Privacy

MissingMCP stores the minimum needed to connect your accounts to Claude — and none of your actual data.

Who runs this

This instance is operated by Vaclav Slajs ([email protected]). MissingMCP is fully open source — the entire gateway is on GitHub, so you can audit exactly what it does, or self-host your own instance instead of trusting this one.

What we store

Per connected account, and nothing more:

  • Your sign-in identifier for the connected service (the account email).
  • Encrypted credentials for the connected service — AES-256-GCM at rest. For WHOOP: read-only OAuth tokens issued by WHOOP (your WHOOP password is never entered here). For Garmin: session tokens (your password is used once to sign in and never stored).
  • SHA-256 hashes of the gateway’s own access tokens — never the tokens themselves.
  • Per-account tool-usage counters: tool name, call count, and last-used timestamp — never tool arguments or results.

What we never store

Your health, fitness or activity data. It passes through on demand between the connected service and your Claude client and is not written to disk. No analytics, no ads, no trackers, no cookies.

Sharing & logs

Data flows only between your Claude client and the connected service, and only when you ask Claude a question — connecting an account is your explicit consent for that flow. Nothing is sold or shared with any other party. Operational logs (hosted on Railway) record account email, tool names, and timings for monitoring — never token values, never your data.

Revoke & delete

Disconnect in Claude

Settings → Connectors → remove the connector.

Revoke at the source

WHOOP: app settings → connected apps — the gateway detects the revocation and automatically deletes your stored tokens. Garmin: change your password or manage sessions.

Delete everything

Email the operator ([email protected]) to have every stored record of your account deleted.

This page may be updated as connectors are added. The source of truth is always the open-source repo.