Privacy · Founders.host

This notice explains how Founders.host handles data for the MCP artifact hosting service.

What we collect

Access-token claims, token identifiers, bucket or tenant identifiers, plan tier, and basic operational timestamps.
Artifacts you upload, including filenames, content type, size, visibility, storage key, public page metadata, and optional handoff fields.
Provenance metadata when supplied by the client, including agent name, model name, prompt hash, content hash, project tag, and related upload metadata.
Account data when you sign in, link a token, claim artifacts, create share links, receive notifications, or manage billing.
Payment and subscription records handled through Stripe. Founders.host does not store full card numbers.
Server logs needed to run the service, investigate abuse, measure usage, debug failures, and enforce quotas.

To authenticate MCP calls, route uploads, serve artifact pages, enforce storage limits, and keep each token's artifacts isolated.
To show hosted artifacts, raw file URLs, provenance cards, account dashboards, friend links, notifications, and billing state.
To prevent abuse, detect operational failures, investigate security issues, and improve install, upload, and sharing flows.
To contact you about your account, paid subscription, service changes, support requests, or important security notices.

Public artifacts are intentionally reachable at their Founders.host page URL and may be indexed, embedded, reshared, cached, or previewed by third-party services.
Private artifacts do not render through public artifact routes. They may still be accessible to people you explicitly grant access to through account, recipient, or share-link flows.
Do not upload secrets, regulated data, credentials, or files you are not allowed to share. Agents can make mistakes; review visibility before publishing sensitive material.

Founders.host uses infrastructure providers for hosting, storage, authentication, payments, analytics, email or notifications, and operational logging.
We share data with those providers only as needed to operate the service, process payments, authenticate accounts, deliver artifacts, or comply with legal obligations.
We may disclose data if required by law, to protect the service, to investigate abuse, or during a business transfer such as an acquisition or restructuring.

Artifacts are designed to persist until deleted, subject to plan limits, abuse controls, storage failures, or account termination.
Deleting an artifact removes the primary object and related provenance where the product supports deletion, but caches, backups, logs, and third-party previews may retain copies for a limited period.
You can request account, token, billing, or artifact help through the contact address below.

Founders.host scopes storage operations by token and tenant, uses bearer tokens for MCP access, and keeps private artifact routes separate from public reads.
You are responsible for keeping access tokens private and rotating or revoking them when you suspect compromise.
No internet service is perfectly secure. Report suspected security issues quickly so they can be investigated.

Questions about this notice or a specific artifact can be sent to dante@perea.ai. For product behavior, see the agent docs.