PRIVACY POLICY

Last updated May 4, 2026

This Privacy Policy for AVELIN AI L.L.C-FZ (doing business as AVELIN AI) ("we," "us," or "our"), describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you:

  • Access, authenticate with, or use AVELIN MCP. AVELIN MCP is a backend integration framework and API application. It acts as a secure data bridge, allowing users to connect third-party enterprise tools, software, and internal systems to external Large Language Models (LLMs), AI agents, or custom applications using Model Context Protocol (MCP) servers.
  • Engage with us in other related ways, including any marketing or events.

Questions or concerns? Reading this Privacy Policy will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at hello@avelin.ai.

SUMMARY OF KEY POINTS

This summary provides key points from our Privacy Policy. For full details on any of these topics, please refer to the Table of Contents below to locate and read the corresponding section within this document.

  • What personal information do we process? When you use or authenticate with our Services, we may process personal information depending on how you interact with us, the choices you make, and the APIs you authorize.
  • Do we process any sensitive personal information? We do not process sensitive personal information.
  • Do we collect any information from third parties? We do not collect any information from third parties outside of the specific tools you explicitly authorize via our MCP servers.
  • How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.
  • In what situations and with which parties do we share personal information? We may share information in specific situations and with specific third parties (such as the LLMs you explicitly connect to).
  • How do we keep your information safe? We have adequate organizational and technical processes and procedures in place to protect your personal information.
  • What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information.
  • How do you exercise your rights? The easiest way to exercise your rights is by contacting us at hello@avelin.ai.

TABLE OF CONTENTS

  1. WHAT INFORMATION DO WE COLLECT?
  2. HOW DO WE PROCESS YOUR INFORMATION?
  3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?
  4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
  5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
  6. DO WE OFFER ARTIFICIAL INTELLIGENCE-BASED PRODUCTS?
  7. HOW DO WE HANDLE THIRD-PARTY LOGINS AND INTEGRATIONS?
  8. HOW LONG DO WE KEEP YOUR INFORMATION?
  9. HOW DO WE KEEP YOUR INFORMATION SAFE?
  10. DO WE COLLECT INFORMATION FROM MINORS?
  11. WHAT ARE YOUR PRIVACY RIGHTS?
  12. CONTROLS FOR DO-NOT-TRACK FEATURES
  13. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
  14. DO OTHER REGIONS HAVE SPECIFIC PRIVACY RIGHTS?
  15. DO WE MAKE UPDATES TO THIS POLICY?
  16. HOW CAN YOU CONTACT US ABOUT THIS POLICY?
  17. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

1. WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you register on the Services, when you configure your API settings, or otherwise when you contact us.

Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:

  • Email addresses (for account identification, API quota management, and security notices)
  • Authentication data (including OAuth tokens, refresh tokens, and API keys necessary to connect your selected third-party tools)

Sensitive Information. We do not process sensitive information.

API Integrations and Third-Party Data. We provide the ability to connect our Model Context Protocol (MCP) servers to your existing enterprise or third-party accounts, including Google services. If you choose to authorize a connection in this way, we will temporarily access and process data from the provider (such as your Gmail, Calendar, Contacts, or Tasks data, or equivalent payload data from other integrated platforms, strictly depending on the specific permissions you grant), as described in the section called "HOW DO WE HANDLE THIRD-PARTY LOGINS AND INTEGRATIONS?" below.

API Data. If you use our MCP integration application, we primarily collect this information to maintain the security and operation of our application, for troubleshooting, to calculate API usage quotas, and for our internal analytics and reporting purposes. All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

Information automatically collected

In Short: Some information — Technical metadata — such as your Internet Protocol (IP) address and API request logs — is collected automatically when your applications connect to our MCP Services.

We automatically collect certain technical information when you connect to, query, or utilize the Services. This information does not reveal your specific identity but includes integration and usage metadata, such as your IP address, server or client environment characteristics, operating system, request timestamps, API endpoints accessed, error rates, latency metrics, and data transfer volumes. This information is strictly needed to maintain the security and uptime of our API infrastructure, calculate usage quotas, troubleshoot routing errors, and prevent system abuse.

