Privacy Policy

Data We Collect

Account data: email address, password digest, account timestamps, admin status, and selected MCP icon pack preferences.

Session data: authentication cookies, session records, IP address, user agent, and timestamps used to keep you signed in and protect the service.

MCP and OAuth data: bearer tokens or signed token identifiers, OAuth clients and authorization records, MCP request method names, request parameters, responses, statuses, timestamps, and the account associated with the request.

How We Use Data

We use data to authenticate users, keep sessions permanent until sign-out or deletion, provide MCP access, save icon pack preferences, debug failed requests, improve reliability, prevent abuse, and operate the service.

Cookies

SVGFarm uses a signed permanent session cookie to keep you signed in. You can clear it by signing out or deleting browser cookies.

MCP Request Logs

MCP request logs may contain method names, parameters, responses, status values, timestamps, and user association. Avoid sending secrets, private business data, or personal information through icon search prompts or MCP parameters unless you are comfortable with that data being logged for service operation and debugging.

Payments

If SVGFarm adds paid plans, payment details should be handled by a payment processor. SVGFarm should avoid storing full card numbers directly and should keep only the account, plan, billing status, and processor identifiers needed to provide paid access.

Sharing

We do not sell personal data. We may share data with infrastructure, hosting, email, analytics, security, or payment providers when needed to operate SVGFarm, comply with law, prevent abuse, or protect the service.

Retention

We keep account, session, MCP, OAuth, and operational records for as long as needed to provide the service, maintain security, debug issues, comply with legal obligations, and resolve disputes. Logs may be deleted or aggregated when they are no longer needed.

Your Choices

You can sign out, clear cookies, update icon pack preferences, rotate copied tokens by changing account access when supported, or ask the service operator for help accessing or deleting account data.

Security

SVGFarm uses password hashing, signed cookies, and account-scoped access controls. No internet service is perfectly secure, so you should keep credentials and MCP tokens private.

Changes

This policy may change as SVGFarm adds features, payment plans, integrations, or infrastructure providers. Material changes should be reflected on this page.