Privacy Policy

Last updated: May 17, 2026

1. Overview

This Privacy Policy explains how mkdshare.DEV ("the Service") collects, uses, stores, and discloses information when you use the website, REST API, MCP server, document viewer, editor, comments, and related features.

We use personal data only to operate, secure, maintain, and improve the Service, communicate with users, comply with legal obligations, and handle abuse or support requests. We do not sell personal data.

2. Information We Collect

We collect the following categories of information:

  • Account information: Google account ID, name, email address, and profile picture from Google OAuth.
  • Authentication information: session data, API tokens, and device authorisation records used for MCP sign-in.
  • User content: document titles, markdown content, visibility settings, allowed emails, allowed domains, expiry dates, comments, replies, resolved comment state, and document versions.
  • Usage and operational data: creation and update timestamps, last activity time, MCP tool events, document counts, user counts, and admin analytics used to understand and operate the Service.
  • Technical data: request data that may be processed by the app or hosting provider, such as IP address, user agent, headers, logs, and error information.
  • Preferences: browser cookies used for display preferences such as theme or developer mode.

3. Google User Data

When you sign in with Google, we request basic profile information and email address. We use this data to create and authenticate your account, show your identity to collaborators on comments and shared documents, enforce access controls, and support MCP device sign-in.

We do not use Google user data for advertising, sell it, or transfer it except as needed to provide and secure the Service, comply with law, or as otherwise described in this policy.

4. How We Use Information

We use information to:

  • authenticate users and API/MCP requests;
  • create, render, share, restrict, edit, archive, expire, and restore documents;
  • display comments, replies, author names, and profile pictures to authorised viewers;
  • maintain document version history and re-anchor annotations after edits;
  • provide API and MCP functionality to connected clients and AI assistants;
  • monitor activity, debug issues, prevent abuse, and protect the Service;
  • generate aggregate admin analytics such as user, document, and MCP usage counts; and
  • respond to support, deletion, access, or legal requests.

5. Sharing and Visibility

Your documents and comments are shared according to the visibility settings you choose. Public documents can be viewed by anyone with the link and may be indexed, copied, or shared by third parties. Login-required, email-restricted, domain-restricted, and expiring documents are available to users who satisfy the configured access rules.

Author names and profile pictures may be shown with comments and replies to users who can access the relevant document. Allowed email lists and domains are used to enforce document access and collaboration.

We may disclose information to service providers that help us operate the Service, to comply with law, to protect rights and safety, to investigate abuse, or as part of a business transfer such as a merger or acquisition.

6. Service Providers

The Service uses third-party providers, including Google for OAuth authentication and device authorisation, and Render for application hosting. These providers may process information according to their own terms and privacy policies. Connected MCP clients, AI assistants, scripts, and API consumers may also receive or process content if you connect them or give them your token.

7. Cookies and Local Preferences

The Service uses cookies for sessions and display preferences, including theme and developer mode. These cookies are used to operate the Service and remember your preferences. We do not currently use advertising cookies.

8. Retention and Deletion

We keep account information, documents, comments, versions, API tokens, device auth records, and operational data for as long as needed to provide the Service, maintain security, comply with obligations, resolve disputes, and enforce our terms.

Deleting or editing current document content may not immediately remove prior versions, comments, logs, backups, or related records. You may request deletion of your account and associated data by contacting us. Some information may be retained where necessary for legal, security, backup, or abuse-prevention purposes.

9. Security

We use reasonable technical and organisational measures to protect information, including account authentication, token-based API access, access checks, and hosting infrastructure controls. No system is perfectly secure. You are responsible for protecting your Google account, API tokens, connected clients, and document sharing settings.

10. International Processing

The Service and its providers may process and store information in countries other than your own. By using the Service, you understand that information may be transferred to and processed in those locations, subject to applicable law.

11. Your Rights and Choices

Depending on where you live, you may have rights to request access, correction, deletion, export, restriction, or objection to certain processing of your personal data. You can also regenerate API tokens from the API access page and sign out at any time.

12. Children

The Service is not intended for children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided personal data, contact us and we will take appropriate steps.

13. Changes to This Policy

We may update this policy from time to time. When we do, we will update the "Last updated" date. Continued use of the Service after changes are posted means the updated policy applies.