Legal
Last updated: June 7, 2026
Cast ("we", "us", "our") operates the Cast platform at getcast.io. We turn OpenAPI specifications into hosted MCP servers. This policy explains what data we collect, how we use it, and your rights.
Account data. Name, email address, and password (bcrypt-hashed) when you sign up.
Workspace configuration. OpenAPI specs you upload, tool enable/disable choices, and auth configuration. Auth secrets (API keys, OAuth client secrets, passwords) are encrypted with AES-256-GCM before storage and never logged in plaintext.
Usage data. Tool call logs (endpoint, status code, latency, timestamp). We use these for analytics, debugging, and billing. Logs are retained for 90 days by default.
Billing data. Payment is processed by Telr. We store your plan tier and subscription ID, not your card details.
Technical data. IP addresses, user agents, and request metadata collected incidentally by our infrastructure.
We use your data to: operate and improve the Cast platform; send transactional emails (billing receipts, password resets); detect and prevent abuse; comply with legal obligations; and provide customer support.
We do not sell your data to third parties. We do not use your API specs or tool call logs to train AI models.
We share data only with: infrastructure providers necessary to operate the service (AWS, DigitalOcean, Redis); our payment processor (Telr); and law enforcement when required by valid legal process.
Account data is retained until you delete your account. Workspace configurations are soft-deleted and permanently purged after 30 days. Tool call logs are retained for 90 days. You can request earlier deletion by emailing privacy@getcast.io.
See our Security page for a full description of our encryption, access control, and incident response practices.
We use session cookies for authentication and no third-party tracking cookies. We do not run advertising on the platform.
Depending on your jurisdiction, you may have the right to access, correct, export, or delete your personal data. Contact privacy@getcast.io to exercise any of these rights. We respond within 30 days.
Cast is not directed at children under 16. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us and we will delete it.
We'll notify you by email and update the "Last updated" date if we make material changes. Continued use after notice constitutes acceptance.
Questions? Email us at privacy@getcast.io.