The information we collect includes:

  • We only access data from the specific tools you explicitly connect and authorize via individual authentication flows (e.g., authenticating a specific MCP Server). For example, depending on which individual services you choose to connect, we access data from tools such as, but not limited to, Gmail, Google Calendar, Google Contacts, Google Tasks, and any other Google APIs you subsequently authorize, strictly to provide the integration, routing, and AI features you request from that specific tool.
  • We do not use data obtained through Google Workspace APIs (including Gmail, Google Calendar, Google Contacts, Google Tasks, or any future integrations) to serve or target advertisements, and we only process this data to provide the user-facing AI features explicitly requested by you through our Services.
  • We do not allow humans to read your Google API data unless we have your affirmative agreement for specific troubleshooting, doing so is necessary for security purposes (such as investigating abuse), to comply with applicable law, or for the Services' internal operations where the data has been aggregated and anonymized.

2. HOW DO WE PROCESS YOUR INFORMATION?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

  • To facilitate account creation and authentication and otherwise manage user accounts.
  • To deliver and facilitate delivery of services to the user (such as routing your API data to your requested LLM).
  • To respond to user inquiries/offer support to users.
  • To send administrative information to you.
  • To protect our Services from fraud, prompt injections, and abuse.
  • To identify usage trends so we can improve the platform.

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?

In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason to do so under applicable law.

If you are located in the EU or UK, this section applies to you.

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information:

  • Consent. We may process your information if you have given us permission to use your personal information for a specific purpose. You can withdraw your consent at any time.
  • Performance of a Contract. We may process your personal information when we believe it is necessary to fulfill our contractual obligations to you.
  • Legitimate Interests. We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests (e.g., diagnosing network problems, preventing fraud).
  • Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations.

If you are located in Canada, this section applies to you.

We may process your information if you have given us specific permission (i.e., express consent) or implied consent. You may request to withdraw your consent at any time by adjusting your account settings or by emailing us directly at hello@avelin.ai. Your withdrawal of consent is only deemed valid and effective once we have explicitly received, acknowledged, and processed your request (which may take up to 30 days).

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In Short: We may share information in specific situations described in this section and/or with the following third parties.

We may need to share your personal information in the following situations:

  • Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition.

5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In Short: We may use cookies and other tracking technologies to collect and store your information.

We may use cookies and similar tracking technologies to gather operational information when you interact with the AVELIN MCP authentication interface or dashboard. These online tracking technologies are strictly used to manage authenticated user sessions, maintain the security of our Services, prevent crashes, fix bugs, save your infrastructure preferences, and assist with core platform functionality.

We do not use tracking technologies for third-party advertising, nor do we permit third parties to track you for targeted marketing purposes. We do not sell or share your data, profile, or AI interactions with external ad networks. Any analytics tools we use are strictly for our own internal performance monitoring and network diagnostics, and remain completely isolated from your proprietary AI inputs and data.

6. DO WE OFFER ARTIFICIAL INTELLIGENCE-BASED PRODUCTS?

In Short: We offer an integration framework that securely routes your data to the artificial intelligence models of your choice.

As part of our Services, we provide a Model Context Protocol (MCP) framework that connects your authorized enterprise data to products powered by artificial intelligence. We route your payloads securely to the third-party Large Language Models (LLMs), custom AI agents, or external AI service providers (collectively, "AI Service Providers") that you specifically configure and authorize.

As outlined in this Privacy Policy, your fetched third-party data will be routed to and processed by these AI Service Providers strictly based on your connected configurations to enable your desired AI workflows. You must not use the Services in any way that violates the terms or policies of the specific AI Service Provider you choose to connect. All data processed through our Services is handled in line with this Privacy Policy, ensuring high security and safeguarding your personal information during routing.

