This notice supplements Curri's main Privacy Policy with information specific to the Curri MCP (Model Context Protocol) server at mcp.curri.com. The main policy remains the controlling document; this page describes only what is different or additional when you use Curri through an MCP-enabled AI client.
Last updated: May 22, 2026
The MCP server is a thin protocol bridge between an AI client (for example, Claude Desktop, Claude Code, or Cursor) and Curri's existing APIs. When you connect a client and invoke a tool, the server processes:
Access is granted via OAuth 2.1 with PKCE. You see and approve the scopes your client requests before any tool can run. You can revoke access at any time from your Curri account settings; once revoked, the client can no longer make MCP requests on your behalf.
Tool inputs and outputs are not stored on the MCP server beyond the lifetime of the request. Operational logs (request metadata, error traces) are retained on Curri's standard observability stack as described in the main Privacy Policy. Data written to Curri APIs through MCP tools (a booked delivery, for example) persists in Curri's primary systems under the standard retention rules.
All access, correction, deletion, and portability rights described in the main Privacy Policy apply unchanged. To exercise them in relation to MCP-mediated activity, or to request deletion of OAuth-issued credentials, contact [email protected].
We will update the “Last updated” date above whenever this notice changes. Material changes will also be called out in the main Privacy Policy's changelog at curri.com/privacy.