This addendum describes data processing for the Aivie Marketing Automation MCP app. It supplements Aivie’s general Privacy Policy. The general information described there on responsibility, rights, contact, security, and retention also applies to the use of the MCP app, unless this addendum states otherwise.
The Aivie MCP app provides selected Aivie features via the Model Context Protocol (MCP) for AI clients such as ChatGPT or Claude. Use is optional.
Processed data
The MCP app processes data from the authenticated Aivie account only when a user instructs their MCP client to use an Aivie tool.
Depending on the tool used, the following data may be processed in particular:
- Customer and brand configurations such as public company profile, website, colors, fonts, social media profiles, and other public brand information.
- Contact, campaign, segment, email, email theme, report, and timeline data that the authenticated Aivie user has access to.
- Email metadata and email content that the user provides when creating or updating emails.
- Tool arguments required for the desired action, such as IDs, filters, pagination, language, subject line, MJML, HTML, or text content.
The MCP app does not request credit card data, official identification numbers, passwords, MFA codes, API keys, or precise location data.
Types of tools
Most MCP tools are read-only. For example, they search and load CRM data, reports, or email themes.
A small number of tools can create contact notes or create and update email drafts. The MCP app does not provide tools that delete data, send emails, or start campaigns.
Purpose of processing
Data is processed to execute the user’s specific request via the MCP client. This includes, in particular, searching and retrieving CRM data, creating or updating Aivie emails, loading brand context, and returning structured results to the MCP client.
MCP tool data is not sold and is not used for advertising, behavioral profiling, or unrelated analyses.
Returning data to the MCP client
Tool responses contain only the data required for the requested result. structuredContent contains the machine-readable result. content.text contains a short summary for the user.
Before MCP outputs leave the server, they are checked by a server-side PII Guard. This masks known personal data and secrets. Personal fields such as email addresses, last names, and company names are partially masked, for example joh[REDACTED]. Phone numbers and address fields are redacted. Secrets such as JWTs, AWS keys, and long random tokens are removed.
Intended Aivie or Twig placeholders such as {{ lead.email }} are preserved.
Audit logs
Each MCP tool call is logged for security reasons, error analysis, and abuse prevention.
Audit logs may contain the following information:
- Authenticated Aivie user ID.
- Token or username.
- Name of the tool used.
- Associated entity ID, if available.
- Hash of the tool input.
- Status of PII detection and applied protective measures.
- Success or error status.
- Error code, if available.
- Tool execution time.
Audit logs do not store raw MJML content, raw HTML, raw Twig content, the client IP address, or the user agent.
Sharing of data
Data is shared only to the extent necessary to use the MCP app. This includes:
- The MCP client used by the authenticated user, such as ChatGPT or Claude.
- Aivie infrastructure and service providers required for operation, security, and error analysis of the respective Aivie instance.
- Other recipients where required by law or on the customer’s instructions.
The MCP app does not crawl external websites and is not intended as an unofficial connector to third-party services.
Retention
MCP session data is retained according to the configured MCP session store and its time-to-live.
Audit logs are stored according to the logging and security retention settings of the respective Aivie environment.
Email, campaign, segment, contact, report, and configuration data remains stored in the customer’s Aivie instance and is subject to the normal retention and deletion rules applicable there.
Control by users and customers
Access to the MCP app is provided via OAuth bearer tokens and the permissions of the authenticated Aivie user. If a token is revoked or a user’s permissions are changed, this affects future MCP access.
Users can disconnect from the MCP app at any time in the connector settings of their MCP client.
Customers can manage or delete underlying CRM, email, campaign, segment, and configuration data directly in their Aivie instance, as far as their permissions and retention rules allow.
General Privacy Policy
For more information on data protection, the rights of data subjects, and contact options, see Aivie’s general Privacy Policy.
Last updated: June 12, 2026