Privacy Policy
How we collect, use, and protect your personal data
Privacy Policy
Last Updated: January 29, 2026
1. Data Controller
n8n MCP Bridge ("we", "our", "us") operates the n8nmcp.online platform.
Contact: privacy@n8nmcp.online
2. Data We Collect
2.1 Necessary Data (Legitimate Interest)
We collect the following data necessary to provide our service:
- Email address - For authentication and account management
- OAuth profile data - Name and email from Google or GitHub
- Session data - Authentication tokens and CSRF protection
- n8n credentials - API keys and instance URLs (encrypted)
- Workflow data - Your n8n workflows accessed via our bridge
Legal Basis: Legitimate interest (GDPR Article 6(1)(f)) - necessary to provide the service you requested.
2.2 Analytics Data (With Your Consent)
With your explicit consent, we collect:
- IP address (anonymized) - To determine country/city location
- Browser information - Type, version, device type
- Usage data - Pages visited, features used, time spent
- Geographic location - Country and city level (not precise location)
- Referral source - How you found our website
Tool Used: Google Analytics 4
Legal Basis: Consent (GDPR Article 6(1)(a)) - you control this via our cookie banner.
2.3 Error Tracking Data
To maintain service quality, we collect:
- Error messages - When the application crashes or errors occur
- Stack traces - Technical details to help us fix issues
- Browser context - Browser version, OS version
Tool Used: Sentry
Legal Basis: Legitimate interest (service improvement and security).
3. Cookies We Use
3.1 Necessary Cookies (Always Active)
| Cookie Name | Purpose | Duration | Provider |
|---|---|---|---|
better_auth.session_token | User authentication | Session | n8nmcp.online |
better_auth.csrf_token | CSRF protection | Session | n8nmcp.online |
oauth_state | OAuth security | 10 mins | n8nmcp.online |
n8n-mcp-cookie-consent | Your cookie choices | 12 months | n8nmcp.online |
3.2 Analytics Cookies (Require Consent)
| Cookie Name | Purpose | Duration | Provider |
|---|---|---|---|
_ga | Google Analytics user ID | 2 years | |
_ga_* | Google Analytics session | 2 years |
You can control analytics cookies via our cookie banner or the "Cookie Settings" link in the footer.
For more details, see our Cookie Policy.
4. How We Use Your Data
We use your data to:
- Provide the service - Authenticate you, connect to n8n, execute workflows
- Improve the platform - Analyze usage patterns (with your consent)
- Fix errors - Debug and resolve technical issues
- Communicate - Send important service updates (opt-out available)
- Ensure security - Detect and prevent abuse
We never sell your data to third parties.
5. Third-Party Services
| Service | Purpose | Privacy Policy |
|---|---|---|
| Google Analytics | Website analytics | Google Privacy |
| Sentry | Error tracking | Sentry Privacy |
| Google OAuth | Authentication | Google Privacy |
| GitHub OAuth | Authentication | GitHub Privacy |
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Session cookies | Until logout or browser close |
| User account data | Until account deletion |
| Analytics data | 26 months (Google Analytics default) |
| Error logs | 90 days |
| Access logs | 30 days |
7. Data Security
We protect your data using:
- Encryption - n8n API keys encrypted with AES-256
- HTTPS - All connections encrypted with TLS
- Hashed passwords - Never stored in plain text
- Access controls - Role-based access (admin/user)
- Regular backups - Encrypted database backups
8. Your Rights (GDPR)
Under the EU General Data Protection Regulation (GDPR), you have the right to:
- Access - Request a copy of your personal data
- Rectify - Correct inaccurate data
- Erase - Delete your account and all associated data
- Restrict - Limit how we process your data
- Port - Export your data in a machine-readable format
- Withdraw consent - Change cookie preferences at any time
- Object - Object to data processing based on legitimate interest
- Complain - Lodge a complaint with your supervisory authority
To exercise your rights: Email privacy@n8nmcp.online
Response time: Within 30 days
9. International Data Transfers
Our service uses third-party providers based in the United States:
- Google LLC (Analytics, OAuth)
- Sentry (Error tracking)
- GitHub (OAuth)
These transfers are protected by:
- Standard Contractual Clauses (SCCs) - EU-approved data transfer agreements
- Adequacy decisions - Where applicable
- Privacy Shield frameworks - Where applicable
10. Children's Privacy
Our service is not intended for users under:
- 16 years old (European Union)
- 13 years old (United States)
We do not knowingly collect data from children. If you believe we have collected data from a child, contact us immediately at privacy@n8nmcp.online.
11. Changes to This Policy
We may update this Privacy Policy to reflect:
- Changes in our practices
- Legal or regulatory requirements
- New features or services
How we notify you:
- Email notification to registered users
- Notice on our website for 30 days
- Updated "Last Updated" date at the top of this page
Material changes: We will obtain your renewed consent if required by law.
12. Contact Us
For privacy questions or to exercise your rights:
Email: privacy@n8nmcp.online
Data Protection Officer: privacy@n8nmcp.online
Response time: Within 30 days (GDPR requirement)
13. Supervisory Authority
If you are in the EU/EEA and have concerns about our data practices, you may lodge a complaint with your national data protection authority:
EU Data Protection Authorities List
Related Legal Documents:
- Cookie Policy - Detailed cookie information
- Terms of Service - Platform usage terms