Firety Logo
Create MCP
LegalPolicies, terms, and agreements for Firety.

Firety Privacy Policy

Last updated: 29 January 2026

This Privacy Policy explains how Mariano Pardo Limited (company registration number C 98382) (“Firety”, “we”, “us”, “our”) collects, uses, shares, and protects personal data.

Company details
Mariano Pardo Limited
Burmarrad Road, Level 2, The Fort Hardrocks Business Park, Naxxar, NXR 6345, Malta
Email: info@firety.com
TIN: 970655802
VAT: MT28107412

Firety is a B2B service. Even in a business context, we still process personal data (for example, business contact details, account users, and technical identifiers).

1. How this policy applies

1.1 When Firety is a controller

We are the controller for personal data we process to:

  • run our website,
  • create and manage accounts,
  • provide billing and customer administration,
  • communicate with you (including support),
  • operate and secure our Services.

This Privacy Policy applies to that controller processing.

1.2 When Firety is a processor

When you use Firety to deploy and operate MCP servers (for example, your Deployments) and you send data through the Services, Firety may process personal data on your behalf. In that case:

  • you are the controller (or a processor), and
  • Firety acts as your processor (or subprocessor).

That processing is governed by our Data Processing Addendum (DPA) available at:
https://firety.com/legal/dpa

If you are an end user interacting with a Customer’s MCP/Deployment, you should direct privacy requests to that Customer (the controller). We will assist them as required by the DPA.

2. Personal data we collect

We collect personal data from:

  • you (for example when you create an account or contact support),
  • your device or browser (for example IP address and usage telemetry),
  • our payment processor (for example payment status and billing information),
  • third-party providers you use to sign in (for example OAuth providers),
  • third-party providers we use to operate the Services.

Depending on how you use Firety, we may process:

2.1 Account and contact data

  • name, business email, company name
  • account identifiers
  • authentication and security-related information (for example login events)

2.2 Authentication data (OAuth sign-in)

If you choose to sign in using third-party OAuth providers (for example Google, LinkedIn, or GitHub), we may receive limited profile information from that provider such as:

  • name, email address, profile image, and provider user ID (depending on what you approve)

OAuth providers process personal data under their own privacy policies. They are typically independent controllers for their own processing.

2.3 Billing and transaction data

  • billing address, country, VAT ID (where provided)
  • invoices, receipts, subscription status
  • payment status and payment method metadata from Stripe (we do not intentionally store full card details)

2.4 Technical, usage, and log data

  • IP address and approximate location derived from IP (for example to display local currency)
  • device and browser information
  • timestamps and in-product actions
  • usage metrics used for plan limits, metering, and overage billing (for example Requests and Credits)
  • operational logs and diagnostics

By default, our systems are designed to log metadata and diagnostics rather than request bodies. Customers may configure logging features, and some content may appear in logs if it is included in error messages or similar telemetry.

2.5 Website analytics data

We use SimpleAnalytics in a privacy-friendly, cookieless configuration. We receive statistics about website usage (for example page views and referrers).

2.6 Customer Content (processed on your instructions)

Customer Content may include personal data if you (or your users) submit it, including:

  • prompts, inputs, tool payloads, outputs
  • configuration and deployment metadata
  • request/response metadata sent through your Deployments

This category is typically processed by Firety as a processor under the DPA.

2.7 Support and communications

  • emails, messages, and attachments you send us
  • issue reports, bug reports, and feature requests

3. How we use personal data (purposes)

We use personal data to:

3.1 Provide and operate the Services

  • create and administer accounts
  • provision and operate Deployments
  • deliver features you request, including AI-assisted features where enabled
  • measure usage and enforce plan limits

3.2 Billing and payments

  • process subscriptions and add-ons
  • calculate and charge overages if you have opted in
  • manage invoices, taxes, and accounting

3.3 Security, abuse prevention, and reliability

  • detect, prevent, and investigate fraud, abuse, and security incidents
  • protect Firety, our customers, and third parties
  • maintain service reliability, debug issues, and perform maintenance

3.4 Customer support and communications

  • respond to support requests
  • send service-related notices (for example incident updates, billing notices, and important account messages)

3.5 Improve our Services

  • understand usage patterns and improve performance and functionality
  • develop new features and maintain documentation

3.6 Marketing (business-to-business)

  • send product updates or information that may be relevant to business users

You can opt out of marketing communications at any time by contacting us or using an unsubscribe link where provided.

Where GDPR applies, you may object to direct marketing at any time and we will stop.

4. Legal bases for processing (GDPR/UK GDPR)

Where GDPR or UK GDPR applies, we rely on the following legal bases:

  • Contract: to provide the Services under our Terms and to administer your account and billing.
  • Legitimate interests: to secure the Services, prevent abuse, improve the Services, communicate with business users, and conduct B2B marketing where permitted. We balance these interests against your rights.
  • Legal obligations: to comply with tax, accounting, and other legal requirements.
  • Consent: where required by law (for example, if we introduce non-essential cookies in the future or certain marketing communications where consent is required).

