Legal
Zephex is a hosted MCP server. This page explains how API keys are protected, what request data we see, how long it is kept, and the controls in place to prevent abuse.
When you call a Zephex MCP tool, Zephex receives:
Zephex does not receive:
Tool outputs pass through Zephex infrastructure before returning to your editor. Content is processed in memory and is not persistently stored.
| Data type | Retention | Purpose |
|---|---|---|
| API key hash | Until revoked or account deleted | Authentication |
| Tool name + timestamp per call | 90 days | Usage tracking, billing, rate limiting |
| Hashed IP, editor name | 90 days | Abuse detection, analytics |
| Tool input/output content | Not stored | Processed in memory, returned to client, discarded |
| Account data after deletion | Removed within 30 days | Privacy compliance |
Zephex does not use any user data — prompts, tool inputs, tool outputs, or code accessed through the tools — to train AI models. This applies across all tiers (Free, Pro, Max).
audit_headers tool.You can request the following at any time:
Submit a request from Dashboard → Settings → Privacy, or email support@zephex.dev.
To report a security vulnerability, email support@zephex.dev with:
Please do not publicly disclose until we acknowledge and address the report. We aim to respond within 48 hours.
Security concerns: support@zephex.dev
Billing questions: billing@zephex.dev