Privacy for AI Assistants.

What This Policy Covers

This policy is specific to the Rolli MCP (Model Context Protocol) connector at https://mcp.rolli.ai. It explains what personal data the connector processes when you authorize an AI assistant — such as Anthropic Claude, OpenAI ChatGPT, or any other MCP-compatible client — to access your Rolli IQ account on your behalf.

This policy is additional to, not a replacement for, the main Rolli Privacy Policy at https://rolli.ai/privacy. Your Rolli IQ account data continues to be governed by the main policy. This page documents only what happens at the MCP connector layer.

The MCP connector is a thin OAuth 2.0 proxy. It exposes the same Rolli IQ tools you already use in the web app (keyword searches, user searches, topic trees, integration settings, usage data) so that AI assistants can call them conversationally. No tool runs without your explicit OAuth consent, and you can revoke access at any time.

Information We Collect

Authentication data. When you connect an AI client, we store an encrypted OAuth grant record containing your Rolli IQ access token. This record is associated with the AI client's session and is how the connector calls the Rolli IQ API on your behalf.

OAuth state tokens. Short-lived records (10 minute TTL) used to prevent CSRF during the authorization redirect flow. Each contains a PKCE verifier and your in-flight authorization request.

Your Rolli user ID. Derived from the sub field of Rolli's OIDC userinfo endpoint when you sign in. Used solely to associate the grant with your account.

Data fetched from Rolli IQ on your behalf. When the AI calls a tool, the connector fetches data from the Rolli IQ API using your access token and returns it to the AI client. Depending on the tool, this may include keyword search records, user search results (including social media posts), topic analyses, integration settings, and API usage statistics. This data is fetched live per request and not persisted by the connector beyond the single request.

What we do NOT collect. We do not log the content of tool responses, we do not retain the arguments you pass to tools beyond ephemeral HTTP request logs, we do not sell or share your data with any third party other than the AI client you explicitly authorized and Rolli IQ, and we do not use your data for advertising or model training.

How Your Data Is Protected

OAuth grants are stored in Cloudflare Workers KV with per-grant AES-256-GCM encryption. The encryption key is wrapped with the issued MCP token itself, meaning the encrypted blob at rest is cryptographically useless without the live token. This is an end-to-end pattern: even Rolli cannot decrypt your stored tokens without the corresponding active MCP session token.

All traffic to mcp.rolli.ai uses TLS 1.2 or higher. The OAuth 2.0 flow uses PKCE with SHA-256 (S256) code challenges for both the MCP client to connector exchange and the connector to Rolli IQ exchange. Authorization codes are single-use and expire after 10 minutes.

Error messages returned to AI clients are automatically sanitized. Any substring that looks like a token (20+ alphanumeric characters) is replaced with [REDACTED] and error bodies are truncated to 200 characters. This prevents accidental credential leakage through error responses.

Upstream requests to Rolli IQ have a 30-second timeout to prevent hung handlers. All tool parameters are validated via strict Zod schemas before any network call.

Third Parties

Cloudflare. The MCP connector runs on Cloudflare Workers and stores encrypted grant data in Cloudflare Workers KV. Cloudflare processes requests in transit through its global edge network and retains short-lived operational logs. Cloudflare's privacy practices: https://www.cloudflare.com/privacypolicy/.

Rolli IQ (app.rolli.ai). The upstream API that holds your actual search data. The connector's only role is to forward authenticated requests and return responses. Your data at rest lives on Rolli IQ's infrastructure, governed by the main Rolli Privacy Policy.

Your AI client of choice. When you use the connector through Anthropic Claude, OpenAI ChatGPT, or another MCP-compatible client, that client's own privacy policy applies to how it handles the tool responses it receives. We have no control over what the AI client does with the data once it receives it. Review each client's terms before authorizing it.

Social media platforms (Twitter/X, Reddit, Bluesky, YouTube, Facebook, Instagram, Threads, and others). Rolli IQ independently collects publicly available content from these platforms. The MCP connector does not contact these platforms directly — it only relays data that Rolli IQ has already collected.

Data Retention

OAuth access tokens expire one hour after issuance, per Rolli IQ policy. Refresh tokens expire after 30 days. MCP grants remain active until you revoke them, the refresh token expires, or you delete your Rolli IQ account.

OAuth state tokens auto-expire 10 minutes after creation and are single-use — they are deleted from Workers KV after the authorization flow completes.

Standard HTTP request logs are retained by Cloudflare for up to 30 days for security and operational debugging, then deleted. These logs do not contain tool response contents or authentication tokens.

When you revoke a grant (via your AI client's connector settings or via Rolli IQ), the grant record is deleted immediately from Workers KV. Associated access tokens become invalid at the same moment.

Your Rights

Revoke access at any time. Remove the Rolli MCP connector from your AI client's settings (Claude → Settings → Connectors; ChatGPT → Settings → Connectors) or revoke the OAuth grant directly in Rolli IQ. Revocation takes effect immediately.

Request deletion. Contact [email protected] to request deletion of your MCP grant records. Because the connector stores only an encrypted grant bundle (cryptographically useless without your live token), deletion is typically near-instantaneous.

Request access. You can request a copy of the data we hold about you. At the MCP connector layer this is typically a metadata-only export (grant creation time, associated AI client name, authorized scopes) — the underlying Rolli IQ data is subject to the main Rolli Privacy Policy's access procedures.

Exercise your rights under applicable law (GDPR, UK GDPR, CCPA, LGPD, and similar). Contact [email protected] and we will respond within the timeframes required by law in your jurisdiction.

International Data Transfer

The MCP connector is hosted on Cloudflare's global edge network. Requests to mcp.rolli.ai may be processed in any Cloudflare data center worldwide, typically the one closest to the requesting AI client. Your encrypted grant data is stored in Cloudflare Workers KV, which Cloudflare distributes across multiple regions for durability.

If you are located in the EU/EEA, UK, or Switzerland, we rely on Cloudflare's Standard Contractual Clauses (SCCs) and supplementary measures for data transfer outside those regions. See https://www.cloudflare.com/trust-hub/gdpr/ for Cloudflare's cross-border transfer documentation.

Children

The Rolli MCP connector is not directed at children under 16. We do not knowingly process data about children. The Services require an active Rolli IQ account, which has its own age-gating policies. If you believe a child has created a Rolli account and authorized the MCP connector, contact [email protected] and we will delete the associated data.

Changes to This Policy

We may update this policy as the MCP connector evolves. Material changes will be reflected in the effective date at the top of this page. If the changes materially affect how we process your data, we will notify you at the email address associated with your Rolli IQ account.

Contact

Questions, concerns, or requests related to this MCP connector privacy policy:

Rolli LLC · 1212 5th Street, Suite 1-400, Santa Monica, CA 90401 · [email protected]

For security vulnerability disclosures related to the MCP connector specifically, please contact [email protected]. For general Rolli IQ support, please see https://rolli.ai/contact.