Skip to content

Privacy Policy

BioMCP is a read-only biomedical CLI and MCP server. This page describes BioMCP's own privacy posture for the Anthropic directory and links to the provider-specific terms that still apply when a query touches an upstream API.

BioMCP data handling

  • BioMCP does not add telemetry, analytics, or remote log upload.
  • BioMCP does not operate a hosted control plane that collects or stores your prompts, queries, API keys, or results.
  • BioMCP sends tool-request data only to the upstream biomedical providers needed to satisfy the command you run.
  • BioMCP is read-only. It does not modify external systems, write back to source databases, or create side effects in third-party services.

Anthropic and upstream providers

  • When you use BioMCP through Claude or another MCP client, Anthropic or that client platform may process tool inputs and outputs under its own policies. BioMCP does not control that layer.
  • Upstream providers may log requests, apply their own retention windows, and enforce their own privacy policies and terms of service.
  • Use the Source licensing reference for provider-specific links, auth expectations, and reuse notes.

API keys and credentials

  • API keys are supplied by the user at runtime and are not committed to this repository or bundled into the .mcpb package.
  • BioMCP passes configured keys through to upstream APIs only when the relevant command requires them.
  • Keep sensitive keys scoped to the least privilege and rotation policy your organization allows.

Retention and sensitive data

BioMCP does not define a separate retention period because it does not collect or store request payloads. Anthropic/Claude and upstream providers may retain request data according to their own privacy policies. Do not send protected health information (PHI) or other sensitive patient data to third-party APIs unless your organization has approved that workflow.

Output and clinical use

BioMCP is a research and workflow aid. Validate clinically relevant information against primary sources, official labels, and your institution's policies before using it for patient care or operational decisions.

Contact and support

For privacy questions or support, use GitHub issues or the troubleshooting guide.