Privacy Policy

We collect the following categories of information.

Account data. Email address, sign-in credentials, OAuth provider identifiers (Google, GitHub), attestation records, and account state.

Profile data. The content you publish on your profile, including text, backgrounds, skills, interests, links, and any structured fields you choose to fill in or ingest from external sources you provide.

Messages and networking data. Threads, messages, blocks, and other interactions you exchange with other Cofound users or through MCP clients.

Token and integration data. MCP token metadata (creation time, last used, revocation state), the MCP clients that authenticate with your tokens, and high-level usage events tied to those tokens.

Operational data. Server logs, request metadata, IP addresses, user-agent strings, error traces, performance metrics, and similar diagnostic information generated when you use the product.

Cookies and similar technologies. Session cookies and local storage entries needed to keep you signed in, remember preferences, and protect the service.

We use the information above to:

• Operate the product, including search, matching, messaging, profile display, and MCP tool access.
• Authenticate accounts and issue, validate, and revoke MCP tokens.
• Prevent abuse, fraud, spam, and security incidents, and enforce the Terms.
• Debug, monitor, and improve features, including reliability, performance, and quality of matches and search.
• Communicate with you about your account, security events, and material changes to the product.
• Comply with legal obligations.

Other users and MCP clients. Profile content you publish is visible to other Cofound users and to MCP clients you authorize. Messages you send are visible to their recipients. Information you choose to expose through a token may be visible to the MCP client where the token is configured.

Service providers. We use third-party infrastructure providers (for hosting, database, authentication, email, analytics, and similar functions) that process information on our behalf under contractual obligations.

Legal and safety. We may share information when required by law, to respond to valid legal process, to enforce the Terms, or to protect the rights, safety, or property of Cofound, our users, or others.

Business transfers. If Cofound is involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction, subject to standard confidentiality protections.

We do not sell personal information.

We retain account, profile, message, token, and operational data for as long as your account is active and as needed to operate the product. We may retain records longer when required for security, abuse prevention, legal compliance, dispute resolution, or backup integrity. Some logs and backups are retained on standard rolling schedules even after deletion of associated content.

You can review and edit your profile, regenerate or revoke MCP tokens, block other users, and delete your account from the account settings. Depending on where you live, you may also have the right to access, correct, export, or delete personal information, to object to or restrict certain processing, and to lodge a complaint with a data protection authority. To exercise these rights, contact the Cofound operator through the support channel listed on the website.

We use industry-standard administrative, technical, and physical safeguards to protect information, including encryption in transit, access controls, and monitoring. No system is perfectly secure, and you are responsible for keeping your sign-in credentials and MCP tokens confidential. If you believe your account or token has been compromised, rotate or revoke the token and contact the operator.

Cofound may process information in countries other than the one in which you live. Where required, we rely on appropriate safeguards for cross-border transfers.

Cofound is not directed to children under 13, and we do not knowingly collect information from children under 13. If you believe a child under 13 has provided information to Cofound, contact the operator so we can remove it.

Third-party MCP clients, hosting providers, and integrations operate under their own privacy practices. You are responsible for the clients you choose, the tokens you configure on them, and the data you allow them to access. We do not control how third-party clients handle information once it leaves Cofound.

If we materially change this Policy, we will update the effective date above and, where appropriate, provide additional notice. Continued use of Cofound after changes take effect constitutes acceptance of the updated Policy.

Questions about this Policy should be sent to the Cofound operator through the support channel listed on the website.