MCP Privacy
What you should know before connecting GrantIQ to ChatGPT or Claude.
Two parties, two different privacy regimes
When you ask your AI assistant to use GrantIQ, your prompt and the assistant's reply pass through two separate systems with two separate data-handling policies:
- GrantIQ — the data we store about your use of the MCP tools. Covered below.
- Your AI host (OpenAI for ChatGPT, Anthropic for Claude) — the data they store about your conversation. Covered by their privacy policies. Importantly, whether they use your prompts to train future models depends on which plan you're on.
Which host plans are training-safe by default
Per OpenAI and Anthropic's current help docs (re-check at install time — these policies evolve):
| Plan | Training default |
|---|---|
| ChatGPT Free / Plus / Go / Pro (consumer) | May be used unless you opt out in Settings → Data Controls |
| ChatGPT Business / Enterprise / Edu | Not used for training by default |
| Claude Free / Pro (consumer) | May be used unless you opt out |
| Claude Team / Enterprise | Not used for training by default |
| Claude API / Managed Agents | Not used for training |
The implication for consultants: if you're prepping client material in chat and you're on a consumer plan with default settings, the client's name, the funding amount they're chasing, and the project narrative could end up in a model's training set. We're not the data controller for that — your host AI is — but we surface this caveat once, here and on the consent screen, so you can make the informed choice before connecting.
What GrantIQ stores about you (and what we don't)
When you use the MCP tools, GrantIQ writes structured records to its own database. We deliberately do not store the contents of your conversation:
We store
- Your organisation profile — sectors, topics, location, organisation type, optional stage / TRL. Only the fields you provided through onboarding or via the
org-profile://currentresource. - A per-tool-call usage event: timestamp, tool name, outcome (ok / rate_limited / error), latency in milliseconds, your user id, and the OAuth client id of the host you connected from. Used for quota enforcement and product analytics.
- An install event per (you, OAuth client) pair — when ChatGPT or Claude first exchanged a token. Used for the install → first-call funnel measurement.
- Subscription state-transition events — webhook receipts from Stripe (subscribed, renewed, payment_failed, canceled). Idempotent, used for billing audit.
We do not store
- Your prompts — the question you asked your AI assistant. We never see it; we only see the resolved tool call (e.g.
find_opportunities(limit: 5)). - The assistant's reply — what the AI said back to you. Not stored, not logged.
- Anything tying your activity to a specific named individual beyond the user id — we don't store names, email addresses (other than your account email), or device fingerprints in usage events.
Where to opt out of training in your host
- ChatGPT — Settings → Data Controls → turn off “Improve the model for everyone”. Per-conversation: use Temporary Chat.
- Claude — Settings → Privacy → turn off the model-improvement toggle. Anthropic also offers Claude API access where prompts are not used for training by default.
- For both: re-check at install time — these settings move as the platforms iterate.
Data-controller / processor split
Under UK GDPR, GrantIQ is the data controller for the records described above (organisation profile, usage events, install events, subscription events). Your AI host is the data controller for the contents of your conversation with it. Stripe is the processor for billing data we route through them (Stripe is the controller for the payment-method PII it collects directly from you in Checkout).
We have a self-assessed Data Protection Impact Assessment (DPIA) on file covering the MCP-specific data flows. It is not published publicly but is available to data-protection-officer counterparties on request via contact@grantiq.co.uk.
Your rights
UK GDPR rights of access, rectification, erasure, portability, and objection apply. The GrantIQ web app at grantiq.co.uk is the canonical surface for exercising those rights — sign in there, and your MCP-side records (usage events, install events) are part of the same account so requests covered there cover both surfaces. For the AI host's data about your conversation, you must contact the host directly.
Last updated: 2026-05-07. This page is the user-facing summary of the GrantIQ MCP DPIA; the full DPIA (internal) lives at docs/plans/mcp-platform/DPIA-MCP.md and is signed off by the founder.