Privacy Policy

Privacy Policy

Last Updated: November 13, 2025
Effective Date: November 13, 2025

1. Introduction

Alien Lifestyles ("we," "our," or "us") operates the Mailchimp MCP (Model Context Protocol) service, a software integration that connects Mailchimp accounts with Claude Desktop and Claude AI. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

By using our services, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

  • Email address (required for account creation)
  • Password (stored as a cryptographic hash, never in plain text)
  • Google OAuth ID (if you choose to sign in with Google)

Profile Information:

  • Name (optional, if provided)
  • Email address (used for account identification)

Payment Information:

  • Payment processing is handled by Stripe, Inc.
  • We do not store credit card numbers or payment card data
  • We store Stripe customer IDs and subscription status for billing purposes

Communication:

  • Information you provide when contacting us for support
  • Feedback and feature requests

2.2 Information Automatically Collected

Usage Data:

  • How you use our services
  • API requests made through the MCP server
  • License validation requests
  • Device registration information

Device Information:

  • Device IDs (unique identifiers for each installation)
  • Device names (if provided)
  • Platform information (macOS, Windows, Linux)
  • Application version numbers
  • Last seen timestamps

Log Data:

  • IP addresses
  • Browser type and version
  • Access times and dates
  • Pages viewed
  • User agent strings
  • Request paths and methods

Technical Data:

  • License keys (format: ALIEN-XXXX-XXXX-XXXX)
  • License validation results
  • Device registration status
  • OAuth token expiration times

2.3 Information from Third-Party Services

Mailchimp:

  • OAuth access tokens (encrypted before storage)
  • OAuth refresh tokens (encrypted before storage)
  • Mailchimp account information (account name, login ID)

Mailchimp MCP - Important Data Controller Clarification:

  • Mailchimp MCP is local software that runs entirely on your machine
  • You are the data controller for Mailchimp data processed by Mailchimp MCP
  • Alien Lifestyles does NOT process Mailchimp data - all processing happens locally on your device
  • When you use Mailchimp MCP, it accesses your Mailchimp data through the Mailchimp API, including:
    • Audience (list) information
    • Member data (email addresses, names, merge fields, subscription status)
    • Campaign data (subject lines, send times, open rates, click rates)
    • E-commerce data (stores, products, orders, customers)
    • Template and file information
    • Domain verification status
  • This Mailchimp data is processed locally on your machine and may be transmitted to Claude Desktop and Claude AI when you use the MCP tools
  • You control what data is accessed and can enable PII masking (MAILCHIMP_MASK_PII=true) to protect sensitive information
  • License validation data (device IDs, license keys) sent to our backend for license validation is the only Mailchimp MCP-related data we process (limited controller role)

Stripe:

  • Customer IDs
  • Subscription IDs
  • Subscription status
  • Billing period information
  • Payment method information (handled by Stripe, not stored by us)

Google (if using Google Sign-In):

  • Google OAuth ID
  • Email address (from Google account)
  • Profile information (if provided by Google)

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Provision

  • Account Management: Create and manage your user account
  • Authentication: Verify your identity and manage access to services
  • License Management: Generate, validate, and manage license keys
  • Device Tracking: Track device registrations and enforce device limits
  • Mailchimp Integration: Store and manage OAuth tokens to access your Mailchimp account
  • MCP Server Operation: Enable the MCP server to interact with Mailchimp on your behalf

3.2 Communication

  • Transactional Emails: Send MFA codes, license key emails, password reset emails
  • Service Notifications: Notify you of service updates, security issues, or account changes
  • Support: Respond to your inquiries and provide customer support

3.3 Payment Processing

  • Subscription Management: Process subscriptions and manage billing
  • Payment Processing: Handle payments through Stripe (we do not process payments directly)

3.4 Security and Compliance

  • Fraud Prevention: Detect and prevent fraud, abuse, and security threats
  • Audit Logging: Maintain audit logs for security and compliance purposes
  • Legal Compliance: Meet legal and regulatory requirements
  • License Enforcement: Validate license keys and enforce usage restrictions

3.5 Service Improvement

  • Analytics: Analyze usage patterns to improve our services
  • Error Tracking: Identify and fix bugs and errors
  • Feature Development: Understand how features are used to guide development

