Privacy Policy

Last updated: May 19, 2026

1. Data Controller

The data controller is Itamos Technologia / Karamperis Konstantinos, Ermou 10, Pili, Trikala, 42032, Greece, ΑΦΜ 100267385. You can contact us at info@itamos-technologia.com.

2. What Data We Collect

When you use our services, we collect:

• Account data: Name, email address, and authentication method (email/password or Google OAuth).
• Billing data: Payment method information is processed by our payment provider (Stripe). We do not store credit card numbers on our servers.
• Service data: Your MCP server configurations, tool selections, and any data stored by your activated tools.
• Technical data: IP address, browser type, and access timestamps for security and service operation purposes.

3. How We Use Your Data

We use your data exclusively to:

• Provide and maintain the MCP hosting service.
• Process payments and manage your subscription.
• Send transactional emails (account confirmation, billing receipts, service notifications).
• Ensure security and prevent abuse.
• Comply with legal obligations.

We do not use your data for advertising, profiling, analytics beyond basic service operation, or any purpose other than providing the service you subscribed to.

4. Legal Basis for Processing

Under the GDPR, we process your data based on:

• Contract performance (Article 6(1)(b)) — to provide the service you signed up for.
• Legal obligation (Article 6(1)(c)) — to comply with tax and accounting requirements.
• Legitimate interest (Article 6(1)(f)) — for security, fraud prevention, and basic service monitoring.

5. Data Storage and Location

All data is stored on self-hosted infrastructure physically located in Greece. We do not transfer data outside the European Economic Area (EEA). Payment processing by Stripe may involve data transfers to Stripe's infrastructure, which is covered by Stripe's own GDPR compliance and Standard Contractual Clauses.

6. Data Sharing

We do not sell, rent, or share your personal data with third parties except:

• Stripe: For payment processing only.
• Legal requirements: If required by Greek or EU law, court order, or regulatory authority.

7. Data Retention

• Active accounts: Data is retained as long as your account is active.
• After cancellation: Service data (configurations, tool databases) is retained for 10 days, then permanently deleted.
• Inactive accounts: Basic account data (name, email) is retained until you request deletion.
• After account deletion request: All data is permanently deleted within 30 days.
• Billing records: Retained for 5 years as required by Greek tax law.

8. Your Rights

Under the GDPR, you have the right to:

• Access — Request a copy of all personal data we hold about you.
• Rectification — Correct inaccurate personal data.
• Erasure — Request deletion of your personal data ("right to be forgotten").
• Data portability — Receive your data in a structured, machine-readable format.
• Restriction — Request restriction of processing in certain circumstances.
• Objection — Object to processing based on legitimate interests.

To exercise any of these rights, contact us at info@itamos-technologia.com. We will respond within 30 days.

9. Cookies

We use only essential cookies required for authentication and session management. We do not use tracking cookies, analytics cookies, or advertising cookies. No cookie consent banner is required for strictly necessary cookies under EU ePrivacy rules.

10. Security

We protect your data with:

• HTTPS encryption for all connections.
• Sandbox isolation between customer environments.
• Token-based authentication.
• MD5 integrity verification on backup files.
• Infrastructure hosted on our own hardware with full physical access control.

No system is 100% secure. If we become aware of a data breach affecting your personal data, we will notify you and the Hellenic Data Protection Authority (HDPA) within 72 hours as required by GDPR.

11. Children

Our services are not directed to individuals under 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email at least 14 days before taking effect.

13. Supervisory Authority

If you believe we are processing your data unlawfully, you have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA): www.dpa.gr, Kifisias 1-3, Athens 115 23, Greece.

14. Contact

Itamos Technologia / Karamperis Konstantinos
Ermou 10, Pili, Trikala, 42032, Greece
Email: info@itamos-technologia.com