Privacy · Last updated 2026-05-06

Your tokens are encrypted.

OAuth tokens are encrypted at rest using libsodium sealed boxes. Decryption happens only in-memory during a tool call. We never log argument payloads — only tool name + duration + status.

Sub-processors: Vercel, Supabase, Clerk, Stripe, Sentry, Cloudflare. Phase 2 adds Fly.io for the long-lived MCP gateway (no token storage there).

Email privacy@plugway.dev for export or deletion.