service Operation

  • Authenticate API requests
  • Enforce rate limits by tier
  • Route requests to appropriate backend services

2.2 Service Improvement

  • Aggregate usage statistics (tool popularity, error rates)
  • Performance monitoring and optimization
  • Security monitoring for anomalous access patterns

2.3 Communication

  • Service announcements and updates
  • Security notifications
  • Billing communications (for paid tiers)

3. Data Retention

Data Type Retention Period
Account information Until account deletion
API key metadata Until key revocation + 30 days
Usage timestamps 90 days
Error logs 30 days
Query content Not retained (processed in memory only)

4. Data Sharing

We do not sell or share your personal information with third parties for marketing purposes.

4.1 Service Providers

We use the following infrastructure providers:

  • Microsoft Azure: Cloud hosting (East US region)
  • Azure SQL Database: Account and usage metadata
  • Azure Redis Cache: Rate limiting (ephemeral)

4.2 Legal Requirements

We may disclose information if required by law, subpoena, or legal process.

4.3 No Third-Party Analytics

We do not use third-party analytics services that track individual users.

5. Data Security

5.1 Technical Measures

  • API keys are hashed (SHA-256) before storage
  • All communications encrypted via TLS 1.3
  • OAuth 2.0 with PKCE for authentication
  • Network isolation between services

5.2 Access Controls

  • Admin access requires multi-factor authentication
  • Principle of least privilege for system access
  • Regular access audits

5.3 Incident Response

In the event of a data breach, we will:

  • Notify affected users within 72 hours
  • Report to relevant authorities as required
  • Provide guidance on protective measures

6. Your Rights

6.1 Access and Export

You can request a copy of your account data by emailing privacy@novoquantnexus.com.

6.2 Deletion

You can request account deletion at any time. This will:

  • Revoke all API keys immediately
  • Delete account information within 30 days
  • Remove usage records within 90 days

6.3 Correction

Contact us to correct any inaccurate account information.

6.4 Opt-Out

You can opt out of non-essential communications at any time.

7. International Users

NovoMCP servers are located in the United States (Azure East US). By using the Service, you consent to the transfer of data to the United States.

For EU/EEA users: We process data under legitimate interest for service operation. You have rights under GDPR including access, rectification, erasure, and data portability.

8. Children's Privacy

NovoMCP is not intended for use by individuals under 18 years of age. We do not knowingly collect information from children.

9. Changes to This Policy

We may update this policy periodically. Material changes will be communicated via:

  • Email to registered users
  • Notice on the NovoMCP documentation site

Continued use after changes constitutes acceptance of the updated policy.

10. Contact Us

For privacy-related questions or requests:

Privacy: privacy@novoquantnexus.com

General Support: ari@novoquantnexus.com

11. Compliance

NovoMCP is designed to comply with:

  • Anthropic Software Directory Policy
  • GDPR (for EU users)
  • CCPA (for California users)

NovoMCP Privacy Policy — Version 1.0