privacy policy

last updated: december 2025

1. introduction

mcp servers list ("we", "our", or "us") operates the website mcpserverslist.io. this privacy policy explains how we collect, use, disclose, and safeguard your information when you visit our website.

this policy applies to all visitors, including those in the european union (eu), european economic area (eea), and united kingdom (uk), and complies with the general data protection regulation (gdpr) and other applicable data protection laws.

please read this privacy policy carefully. if you do not agree with the terms of this privacy policy, please do not access the site.

2. data controller

for the purposes of gdpr and similar data protection laws, mcp servers list is the data controller responsible for your personal data. if you have any questions about this privacy policy or our data practices, please contact us through our github repository or at the contact information provided at the end of this policy.

3. information we collect

automatically collected information

when you visit our website, we may automatically collect certain information about your device, including:

  • ip address (anonymized/pseudonymized)
  • browser type and version
  • pages visited and time spent
  • referring website
  • device type and operating system
  • country/region (derived from ip address)

search queries

we collect search queries to improve our search functionality and user experience. search queries are stored anonymously and are not linked to any personal information.

what we do not collect

we do not:

  • require user accounts or registration
  • collect names, email addresses, or contact information (unless you contact us directly)
  • process sensitive personal data (special categories under gdpr)
  • engage in profiling or automated decision-making

4. legal basis for processing (gdpr)

under gdpr, we process your personal data based on the following legal grounds:

  • legitimate interests (article 6(1)(f)): we process automatically collected data (anonymized ip, browser info, device data) to operate and improve our website, ensure security, and analyze usage patterns. we have conducted a balancing test to ensure our interests do not override your rights.

  • consent (article 6(1)(a)): for non-essential cookies and analytics, we obtain your consent before processing. you can withdraw consent at any time.

5. how we use your information

we use the information we collect to:

  • provide, operate, and maintain our website
  • improve and personalize your experience
  • understand how you use our website
  • develop new features and functionality
  • prevent fraudulent activity and improve security
  • comply with legal obligations

we do not sell your personal data to third parties.

6. cookies and tracking

types of cookies

we use the following types of cookies:

  • strictly necessary cookies: essential for the website to function properly. these cannot be disabled.
  • analytics cookies: help us understand how visitors interact with our site (only with your consent).

cookie consent

for users in the eu/eea/uk, we obtain your consent before placing non-essential cookies. you can manage your cookie preferences at any time through:

  • your browser settings
  • our cookie consent banner (if applicable)

how to control cookies

you can control and delete cookies through your browser settings. please note that disabling cookies may affect some functionality of our website.

7. third-party services

our website may contain links to third-party websites, including github repositories and external documentation. we are not responsible for the privacy practices of these third parties.

we may use third-party services including:

  • hosting: vercel (servers located in various regions, including eu)
  • analytics: we may use privacy-focused analytics

these services process data as data processors on our behalf and are contractually bound to protect your data and comply with gdpr where applicable.

international data transfers

if your data is transferred outside the eu/eea, we ensure appropriate safeguards are in place, such as:

  • standard contractual clauses (sccs) approved by the european commission
  • adequacy decisions by the european commission
  • other legally recognized transfer mechanisms

8. data retention

we retain collected information only for as long as necessary to fulfill the purposes outlined in this privacy policy:

  • analytics data: anonymized and aggregated, retained for up to 26 months
  • server logs: retained for up to 30 days for security purposes
  • search queries: anonymized, retained indefinitely for service improvement

we will delete or anonymize your data when it is no longer needed, unless retention is required by law.

9. data security

we implement appropriate technical and organizational measures to protect your information, including:

  • encryption of data in transit (https/tls)
  • regular security assessments
  • access controls and authentication
  • secure hosting infrastructure

however, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

10. your rights

for all users

you have the right to:

  • access your data
  • request correction of inaccurate data
  • request deletion of your data
  • object to processing

additional rights for eu/eea/uk residents (gdpr)

under gdpr, you have additional rights including:

  • right of access (article 15): request a copy of the personal data we hold about you
  • right to rectification (article 16): request correction of inaccurate personal data
  • right to erasure (article 17): request deletion of your personal data ("right to be forgotten")
  • right to restriction (article 18): request restriction of processing of your personal data
  • right to data portability (article 20): receive your data in a structured, commonly used format
  • right to object (article 21): object to processing based on legitimate interests
  • right to withdraw consent: withdraw consent at any time where processing is based on consent
  • right to lodge a complaint: file a complaint with your local data protection authority (supervisory authority)

to exercise any of these rights, please contact us using the information provided in section 13. we will respond to your request within 30 days (or as required by applicable law).

data protection authorities

if you are in the eu/eea and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local supervisory authority. a list of eu data protection authorities can be found at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

11. children's privacy

our website is not intended for children under the age of 16 (or 13 in some jurisdictions). we do not knowingly collect personal information from children. if you believe we have collected information from a child, please contact us immediately, and we will take steps to delete such information.

12. changes to this policy

we may update this privacy policy from time to time. we will notify you of any material changes by:

  • posting the new privacy policy on this page
  • updating the "last updated" date
  • providing notice through the website (for significant changes)

we encourage you to review this policy periodically.

13. contact us

if you have questions about this privacy policy, our data practices, or wish to exercise your rights, please contact us:

for eu/eea/uk residents, you may also contact your local data protection authority if you have concerns about how we handle your personal data.

this privacy policy was last updated in december 2025 and complies with gdpr, uk gdpr, and other applicable data protection regulations.