marco/buildmymcpserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
09688c1114
buildmymcpserver/apps/web/app/(marketing)/privacy/page.tsx
Marco Sadjadi 09688c1114 feat(web): real 3-step wizard, settings, audit, docs, marketing pages 
Sprint 3.5: close every dead link and replace the single-step wizard with the
spec-mandated 3-step flow.

Wizard:
- Step 1 collects prompt + name + slug, calls /v1/servers/preview.
- Step 2 renders parsed tools (name, description, input schema as copyable JSON)
  + a credential field per requiredSecret Claude actually identified. Self-contained
  servers see 'No credentials needed' instead of generic Notion placeholders.
- Step 3 streams the live build over WebSocket and shows install snippets.

New dashboard pages:
- /settings — org, plan/usage, members table, API keys + billing stubs (Sprint 4),
  encryption status. Reads /v1/me/org.
- /audit — filterable table over /v1/audit with action pills, resource refs, IP,
  metadata JSON.

Docs site (/docs + 6 sub-pages):
- Sticky 240px sidebar, max-w-prose article column, shared DocsTitle/H2/Code primitives.
- Quickstart, MCP concepts, OAuth 2.1 flow (full walkthrough with curl), Authoring
  tools, Self-hosting, API reference, FAQ.

Marketing pages:
- /changelog with tagged release timeline.
- /security with 8 pillars + disclosure.
- /privacy with GDPR-aware sections.
- /terms (10 clauses).
- /pricing full page (nav now points here instead of /#pricing anchor).
- /status with live 10s probes against /api/health and /login.

Footer 'system status' badge now links to /status.

All 20 routes 200 OK in smoke crawl. Typecheck clean across packages.
2026-05-19 18:20:31 +02:00

104 lines
4.0 KiB
TypeScript
Raw Blame History

export const metadata = { title: 'Privacy — BuildMyMCPServer' };
const SECTIONS = [
{
h: 'What we collect',
p: [
'Account: email, organization name, the IP address of your sign-in.',
'Workspace: the prompts you send to the generator, the generated server specifications, build logs, server names and slugs you choose.',
'Tool-call metrics: counts, latencies, status codes — never the request or response payloads. We only know that a tool was called, how long it took, and whether it succeeded.',
'Billing: Stripe customer id + subscription metadata for paid plans. Card details never touch our servers.',
],
},
{
h: 'What we do NOT collect',
p: [
'Plaintext credentials. Every secret you save is AES-256-GCM encrypted before it hits storage. We have no ability to read them; only your container at runtime can.',
'Tool-call payloads. The arguments your AI client sends and the responses our server returns are not stored or logged.',
'Browsing data, cross-site tracking, advertising identifiers.',
],
},
{
h: 'Where it lives',
p: [
'EU region by default (Hetzner Falkenstein, Germany).',
'Postgres + Redis + container hosts are all in the same region.',
'Backups encrypted at rest in Backblaze B2 EU.',
],
},
{
h: 'Subprocessors',
p: [
'Anthropic (generation) — only the prompt text you send. Anthropic\'s data-retention policy applies.',
'Hetzner (compute).',
'Backblaze (encrypted backups).',
'Stripe (billing).',
'Cloudflare (DNS + DDoS).',
],
},
{
h: 'Retention',
p: [
'Active account: all workspace data kept while subscribed.',
'Cancelled account: 30-day grace period, then full deletion (servers, builds, logs, audit).',
'Audit log: 1 year on Team+, 30 days on Pro/Hobby.',
'Tool-call metrics: 30 days, then aggregated to daily counts.',
],
},
{
h: 'Your rights (GDPR)',
p: [
'Access — export everything in JSON via the settings page (Sprint 4) or by email.',
'Deletion — delete your organization in settings; everything goes within 30 days.',
'Rectification — change name and email yourself; everything else is editable on request.',
'Portability — the generated TypeScript source of every server is yours, downloadable.',
],
},
];
export default function Privacy() {
return (
<div className="mx-auto max-w-3xl px-6 py-16">
<header className="mb-12">
<div className="text-[11px] uppercase tracking-[0.16em] text-[--color-fg-subtle]">
Privacy policy
</div>
<h1 className="mt-2 text-[32px] font-semibold tracking-tight">Privacy</h1>
<p className="mt-3 text-[14px] leading-relaxed text-[--color-fg-muted]">
Plain language. What we collect, where it lives, how to get it deleted. Last updated
2026-05-19.
</p>
</header>
<div className="space-y-9">
{SECTIONS.map((s) => (
<section key={s.h}>
<h2 className="text-[16px] font-semibold tracking-tight">{s.h}</h2>
<ul className="mt-3 space-y-1.5">
{s.p.map((p) => (
<li
key={p}
className="relative pl-4 text-[13.5px] leading-relaxed text-[--color-fg-muted] before:absolute before:left-0 before:top-2 before:size-1 before:rounded-full before:bg-[--color-fg-subtle]"
>
{p}
</li>
))}
</ul>
</section>
))}
<section>
<h2 className="text-[16px] font-semibold tracking-tight">Contact</h2>
<p className="mt-3 text-[13.5px] leading-relaxed text-[--color-fg-muted]">
Data controller: BuildMyMCPServer. Email{' '}
<a className="text-[--color-accent] underline" href="mailto:privacy@buildmymcpserver.com">
privacy@buildmymcpserver.com
</a>{' '}
for any of the above.
</p>
</section>
</div>
</div>
);
}
Reference in New Issue View Git Blame Copy Permalink