Privacy Policy
Last Updated: February 25, 2026 · Effective: February 25, 2026
1. Who We Are
Metavolve Labs, Inc. ("we", "us", "our") operates StudioMCPHub at studiomcphub.com. We provide AI-powered creative tools accessible via the Model Context Protocol (MCP).
Contact: privacy@metavolve.com
2. Scope
This policy applies to all interactions with StudioMCPHub, whether by human users, AI agents, or automated systems. "You" refers to the person or entity operating the agent or wallet that interacts with our service.
3. Data We Collect
3a. Wallet-Based Identification
- EVM wallet addresses (used as primary identifier, stored normalized)
- We do NOT collect names, emails, phone numbers, or government IDs through the MCP server
3b. Payment & Transaction Data
- Stripe: Stripe customer ID, payment intent IDs, amounts (Stripe collects its own data per its privacy policy)
- GCX Credits: Balance, purchase history, spend history
3c. Service Usage Data
- Tool calls (which tool, when, parameter keys — not image content)
- Loyalty credits earned and redeemed
- Agent tier classification and 30-day rolling spend
- Error logs (no image content retained)
3d. Technical Data
- IP addresses (from HTTP requests, retained in Cloud Logging)
- User-Agent strings, request timestamps
3e. Data We Do NOT Collect
We do not retain AI-generated content after delivery.
We do not perform KYC or identity verification.
We do not link wallet addresses to real-world identities.
4. How We Use Your Data
- Process and fulfill tool call requests
- Verify and settle payments (x402, Stripe, GCX)
- Calculate loyalty rewards and volume tier discounts
- Prevent fraud and abuse (rate limiting, anomaly detection)
- Improve service reliability and performance
- Comply with legal obligations
5. Legal Basis for Processing (GDPR)
- Contract performance (Art. 6(1)(b)): Processing tool requests you initiate
- Legitimate interests (Art. 6(1)(f)): Fraud prevention, service improvement
- Legal obligation (Art. 6(1)(c)): Tax records, OFAC compliance
6. Data Storage & Retention
- All data stored in Google Cloud Firestore (us-west1 region, USA)
- Transaction records: retained 7 years (tax/legal requirements)
- Usage logs: retained 90 days, then aggregated/anonymized
- Loyalty accounts: retained while active; deleted after 24 months inactivity
- Wallet addresses: retained while active; deleted after 24 months inactivity
7. Data Sharing & Third Parties
- Google Cloud Platform — infrastructure provider
- Stripe — payment processing (Stripe Privacy Policy)
8. Your Rights
All Users
- Request access to data we hold about your wallet address
- Request deletion of off-chain data (Firestore records)
- Request data portability (export your transaction history)
GDPR Rights (EU/EEA Users)
- Right to rectification, restriction, objection
- Right to lodge a complaint with a supervisory authority
- Right to withdraw consent
CCPA/CPRA Rights (California Residents)
- Right to know what data is collected
- Right to delete personal information
- Right to opt-out of sale (we do not sell data)
- Right to non-discrimination
To exercise your rights, email privacy@metavolve.com with your wallet address. We respond within 30 days (GDPR) / 45 days (CCPA).
9. International Transfers
Data is processed in the United States (Google Cloud). EU users: transfer mechanism is Standard Contractual Clauses via Google Cloud's Data Processing Agreement.
10. Children
This service is not directed at individuals under 18. We do not knowingly collect data from minors.
11. Security
- Encryption in transit (TLS 1.3) and at rest (Google-managed)
- Firestore IAM access controls
- No plaintext secrets in source code (GCP Secret Manager)
- Infrastructure on Google Cloud Run (managed security)
12. Changes to This Policy
We will post updates at studiomcphub.com/privacy. Material changes announced via API response headers (X-Policy-Updated) for 30 days.
13. Contact
Metavolve Labs, Inc.
San Francisco, California
privacy@metavolve.com