4. Data Sharing and Disclosure

4.1 Data Flow: "Whose Data is Exposed Where by What Mechanism?"

Your Account Data:

  • Stored: In our PostgreSQL database (hosted on Railway)
  • Exposed To: Our backend services, support staff (when necessary)
  • Mechanism: Direct database access, encrypted in transit (HTTPS)

Your Mailchimp OAuth Tokens:

  • Stored: Encrypted in our PostgreSQL database
  • Exposed To: Our backend services (for token refresh)
  • Mechanism: AES-256-GCM encryption, decrypted only when needed for API calls

Your Mailchimp Data (Audiences, Members, Campaigns, etc.):

  • Accessed: Through Mailchimp API using your OAuth tokens
  • Exposed To:
    1. Claude Desktop - Data is transmitted to Claude Desktop when you use MCP tools
    2. Claude AI (Anthropic) - Data is sent to Claude AI for processing when you interact with Claude
    3. Your Local Device - Claude Desktop stores conversation history locally (see Section 4.2)
  • Mechanism:
    • MCP server retrieves data from Mailchimp API
    • Data is transmitted to Claude Desktop via MCP protocol
    • Claude Desktop sends data to Claude AI API
    • Claude Desktop stores conversation history locally on your device

⚠️ IMPORTANT: PII Exposure Warning

When you use the MCP server to query Mailchimp data:

  • Email addresses, names, and personal information from your Mailchimp audiences are transmitted to Claude Desktop
  • Claude Desktop stores conversation history locally on your device (unencrypted by default)
  • Claude AI may process and store this data according to Anthropic's privacy policy
  • You can enable PII masking (MAILCHIMP_MASK_PII=true) to mask sensitive data, but this may limit functionality

4.2 Third-Party Service Providers

Mailchimp (The Rocket Science Group, LLC):

  • We access your Mailchimp data through their API using OAuth tokens you authorize
  • Mailchimp's privacy policy applies to data stored in Mailchimp
  • We act as a data processor when accessing your Mailchimp data

Stripe, Inc.:

  • Payment processing and subscription management
  • Stripe handles all payment card data
  • We receive subscription status and customer IDs from Stripe

Anthropic (Claude AI):

  • When you use Claude Desktop with our MCP server, your Mailchimp data is sent to Claude AI
  • Anthropic's privacy policy applies to data sent to Claude AI
  • We do not control how Anthropic processes or stores this data

Railway (Hosting Provider):

  • Our backend services and database are hosted on Railway
  • Railway has access to infrastructure but not to encrypted data

Mandrill (Email Service):

  • We use Mandrill (Mailchimp Transactional) to send transactional emails
  • Email addresses and email content are processed by Mandrill

4.3 Legal Requirements

We may disclose your information if required by law or in response to:

  • Court orders or legal process
  • Government requests
  • Law enforcement requests
  • Protection of rights, property, or safety

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5. Data Storage and Security

5.1 Data Storage

Location: Our services are hosted on Railway, which uses cloud infrastructure. Data may be stored in multiple geographic locations.

Retention: We retain your data for as long as necessary to provide services or as required by law:

Backend Package:

  • Active Accounts: User account data retained while account is active
  • Inactive Accounts: User account data retained for 3 years after last login, then deleted or anonymized
  • Audit Logs: Retained for 90 days for security monitoring
  • Subscription Data: Retained for 7 years for legal/compliance purposes (tax, accounting)
  • License Keys: Retained while account is active, deleted upon account deletion
  • OAuth Tokens: Retained while account is active, deleted upon account deletion or OAuth revocation

Web Portal Package:

  • Cookie Consent: Stored in localStorage until user withdraws consent or clears browser data
  • Analytics Data: Processed by Google Analytics (subject to Google's retention policies)
  • Form Submissions: Processed immediately and stored in backend (subject to backend retention policies)

Mailchimp MCP Package:

  • License Validation Data: Device IDs and license keys sent to backend are retained per backend retention policies (see above)
  • Mailchimp Data: Not stored by Alien Lifestyles - all Mailchimp data processing happens locally on your device
  • Local Configuration: Stored locally on your device (subject to your device's data retention policies)

