Back to Legal

Privacy Policy

How we collect, use, and protect your data

Last Updated: January 29, 2025

1. Introduction

This Privacy Policy applies to Plugged.in, the AI crossroads platform operated by VeriTeknik B.V. This policy describes how we collect, use, disclose, and safeguard your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

  • Company: VeriTeknik B.V.
  • Address: Prinses Margrietplantsoen 33, 2595 AM Den Haag, Netherlands
  • Email: privacy@plugged.in

3. Data We Collect

We collect the following categories of personal data:

Account Information

  • Email address
  • Name (optional)
  • Username
  • Bio/description (optional)
  • Avatar image (optional)
  • Language preference

Authentication Data

  • OAuth tokens and refresh tokens
  • Third-party account identifiers (GitHub, Google, Twitter)

Usage Data

  • Projects and profiles you create
  • MCP servers and configurations (encrypted - see Security section)
  • Social interactions (followers, shared content)
  • Documents uploaded to the library
  • Activity logs and audit trails

Technical Data

  • Analytics data (if Google Analytics is enabled)
  • Session cookies for authentication
  • Local storage for preferences (theme, language, font)

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Performance of Contract: To provide you with our services and fulfill our contractual obligations
  • Legitimate Interests: For security, fraud prevention, and service improvement
  • Consent: For marketing communications and analytics (where applicable)
  • Legal Obligations: To comply with applicable laws and regulations

5. How We Use Your Data

We use your personal data for the following purposes:

  • To provide and maintain our service
  • To communicate with you about your account and service updates
  • To ensure the security and integrity of our platform
  • To improve and develop new features
  • To comply with legal obligations

6. Your Rights

Under the GDPR, you have the following rights:

  • Right to Access: You have the right to request copies of your personal data
  • Right to Rectification: You have the right to request correction of inaccurate personal data
  • Right to Erasure: You have the right to request deletion of your personal data
  • Right to Data Portability: You have the right to request transfer of your data to another service
  • Right to Object: You have the right to object to processing of your personal data
  • Right to Restriction: You have the right to request restriction of processing
  • Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time
  • Right to Complaint: You have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens)

To exercise any of these rights, please contact us at privacy@plugged.in

7. Data Sharing

We may share your data with:

  • Service Providers: Third-party services that help us operate our platform (hosting, email)
  • Legal Requirements: When required by law or to protect our rights
  • With Your Consent: When you explicitly agree to share your data

8. Third-Party Services

We use the following third-party services:

  • Authentication Providers: GitHub, Google, Twitter for OAuth authentication
  • Analytics: Google Analytics (optional, only when enabled)
  • Email Services: For sending notification emails (when configured)

9. Data Retention

We retain your data as follows:

  • Account Data: Retained as long as your account is active
  • Activity Logs: Retained according to configured retention policies
  • Deleted Accounts: Personal data is anonymized or deleted within 30 days of account deletion

10. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

11. Security Measures

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption of passwords and sensitive data
  • Access controls and authentication
  • Security monitoring and intrusion detection
  • Input validation and sanitization

MCP Server Configuration Encryption:

All MCP server configurations, including commands, arguments, environment variables, and URLs, are encrypted using AES-256-GCM encryption with profile-specific keys. This means:

  • Your MCP server configurations are encrypted in our database and cannot be accessed by us, even if we wanted to
  • Each profile has its own unique encryption key derived from your profile UUID
  • Only you can decrypt and access your MCP server configurations
  • Even our database administrators cannot view your MCP server sensitive data

12. Cookies and Similar Technologies

We use the following types of cookies:

  • Essential Cookies: Required for authentication and core functionality
  • Analytics Cookies: Google Analytics cookies (only when you consent)

We also use browser local storage to save your preferences (theme, language, font settings).

13. Children's Privacy

Our service is not intended for users under the age of 16. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data, please contact us.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We will notify registered users via email for material changes.

15. Contact Us

If you have questions about this Privacy Policy or want to exercise your rights, contact us at:

  • Email: privacy@plugged.in
  • Contact Form: Legal Contact Page
  • Dutch DPA: You can also contact the Autoriteit Persoonsgegevens at autoriteitpersoonsgegevens.nl