mcpfor.work
DocsFAQHome
DraftThis is a plain-language draft describing how the product is designed to work. It has not yet been reviewed by counsel and is not the final agreement — it will be finalized before the hosted service launches.

Security

Last updated: 11 July 2026

Security here is mostly architectural — the safest data is the data we never handle. Here's how the product is built to protect you.

The intelligence never touches our servers

All the thinking runs in your own AI client and browser. We make zero server-side LLM calls, so your prompts and conversations never reach us — there’s no model on our side to leak them, and nothing to train on your data.

Authentication

We use magic-link sign-in — there is no password to phish, reuse, or breach. Sessions are scoped and can be revoked from your dashboard. Connecting your AI client uses standard OAuth, with a grant you can revoke at any time.

Tenant isolation

The hosted database enforces row-level isolation so your data is only ever reachable by you. It’s a structural guarantee, not a per-query convention.

Encryption & sensitive fields

Traffic is encrypted in transit (TLS). Optional demographic (EEO) data is encrypted at rest and never used in scoring. Your salary floor is a private field, used only to filter matches.

Payments

Card payments are handled by Stripe. We never see or store your full card details.

Your control

  • Export everything as JSON, or delete your account and all data, any time.
  • Automation runs only in your own browser session — there is never a server-side robot acting as you.
  • Prefer maximum control? Self-host: your data never leaves your machine.

Responsible disclosure

Found a vulnerability? We welcome reports and will work with you in good faith. Email security@mcpfor.work — please give us reasonable time to fix before public disclosure.

PrivacyTermsSecurityContact