Data handling

Trodo’s MCP server is read-only — no tool writes to your team. Tool responses contain the same data you’d see in your Trodo dashboard for that query, projected for the AI client.

​

What Trodo stores for MCP

We never store raw bearer tokens — only their SHA-256 hashes. The raw value is shown to the holder once at issuance and then forgotten. We never log token values, code verifiers, or client secrets.

​

What gets sent to the AI client

For every tool call the response contains:

• A short text summary (content[0].text).
• The structured projection of the tool’s data (structuredContent) — same as your dashboard sees, minus internal fields like raw SQL or embeddings.
• Hard cap of 80,000 characters per response. Larger payloads are truncated with a marker.

PII tools (get_user_profile, find_users, get_user_journey, get_user_agent_runs) return:

• distinct_id (often an email)
• primary_wallet_address
• first_location_country, last_location_country
• device_type, browser_name, os
• session counts and timestamps

These four tools require the mcp:user:read_pii scope which is off by default. They are also subject to a per-team daily quota of 100 calls.

​

What the AI client does with the data

Once data leaves Trodo, it’s subject to the AI client’s data policy:

• Claude.ai / Claude Desktop / Claude Code — processed by Anthropic. See Anthropic’s usage policy.
• Cursor — see Cursor privacy.
• Custom clients — your responsibility.

If you have GDPR / CCPA / SOC2 obligations, review the AI client’s policy before enabling the PII scope.

​

Disconnecting

• OAuth grants — Integrations → MCP → revoke the grant. Effective within 60 seconds.
• Direct API keys — Integrations → MCP → revoke the key. Effective within 60 seconds.

​

Compliance contact

Email [email protected] for DSAR requests or data-handling questions. See also: privacy policy, terms of service.