This policy explains what information Provenance by Kaleidoscope ("we," "us," or "our") collects when you use this site and the Provenance Connect MCP connector, how we use it, and how long we keep it.
For the full Kaleidoscope company privacy policy — covering all products and services — visit
kscope.io/privacy.
Information We Collect
We collect only what is necessary to operate this site and the Provenance Connect connector:
- Email address — when you submit a request-access form, subscribe to The Dispatch, or authenticate with the Provenance Connect MCP connector via OAuth magic link.
- Web server logs — standard request logs (IP address, browser, page visited, timestamp) generated automatically by our server. These are used for security monitoring and diagnosing errors.
- OAuth session state — a short-lived session token used during the MCP authentication flow. Not stored after the session ends.
We do not use tracking pixels, third-party ad networks, or behavioral analytics. We do not collect payment information on this site.
How We Use It
- To respond to access requests and onboard invited users to the Provenance Connect connector.
- To send The Dispatch newsletter to subscribers who have opted in.
- To authenticate MCP connector users and enforce allowlist access controls.
- To monitor service health and investigate security incidents via server logs.
We do not sell, rent, or share your personal information with third parties for marketing purposes.
Provenance Connect MCP Connector — Specific Notes
- The only personal data collected for connector access is your email address (used as the allowlist identifier).
- No prompt content, tool inputs, or query results are retained beyond standard service logs.
- Access tokens are 30-day JWTs. Revoking access takes effect on the next request.
- All connector traffic is HTTPS-only (TLS 1.2+). The connector is read-only and cannot modify any data.
Data Retention
- Email addresses — retained while your account or subscription is active. Deleted within 30 days of an opt-out or access revocation request.
- Server logs — retained for up to 90 days for security and operational purposes, then deleted.
- OAuth tokens — expire after 30 days and are not reissued without re-authentication.
Your Rights
You may request access to, correction of, or deletion of any personal information we hold about you. To exercise these rights, email us at privacy@kscope.io. We will respond within 30 days.
To unsubscribe from The Dispatch, use the unsubscribe link in any email or contact us directly.
Cookies
This site does not use tracking or analytics cookies. The only cookies set are strictly necessary session cookies used during OAuth authentication for the Provenance Connect MCP connector.
Changes to This Policy
If we make material changes, we will update the date at the top of this page. Continued use of the site after changes are posted constitutes acceptance of the revised policy.
Contact
Questions about this policy: privacy@kscope.io
Full company privacy policy: kscope.io/privacy