Privacy Policy

Last updated: 8/3/2025

Quick Summary: We protect your calibration business data with enterprise-grade security. We only collect what's necessary for calibration management and never sell your information.

1. Data Controller Information

MCP-CAL is the data controller for your personal data. We are responsible for deciding how and why your personal data is processed.

Contact: support@mcp-cal.com

Data Protection Officer: privacy@mcp-cal.com

2. Information We Collect

2.1 Business Account Information

Legal Basis: Contract performance and legitimate business interests

Email address (account authentication)
Company name and business information
Tax ID and business registration details
Business address and contact information
Contact person name and phone number
Company website and logo
Digital signatures for calibration certificates

2.2 Industrial Equipment Data

Legal Basis: Contract performance and legitimate business interests

Equipment identification information
Asset management data
Technical specifications as required for service delivery
Historical service and maintenance records
Equipment status and assignment information

2.3 Calibration & Technical Data

Legal Basis: Contract performance and compliance with industry standards

Calibration test results and measurements
Environmental testing conditions
Technician identification and certification data
Applicable industry standards and procedures
Traceability and certification documentation
Quality assurance records

2.4 Usage & Technical Data

Legal Basis: Legitimate interests (system security and improvement)

IP addresses and device information
Browser type and operating system
Pages visited and features used
Session duration and interaction patterns
Error logs and performance data
Security and access logs

3. Data Processing Partners

3.1 Supabase (Primary Database)

Role: Data Processor | Location: United States

Stores all business and calibration data
Provides authentication and user management
SOC 2 Type 2 certified for security compliance
GDPR-compliant with Standard Contractual Clauses
End-to-end encryption for data in transit and at rest

View Supabase Privacy Policy →

3.2 Google Analytics (Optional)

Role: Analytics Processor | Consent Required

Usage analytics and performance monitoring
Only processes data with your explicit consent
IP addresses are anonymized
You can opt out at any time via cookie settings

4. Data Retention

Calibration Records: 7 years (industry standard for traceability)
Business Account Data: Duration of service + 2 years
Technical/Usage Logs: 90 days maximum
Analytics Data: 26 months (Google Analytics standard)
Team Member Access Logs: 1 year for security purposes

Data is automatically deleted after retention periods expire, except where longer retention is required by law.

5. Cookies & Tracking

Essential Cookies (No Consent Required)

Authentication: Supabase session tokens
Security: CSRF protection tokens
Functionality: UI preferences (sidebar:state)
Session Management: User session identifiers

Analytics Cookies (Consent Required)

Google Analytics: _ga, _gid, _gat cookies
Purpose: Usage analysis and service improvement
Duration: 2 years maximum
Control: Managed via cookie consent banner

6. Your Rights (GDPR/CCPA)

You have the following rights regarding your personal data:

Access & Portability

Request a copy of your data
Export data in machine-readable format
View all processing activities

Control & Deletion

Correct inaccurate information
Delete your account and data
Restrict certain processing

Consent Management

Withdraw analytics consent
Object to processing
Opt out of communications

Legal Recourse

File complaints with authorities
Request impact assessments
Seek legal remedies

7. Data Security & Protection

Technical Safeguards

TLS 1.3 encryption for all data transmission
AES-256 encryption for data at rest
Multi-factor authentication support
Row-level security (RLS) database policies
Regular automated backups with encryption
Network isolation and firewall protection

Administrative Safeguards

Access controls based on business need
Regular security audits and assessments
Employee training on data protection
Incident response and breach notification procedures
Third-party security certifications (SOC 2)

8. International Data Transfers

Your data may be transferred to and processed in countries outside your jurisdiction:

United States: Supabase infrastructure (adequacy decision pending)
Safeguards: Standard Contractual Clauses (SCCs) and Privacy Shield successors
EU Users: Data processed under GDPR Article 46 transfer mechanisms
Encryption: All international transfers use end-to-end encryption

9. Industry-Specific Compliance

Calibration Standards

Support for ISO/IEC 17025 traceability requirements
NIST measurement standards alignment
Industry-specific calibration procedures
Chain of custody documentation

Business Records

Equipment maintenance history preservation
Audit trail requirements for regulated industries
Quality management system integration
Certificate authenticity and verification

10. Data Breach Notification

In the unlikely event of a data breach affecting your personal data:

72 Hours: Supervisory authorities notified (GDPR requirement)
Without Delay: Affected individuals notified if high risk
Communication: Clear explanation of breach and remediation steps
Support: Dedicated incident response team assistance
Prevention: Additional security measures implemented

11. Children's Privacy

MCP-CAL is designed for business use only. We do not knowingly collect personal information from children under 16 (EU) or 13 (US). If we discover such collection, we will delete the data immediately and terminate the account.

12. Contact & Requests

Privacy Requests

For any privacy-related requests or questions:

Email: privacy@mcp-cal.com

Response Time: Within 30 days (1 month)

Verification: Account credentials required for security

Supervisory Authority

EU users have the right to lodge complaints with their local data protection authority. US users can contact the Federal Trade Commission (FTC) regarding privacy concerns.

Updates to This Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. Material changes will be communicated via email and prominently displayed in the application. Continued use after changes constitutes acceptance of the updated policy.

← Back to Home|Terms of Service →