5.2 Security Measures

Encryption:

  • OAuth tokens encrypted at rest using AES-256-GCM
  • Data transmitted over HTTPS/TLS
  • Passwords hashed using bcrypt (12 rounds)

Access Controls:

  • Role-based access control
  • Least privilege principle
  • Regular access reviews

Security Practices:

  • Regular security audits
  • Vulnerability scanning
  • Incident response procedures
  • Data backup and recovery

⚠️ Security Limitations:

  • Claude Desktop Storage: Conversation history stored locally on your device is not encrypted by default
  • PII Exposure: Mailchimp data sent to Claude AI may be processed and stored by Anthropic
  • Local Storage: Device information stored locally in Claude Desktop configuration files

6. Your Rights and Choices

6.1 Access and Portability (GDPR Article 15, CCPA Right to Know)

You have the right to:

  • Access your personal data
  • Receive a copy of your data in a portable format
  • Request information about data processing

How to Exercise: Contact us at privacy@alienlifestyles.com or use the data export feature in your account settings.

6.2 Correction (GDPR Article 16)

You have the right to:

  • Correct inaccurate personal data
  • Update your account information

How to Exercise: Update your profile in account settings or contact support.

6.3 Deletion (GDPR Article 17, CCPA Right to Delete)

You have the right to:

  • Request deletion of your personal data
  • Request anonymization of your data

How to Exercise: Contact us at privacy@alienlifestyles.com or use the account deletion feature.

Note: Some data may be retained for legal or compliance purposes (e.g., audit logs).

6.4 Objection and Restriction (GDPR Articles 18, 21)

You have the right to:

  • Object to processing of your personal data
  • Request restriction of processing

How to Exercise: Contact us at privacy@alienlifestyles.com.

6.5 Data Portability (GDPR Article 20)

You have the right to:

  • Receive your data in a structured, commonly used format
  • Transfer your data to another service

How to Exercise: Use the data export feature in your account settings.

6.6 Opt-Out (CCPA)

California residents have the right to:

  • Opt-out of sale of personal information (we do not sell personal information)
  • Opt-out of sharing for cross-context behavioral advertising (we do not engage in this)

6.7 PII Masking

You can enable PII masking to reduce exposure of sensitive data:

  • Set MAILCHIMP_MASK_PII=true in your MCP configuration
  • This masks email addresses and other PII in MCP responses
  • Note: This may limit functionality of some MCP tools

7. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data based on:

Contract Performance:

  • Account creation and management
  • License key generation and validation
  • Service provision

Consent:

  • Mailchimp OAuth authorization
  • Marketing communications (if opted in)
  • Cookie usage (where applicable)

Legal Obligation:

  • Audit logging
  • Tax and accounting records
  • Compliance with legal requirements

Legitimate Interests:

  • Security and fraud prevention
  • Service improvement
  • Analytics and usage analysis

8. Children's Privacy

Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country.

Safeguards:

  • Standard Contractual Clauses (SCCs) where applicable
  • Adequate security measures
  • Compliance with applicable data protection laws

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights:

  • Right to Know: Request information about personal information collected, used, and disclosed
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Opt-out of sale of personal information (we do not sell personal information)
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights

How to Exercise: Contact us at privacy@alienlifestyles.com.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last Updated" date
  • Sending email notifications for material changes

Continued use of our services after changes constitutes acceptance of the updated Privacy Policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Email: privacy@alienlifestyles.com
Website: https://alienlifestyles.com
Address: Alien Lifestyles, [Address if applicable]

Data Protection Officer: privacy@alienlifestyles.com

13. Agreement by Use

By using our services, you acknowledge that:

  1. You have read and understood this Privacy Policy
  2. You consent to the collection, use, and disclosure of your information as described
  3. You understand that Mailchimp data accessed through the MCP server is transmitted to Claude Desktop and Claude AI
  4. You understand that Claude Desktop stores conversation history locally on your device
  5. You understand the risks associated with PII exposure through Claude AI
  6. You agree to use PII masking features if handling sensitive data
  7. You are responsible for ensuring compliance with applicable data protection laws when using our services with third-party data

If you do not agree with this Privacy Policy, you must not use our services.

Last Updated: November 13, 2025