7. HOW DO WE HANDLE THIRD-PARTY LOGINS AND INTEGRATIONS?

In Short: If you choose to register, log in, or connect external tools using a third-party account or API (such as Gmail, Calendar, Contacts, Tasks, or other enterprise integrations via granular MCP authentication), we may have access to certain information about you.

Our Services offer you the ability to connect external enterprise tools using third-party account details (such as Google OAuth or other third-party APIs via MCP). Where you choose to do this, we will receive certain profile information and data from your provider based strictly on the exact, granular permissions you grant during the individual authentication flow for that tool.

We will use the information we receive strictly for the purposes that are described in this Privacy Policy—namely, to authenticate your account and execute your requested AI orchestration tasks (e.g., reading an email to summarize it, drafting a calendar event, or fetching contacts from an integrated enterprise app). We do not collect "friends lists," nor do we use this data for social media tracking or advertising. Please note that we do not control, and are not responsible for, other uses of your personal information by your third-party providers. We recommend that you review their privacy notices to understand how they collect, use, and share your personal information.

8. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy unless otherwise required by law.

We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Policy. Because AVELIN MCP acts as a routing layer, payload data fetched from integrated APIs is processed transiently to execute your prompts and is not permanently stored or databased. Authentication data (like OAuth tokens) is retained only for as long as you maintain an active account and connection with us. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information.

9. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We aim to protect your personal information through a system of organizational and technical security measures.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

10. DO WE COLLECT INFORMATION FROM MINORS?

In Short: We do not knowingly collect data from or market to children under 18 years of age.

We do not knowingly collect, solicit data from, or market to children under 18 years of age. By using the Services, you represent that you are at least 18. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and promptly delete such data. If you become aware of any data we may have collected from children under age 18, please contact us at hello@avelin.ai.

11. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: Depending on your state of residence in the US or in some regions, such as the European Economic Area (EEA), United Kingdom (UK), Switzerland, and Canada, you have rights that allow you greater access to and control over your personal information.

In some regions, you have certain rights under applicable data protection laws. These may include the right to request access, request rectification or erasure, restrict processing, data portability, and not to be subject to automated decision-making. You can make such a request by contacting us at hello@avelin.ai. We will consider and act upon any request in accordance with applicable data protection laws.

If you are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. Upon your request to terminate your account, we will deactivate or delete your account, authentication tokens, and information from our active databases.

12. CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers include a Do-Not-Track ("DNT") feature. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals.

13. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: If you are a resident of certain US states (such as California, Colorado, or Virginia), you may have the right to request access to, correct, or delete your personal information.

We operate primarily as a B2B enterprise service provider. However, to the extent applicable under US state privacy laws, you have the right to request access to the personal data we process about you, request corrections to inaccuracies, or request deletion of your data. We do not "sell" or "share" your personal data for cross-context behavioral advertising. To exercise any applicable privacy rights, please submit a request to hello@avelin.ai. We will verify your request and respond in accordance with applicable law.

14. DO OTHER REGIONS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: You may have additional rights based on the country you reside in.

Australia and New Zealand: We collect and process your personal information under the obligations and conditions set by Australia's Privacy Act 1988 and New Zealand's Privacy Act 2020. At any time, you have the right to request access to or correction of your personal information.

Republic of South Africa: At any time, you have the right to request access to or correction of your personal information.

15. DO WE MAKE UPDATES TO THIS POLICY?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Revised" date at the top of this Privacy Policy.. We encourage you to review this Privacy Policy frequently to be informed of how we are protecting your information.

16. HOW CAN YOU CONTACT US ABOUT THIS POLICY?

If you have questions or comments about this notice, you may email us at hello@avelin.ai or contact us by post at:

AVELIN AI L.L.C-FZ Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba Dubai, Dubai 00000

United Arab Emirates

17. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information (including revoking API access tokens). To request to review, update, or delete your personal information, please contact us at hello@avelin.ai.