Privacy Policy

Last updated: May 14, 2026

This privacy policy describes how Aleksey Shenker G-MCP ("the Application") accesses, uses, and protects your data when connecting to Google Workspace APIs.

1. What the Application does

The Application is a set of locally-run MCP servers that allow AI assistants to interact with Google Workspace services (Gmail, Google Calendar, Google Drive, Google Tasks) on your behalf. The servers run entirely on your local machine as Node.js processes.

2. Data accessed

The Application requests access to the following Google API scopes:

• Gmail: gmail.modify, gmail.compose, gmail.labels— to read, send, label, and archive emails.
• Google Calendar: calendar or calendar.readonly — to list, create, update, and delete calendar events.
• Google Drive: drive or drive.readonly — to read, upload, move, and share files.
• Google Tasks: tasks or tasks.readonly — to create, update, complete, and organize tasks.
• User info: userinfo.email— to identify the connected Google account.

3. How your data is used

Your data is used solely to perform the actions you request through your AI assistant. For example, when you ask your assistant to send an email, the Gmail MCP server calls the Gmail API on your behalf with the content you provide. The Application does not analyze, profile, or use your data for any purpose other than fulfilling your explicit requests.

4. Data storage and retention

• OAuth tokens are stored locally on your machine in a configuration directory (e.g., ~/.config/gmail-mcp/). They are never uploaded to any external server.
• Email, calendar, drive, and task data is read from and written to Google APIs in real time. The Application does not maintain its own database or cache of your Google data.
• No server-side storage. There is no backend server. All processing happens locally on your machine.

5. Data sharing

The Application does not share your data with any third parties. Your data flows directly between your local machine and Google's APIs. No intermediary servers are involved.

6. Analytics and tracking

The Application does not include any analytics, telemetry, or tracking. No usage data is collected.

7. Security

• OAuth 2.0 is used for authentication. The Application never sees or stores your Google password.
• Tokens are stored with filesystem permissions restricted to your user account.
• Communication with Google APIs uses HTTPS/TLS exclusively.
• A read-only mode is available for each service to limit access when full permissions are not needed.

8. Revoking access

You can revoke the Application's access to your Google account at any time by visiting Google Account Permissions and removing the Application. You can also delete the local token files from your configuration directory.

9. Changes to this policy

If this policy is updated, the changes will be posted on this page with an updated date. Since the Application is for personal use, changes are infrequent.

10. Contact

For questions about this privacy policy or data handling: alekseyshenker@gmail.com