Privacy Policy - Stape MCP Server for Google Tag Manager
Last updated: June 20, 2025
Overview
This privacy notice aims to give you information on how Stape, Inc. ("we", "us", "our", the "Company") will collect and process personal data when you use the Stape MCP Server for Google Tag Manager ("you", "your").
This privacy notice only relates to how the Company will process personal data related to the MCP Server service. It is important that you read this privacy notice together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you.
This privacy notice supplements the other notices and is not intended to override them. You can find precise information on your rights regarding your personal data, international transfers of data, and the Company contact details in the Stape, Inc. Privacy Notice available at https://stape.io/privacy-notice.
Data We Process
Stape MCP Server for Google Tag Manager processes the following categories of your personal data:
Authentication Data
- OAuth Access Tokens: We store only OAuth 2.0 access tokens required for Google Tag Manager API authentication
- Google Login ID: Associated with your authentication session for service access
What We Do NOT Collect
- We do not maintain a user database
- We do not collect, store, or retain any personal information beyond authentication tokens
- We do not store any Tag Manager data, containers, or user content
- No user data or Tag Manager content passes through our service for storage
Where Data is Stored
- OAuth access tokens are securely stored in encrypted cloud storage
- No other user data or information is stored anywhere in our system
- No data is shared with third parties or with other users or tools
Legal Basis for Processing
We will only use your personal data when the law allows us to. We process authentication data for service-related purposes because such processing is necessary for the performance of a contract to which you are a party (GDPR Art. 6.1.b). Without this information, it will be impossible to perform the agreement between you and us.
How We Use Data
- Authentication Only: Access tokens are used exclusively to authenticate API requests between MCP clients and Google Tag Manager
- No Data Processing: We do not process, analyze, or manipulate any data from Google Tag Manager APIs
- Proxy Function: We act solely as a pass-through middleware, relaying requests and responses
Google API Compliance and Limited Use Requirements
This service complies with Google's Limited Use requirements for applications utilizing sensitive API scopes.
Affirmative Compliance Statement:
"The use of raw or derived user data received from Workspace APIs will adhere to the Google User Data Policy, including the Limited Use requirements."
Stape MCP Server for Google Tag Manager has access to your Google Tag Manager accounts, containers, workspaces, and items within, so that MCP clients can use the service to interact with these items through our middleware proxy.
AI/ML Model Training Prohibition
Our application does NOT use Google Workspace or Tag Manager user data to train or improve AI/ML models at all. Specifically:
- We do NOT use, transfer, or sell user data from Google APIs to create, train, or improve any machine learning or artificial intelligence models (foundational or otherwise)
- We do NOT use data for generalized AI/ML model development
- We do NOT use data for personalized AI/ML models
- We do NOT retain any user data obtained through Google APIs beyond the authentication process
- We do NOT use any raw data, aggregated data, anonymized data, or derived data from Google APIs for any AI/ML purposes
- Our service operates as a pure middleware proxy without data retention, processing, or analysis capabilities
- No data is shared with third parties or with other users or tools
- No data is used for any machine learning, artificial intelligence, or algorithmic purposes whatsoever
Data Sharing
We do NOT:
- Share user data with third parties
- Sell or transfer any information to external services
- Use data for advertising or marketing purposes
- Retain data for analytics or business intelligence
Data Security
- All data transmission occurs over encrypted HTTPS connections
- OAuth tokens are stored securely in our cloud infrastructure
- We implement industry-standard security practices for token management
Data Retention
- OAuth Tokens: Personal data will be processed and retained until the purposes of processing are met by the Company
- User Data: No user data is retained - all GTM data passes through our service without storage
- Logs: Basic system logs may be retained for up to 30 days for operational purposes only
Your Rights
You can:
- Revoke access at any time through your Google Account settings
- Contact us to request token deletion
- Disconnect the MCP server from your applications
Children's Privacy
Our service is not intended for use by children under 13. We do not knowingly collect information from children under 13.
Changes to This Policy
We may update this Privacy Policy occasionally. We will notify users of significant changes by updating the effective date.
Contact Information
For questions about this Privacy Notice or our data practices, please contact us at support@stape.io.
Last Updated: June 20, 2025