Where we rely on legitimate interests, you may object to that processing in certain circumstances.

5. How we share personal data

We may share personal data with:

5.1 Service providers (processors and subprocessors)

We use providers to operate the Services, such as:

  • Cloudflare (infrastructure and edge services)
  • Stripe (payments and billing)
  • MongoDB Atlas (database and storage services)
  • DigitalOcean (infrastructure services)
  • Amazon Web Services (Amazon SES) (sending transactional and support emails)
  • Google Workspace (Gmail) (business email and customer communications)
  • SimpleAnalytics (website analytics)

We may also use third-party AI providers to deliver AI-assisted features where enabled, which may include:

  • OpenAI
  • Anthropic
  • Google (Gemini)

Provider usage can change over time. Where we act as a processor for Customer Content, our subprocessor commitments and notice and objection process are described in the DPA.

5.2 Professional advisers and legal compliance

We may share personal data with professional advisers (for example lawyers or accountants) and with authorities where required by law, legal process, or to protect rights and safety.

5.3 Business transfers

If Firety is involved in a merger, acquisition, financing, reorganization, or sale of assets, personal data may be shared as part of that transaction, subject to appropriate safeguards.

6. International transfers

Firety is based in Malta, but our providers may process personal data in multiple countries, including countries outside the EEA and the UK.

Where personal data is transferred outside the EEA or UK in a way that is restricted by law, we use appropriate safeguards, such as:

  • adequacy decisions (where available), and/or
  • Standard Contractual Clauses (SCCs) and, for UK transfers, the UK Addendum (or another lawful mechanism).

Details of transfer safeguards for Customer Content processed by Firety as a processor are in the DPA:
https://firety.com/legal/dpa

You can request more information about our transfer safeguards by contacting: privacy@firety.com.

7. Data retention

We retain personal data only as long as necessary for the purposes described in this Privacy Policy.

Typical retention periods include:

  • Operational logs and telemetry: typically up to 90 days, unless a longer period is required by law or needed to resolve disputes or security incidents.
  • Account data: for as long as your account is active. After account closure, we typically retain account data for up to 12 months, unless we need it for legal claims, security, abuse prevention, or compliance obligations.
  • Billing and invoice records: as required by applicable accounting and tax laws.
  • Support communications: for as long as needed to address the request and maintain a support history, unless you request deletion and we are able to comply.

Retention may be extended where necessary to comply with legal obligations or to establish, exercise, or defend legal claims.

8. Security

We implement reasonable technical and organizational measures designed to protect personal data. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for securing your own systems, credentials, and Deployments, including protecting secrets.

9. Your rights

Where GDPR or UK GDPR applies, you may have rights to:

  • access your personal data
  • correct inaccurate or incomplete personal data
  • request deletion (subject to legal and contractual limits)
  • restrict or object to certain processing
  • data portability (where applicable)
  • withdraw consent (where processing is based on consent)
  • lodge a complaint with a supervisory authority

9.1 How to exercise rights

To exercise rights relating to data where Firety is the controller, contact: privacy@firety.com

We may need to verify your identity and authority before responding to your request.

If your request relates to personal data processed through a Customer’s Deployment (where Firety acts as a processor), please contact the relevant Customer (the controller). We will assist them as required by the DPA.

9.2 Complaints

You may lodge a complaint with your local supervisory authority. In Malta, the supervisory authority is the Office of the Information and Data Protection Commissioner (IDPC).
Website: https://idpc.org.mt/

10. Cookies and similar technologies

10.1 Cookies we use

We aim to use only essential cookies on our website.

We do not intentionally use analytics cookies for website measurement because we use SimpleAnalytics in a cookieless configuration.

Certain cookies may still be set by Stripe during payment-related flows. These cookies may be necessary for payment processing, authentication, fraud prevention, and payment security.

10.2 Consent and cookie banner

Where required by law, non-essential cookies are only set after you provide consent.

Because we aim to use only essential cookies (and cookieless analytics), we may show an informational cookie notice rather than a consent banner. If we introduce non-essential cookies in the future (for example marketing cookies), we will update our implementation to request consent where required.

10.3 Managing cookies

You can manage cookies through your browser settings. If we provide cookie preference controls on our website, you can also use those controls.

11. Automated decision-making

We do not use personal data for automated decision-making that produces legal or similarly significant effects on individuals.

12. Children

The Services are intended for business use and are not directed to children. We do not knowingly collect personal data from children.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time by posting an updated version at:
https://firety.com/legal/privacy
and updating the “Last updated” date.

If changes are material, we may provide notice by email and/or in-product notice. Continued use of the Services after the effective date means you accept the updated Privacy Policy.

14. Contact

If you have questions about this Privacy Policy or our privacy practices, contact: privacy@firety.com.