zephex
CLIGet StartedPricingMCP ToolsCommunityGuidesDocs
←BackSign in
CLIGet StartedPricingMCP ToolsCommunityGuidesDocs
Get started freeSign in
DocsAPIToolsEditorsChangelogHelp

GET STARTED

WelcomeQuickstartSetup videoMCP Q&A (learn)BlogWhat is MCP?Who is Zephex for?Plans & PricingZ-GASAB benchmarkBenchmark chart (live)Changelog

INSTALLATION

Terminal tools (complete)Connect MCPVS Code Marketplace extensionCLI (no AI agent)CLI init (first run)CLI account & logoutNPX (Recommended)Test Pulse (check test)Test Pulse commandsProject MemorySupply Pulse (supply)Supply Pulse commandsTerminal CLI referenceWeb Terminal (dashboard)Command CompassCLI commandsCLI in DockerCLI: All editors (one command)CLI: Crush, Hermes, ChatGPT, KiloOAuth & HTTP setupInstall overviewHTTP APISetup WalkthroughHTTP vs stdio

API & KEYS

API Key ManagementKey Naming & FormatAuthenticationKey Dashboard

CONFIGURATION

Universal RequirementsSupported EditorsHow It WorksArchitectureCLAUDE.md TemplateAGENTS.md Template

EDITORS28 guides

Supported EditorsVS CodeVS Code extension (Marketplace)Claude CodeCursorWindsurfJetBrains

PLATFORM

macOSWindowsLinux

TOOLS10 tools

Capabilities OverviewTools OverviewTool FilteringTool Workflowsget_project_contextread_codefind_codecheck_packageexplain_architectureZephex_dev_infocheck_testaudit_headerskeep_thinkingproject_memory

GUIDES

Best PracticesToken EfficiencyUse CasesZephex vs Local MCPZephex vs Context7Zephex vs GitHub MCPZephex vs SmitheryMCP EcosystemMarkdown Access

SUPPORT

Help CenterMCP troubleshootingTeam rolloutFAQConnection IssuesRate LimitsDowntime & ErrorsBillingTier GuidePro & Max guideUsage LimitsUsage Analytics

LEGAL

SecurityData HandlingPrivacy PolicyTerms of Service

Quick Links

API Reference

Complete API documentation

Troubleshooting

Common issues and solutions

Community

Join our Discord community

Plugins

Editor and CLI integrations

Pricing

Free, Pro, and Max plans

Enter
Zephex_devzephex-devzephexzephexhello@zephex.dev
© 2026 Zephex. All systems operational.

Legal

Security & Privacy

Zephex is a hosted MCP server. This page explains how API keys are protected, what request data we see, how long it is kept, and the controls in place to prevent abuse.

AUTHENTICATION
  • Every request requires a valid API key sent as a Bearer token in the Authorization header.
  • API keys are hashed before storage. Plaintext keys are never retained after generation.
  • Keys can be created, rotated, and revoked from the dashboard at any time.
  • Each key is scoped to a single account and inherits that account's plan limits.
  • Keys expire after 365 days by default; users can configure shorter lifetimes.
  • Failed authentication attempts are logged and rate-limited per IP.
WHAT ZEPHEX SEES

When you call a Zephex MCP tool, Zephex receives:

  • Your API key as a Bearer token, used only for authentication and discarded from memory after validation.
  • The name of the tool you called (one of the 10 supported tools).
  • The arguments you passed (such as a file path, search pattern, or URL).
  • Request metadata such as timestamp, hashed IP address, and User-Agent for rate limiting and abuse prevention.
  • The MCP client name and version from the initialize handshake (e.g., "cursor 0.50.1").

Zephex does not receive:

  • Your AI model prompt or full chat history.
  • The full contents of your repository (only the specific files referenced in tool arguments).
  • Your editor's surrounding conversation context.
  • Any data from tools you did not explicitly call.

Tool outputs pass through Zephex infrastructure before returning to your editor. Content is processed in memory and is not persistently stored.

DATA RETENTION
Data typeRetentionPurpose
API key hashUntil revoked or account deletedAuthentication
Tool name + timestamp per call90 daysUsage tracking, billing, rate limiting
Hashed IP, editor name90 daysAbuse detection, analytics
Tool input/output contentNot storedProcessed in memory, returned to client, discarded
Account data after deletionRemoved within 30 daysPrivacy compliance
MODEL TRAINING

Zephex does not use any user data — prompts, tool inputs, tool outputs, or code accessed through the tools — to train AI models. This applies across all tiers (Free, Pro, Max).

TRANSPORT
  • All traffic uses HTTPS with TLS 1.3.
  • The MCP endpoint enforces HSTS with a 1-year max-age.
  • Security headers include Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, and Referrer-Policy.
  • Session cookies use HttpOnly, Secure, and SameSite=Strict flags where applicable.
  • You can validate transport posture against any URL using the audit_headers tool.
ACCESS CONTROLS
  • Dashboard authentication uses email/password with optional TOTP-based MFA.
  • API keys support optional IP allowlists and tool-scope restrictions on Pro and Max plans.
  • OAuth 2.1 with PKCE is supported for CLI-based authentication flows.
  • Account lockout activates after consecutive failed login attempts.
  • Disposable email domains are blocked at signup.
ABUSE PREVENTION
  • Per-user rate limiting using a token-bucket algorithm prevents burst abuse.
  • Per-IP rate limiting prevents credential-stuffing attacks regardless of key count.
  • Anomaly detection flags unusual request patterns and geographic impossibilities.
  • Audit logging captures authentication events and operational changes.
YOUR DATA RIGHTS

You can request the following at any time:

  • Access — an export of all stored personal data.
  • Rectification — correction of inaccurate data.
  • Erasure — deletion of your account and all associated data.
  • Portability — a machine-readable export of your data.

Submit a request from Dashboard → Settings → Privacy, or email support@zephex.dev.

VULNERABILITY REPORTING

To report a security vulnerability, email support@zephex.dev with:

  • Steps to reproduce
  • Expected vs. actual behavior
  • Impact assessment if known

Please do not publicly disclose until we acknowledge and address the report. We aim to respond within 48 hours.

CONTACT

Security concerns: support@zephex.dev

Billing questions: billing@zephex.dev