Enerdatics Leap is a Model Context Protocol (MCP) server that exposes curated, read-only tools over Enerdatics' renewable-energy datasets — covering M&A deals, projects, financings, PPAs, company profiles, league tables, and related market data.
A customer connects their own AI assistant (such as Claude) to the server; the assistant calls our tools on the user's behalf and returns source-linked answers. This policy explains what data the service collects, how it is used and stored, who it is shared with, how long it is retained, and how to contact us.
Data we collect
We collect the minimum needed to authenticate users, operate the service, enforce tenant isolation, and maintain an audit trail.
Account & access data
- Customer record — organisation identifier, plan tier, entitlements, and an
ai_desk_enabledflag. - Credential material — for issued access tokens we store only a SHA-256 hash of the token, never the token itself. OAuth identity is handled by our identity provider (see Sub-processors).
Tool-call (audit) data
For each tools/call we record:
- The authenticated customer and credential identifiers.
- The tool name and structured parameters, with known free-text fields stripped.
- Response size, duration, and success/error status.
tools/list and initialize calls are not audited.
Feedback data
If a user invokes the submit_feedback tool, the free-text content they provide is stored and may be forwarded to an internal Enerdatics notification channel.
Operational data
- Rate-limit counters keyed to the server-derived credential.
- Standard application logs, with sensitive keys redacted (authorization, cookie, any
*_token, password,api_key,client_secret).
What we do NOT collect: We do not store end-user prompts or conversations. The natural-language prompt is processed by the customer's own AI assistant; the Leap server only receives the resulting structured tool parameters. We do not request or store payment-card data.
How we use data
- Authenticate and authorise each request, and derive customer identity server-side (never from request input) to keep tenants isolated.
- Operate and protect the service — rate limiting, error handling, and abuse prevention.
- Maintain accountability through the audit log.
- Improve the service using submitted feedback and aggregate usage patterns.
We do not sell personal data, and we do not use customer data to train machine-learning models.
Storage & security
Tool logic runs as a Cloudflare Worker. Control-plane data — customers, credentials, audit rows, rate-limit counters, and feedback — is stored in Cloudflare D1. All database access uses parameterised queries.
The underlying datasets (Quickbase; the distributed-generation dataset in Postgres via Cloudflare Hyperdrive) are systems of record queried read-only. No tool mutates source data.
All traffic is encrypted in transit over HTTPS via the Cloudflare edge. Production secrets are held in the Cloudflare wrangler secret store and are never committed to source control.
Hosting / data region: TODO: e.g. Cloudflare global edge; D1 primary region
See the accompanying Security overview for authentication, multi-tenancy, and logging details.
Third-party sub-processors
We share data only with the service providers required to run Leap.
| Sub-processor | Purpose | Data involved |
|---|---|---|
| Cloudflare, Inc. | Hosting (Workers) and control-plane database (D1) | All control-plane and audit data |
| WorkOS, Inc. | Authentication / OAuth 2.x identity | Authentication identifiers |
| Quickbase, Inc. | Renewable-energy system-of-record (read-only queries) | Query parameters only |
| Google LLC | Internal feedback notifications via Chat webhook (only if enabled) | submit_feedback content |
The AI assistant that a user connects (e.g. Anthropic's Claude) is chosen and controlled by the customer. That provider's own privacy terms govern how prompts are handled — it is not an Enerdatics sub-processor.
TODO: confirm this list matches your live deployment and DPA, and add any others (e.g. error/monitoring providers).
Data retention
- Credentials — retained until revoked or the customer relationship ends.
- Audit logs — retained for TODO: e.g. 12 months for security and accountability, then deleted or aggregated.
- Feedback — retained for TODO: retention period.
On account termination, control-plane data is deleted or anonymised within TODO: e.g. 30 days, subject to legal retention obligations.
Your rights & choices
Depending on your jurisdiction, you may have rights to access, correct, export, or delete personal data we hold about you. To exercise these rights, contact us at privacy@enerdatics.com.
Customer administrators can also request credential revocation or account deletion at any time.
Changes to this policy
We may update this policy as the service evolves. Material changes will be reflected in the "Last updated" date at the top of this page and communicated to customers where appropriate.
Contact
Questions or requests regarding this policy or your data:
- Email: privacy@enerdatics.com
- Legal entity: Enerdatics Services Private Limited. — 8th floor, Tower 3B, Thanisandra Main Rd, RK Hegde Nagar, Bengaluru, Karnataka 560064
Provider: Legal entity, e.g. "Enerdatics Services Private Limited.", registered address. Published at https://www.enerdatics.com/privacy-policy