Privacy Policy
Last updated: August 9th, 2025
1. Who we are
Dedalus Labs, Inc. ("Dedalus Labs," "we," "our" or "us") provides a gateway-as-a-service for the Model Context Protocol ("MCP") that lets developers build and deploy agentic AI workflows through a single API endpoint. Our website is https://dedaluslabs.ai, and our registered corporate address is 1395 22nd St, Suite 457, San Francisco, CA 94107, USA.
2. Scope of this policy
This Privacy Policy explains how we collect, use, disclose, and protect personal information when you:
- visit or interact with our websites, dashboards, or documentation;
- create a Dedalus account, purchase credits, or enable Auto-Reload;
- send API traffic through our MCP gateway; or
- communicate with us via email, Discord, support tickets, or social media.
All content uploaded, published, or shared through the Service, including MCP servers, workflows, Marketplace listings, and comments, is subject to our Dedalus Content Policy, which is incorporated into our Terms of Service.
If you're an enterprise customer with a separate data-processing agreement (DPA) in place, that DPA will control to the extent of any conflict.
3. Information we collect
| Category | Data elements | Source |
|---|---|---|
| Account Data | Name, email, password hash, GitHub / OAuth ID, company name | You |
| Payment Data | Last 4 digits of card, card brand, expiration month/year, Stripe customer ID | Stripe |
| Usage Data | IP address, user-agent, request/response sizes, token counts, model IDs, tool manifests | Automatically through Cloudflare Workers, edge logs, and internal analytics |
| Content Data | Model prompts and outputs you send through our API (may include personal data at your discretion) | You / your application |
| Support Data | Chat logs, emails, bug reports | You |
We do not knowingly collect data from children under 13, and our Service is directed to developers and businesses.
4. How we use information
- Provide and maintain the Service: Authenticate you, route API calls, allocate credits, process payments.
- Improve and secure: Monitor performance, detect abuse, debug errors, run analytics, and A/B tests.
- Communicate: Send transactional emails (receipts, credit-low alerts), respond to support requests, and, if you opt in, product updates or newsletters.
- Legal & compliance: Satisfy record-keeping obligations, enforce our Terms (including our Content Policy), resolve disputes, and comply with lawful requests.
For users in the EEA/UK, our legal bases are performance of a contract, legitimate interests (e.g., Service security), and, where required, your consent.
7. Third-Party Integrations
The Service may interoperate with or route traffic to Model Context Protocol ("MCP") servers, tools, plug-ins, or other services that we do not operate ("Third-Party Integrations"). We do not control, and are not responsible for, the content, security, or privacy practices of any Third-Party Integration. Your use of a Third-Party Integration is at your own discretion and subject to that provider's own terms and policies.
8. International transfers
We are a U.S. company. If you access the Service from outside the U.S., your data may be processed in the U.S. or other countries with different data-protection laws. Where required, we rely on Standard Contractual Clauses or equivalent safeguards.
9. Data retention
- Account & billing records: Kept for as long as your account is active, then up to 7 years for tax/audit purposes.
- API logs: Retained for 30 days by default, unless you request a different window for enterprise plans.
- Support tickets & emails: Kept for the life of the issue and archived for 24 months.
Content Data can be deleted sooner via our "purge log" feature or an email request from the account owner.
10. Security
We employ TLS 1.3 encryption in transit, AES-256 encryption at rest, least-privilege access controls, automatic key rotation, and routine penetration testing. Stripe is PCI DSS Level-1 certified, and Cloudflare Workers isolates customer code per request. No method is 100% secure, but we work hard to protect your information.
11. Your rights
Depending on your jurisdiction, you may have rights to:
- Access, correct, or delete personal data;
- Object to or restrict processing;
- Port data to another service; and
- Withdraw consent at any time.
Submit requests via email to legal@dedaluslabs.ai. We may verify your identity before acting.
12. Changes to this policy
We'll post any changes on this page and, for material changes, notify you by email or in-product notice at least 30 days before they take effect. Continued use after the effective date constitutes acceptance.
13. Contact us
Questions or concerns? Email legal@dedaluslabs.ai or write to Dedalus Labs, Inc., 1395 22nd St, Suite 457, San Francisco, CA 94107, USA.