Privacy Policy

Hashlock-Tech — Effective 2026-04-12

This policy describes how Hashlock-Tech ("we", "us") handles information in connection with the Hashlock trading platform, the Hashlock MCP server (hashlock-mcp-server), and the remote HTTP endpoint at https://hashlock.markets/mcp.

1. What Hashlock Is

Hashlock is an intent-based crypto exchange protocol. The Hashlock MCP server exposes trading tools (create, commit, explain, validate, and parse intents) to AI agents and clients via the Model Context Protocol. The remote server is a stateless proxy that forwards requests to the Hashlock backend API.

2. Data We Collect

The Hashlock MCP server is designed to minimize data collection:

Request metadata: standard HTTP logs (IP address, user-agent, timestamp, request path) are collected by our hosting infrastructure for operational purposes and abuse prevention. These logs are retained for no more than 30 days.
Intent payloads: data you submit through tools (e.g. hashlock_create_intent) is relayed to the Hashlock backend for processing. The MCP server itself does not persist this data.
API credentials: your HASHLOCK_API_KEY passes through the server as a Bearer token to the backend. It is never logged, stored, or persisted by the MCP server.
Cookies / tracking: the MCP server uses no cookies, analytics, or cross-site tracking.

3. How We Use Data

To execute trading intents you explicitly submit.
To diagnose errors and maintain service availability.
To detect and prevent abuse, fraud, or unauthorized access.

We do not sell, rent, or share your data with advertisers or data brokers.

4. Third Parties

Your requests and intent payloads are relayed to the Hashlock backend API. Backend processing, matching, and settlement are subject to Hashlock-Tech's platform terms. On-chain settlement data (transaction hashes, wallet addresses, amounts) is by nature publicly visible on the relevant blockchain.

Our infrastructure is hosted on DigitalOcean. TLS certificates are issued by Let's Encrypt.

5. Security

The MCP server uses HTTPS with a valid TLS certificate for all traffic. API keys are transmitted over TLS and never written to logs. We follow industry-standard practices for infrastructure hardening, but no online service can guarantee absolute security.

6. Your Rights

Because the MCP server does not persist user data beyond operational logs, there is typically no personal profile to access, correct, or delete. If you have specific concerns about data we may hold, contact us at the address below and we will respond within a reasonable timeframe.

7. Children

Hashlock is not directed at children under 18. We do not knowingly collect information from minors.

8. Changes to This Policy

We may update this policy to reflect changes in our services or applicable law. Material changes will be reflected in the effective date above.

9. Contact

For privacy inquiries: baris.sozen.turquoise@gmail.com

Repository and issues: github.com/Hashlock-Tech/hashlock-mcp-server