This Privacy Policy describes how Brightwing Systems, LLC ("we," "us," or "our") collects, uses, and protects your information across all of our applications and services.
Covered Applications
This policy applies to all Brightwing Systems products and services, including:
- AI Cost Manager (aicostmanager.com) — Multi-provider AI cost tracking
- AI Prompt Bucket (aipromptbucket.com) — Managed prompt registry
- PatchworkMCP (patchworkmcp.com) — Agent feedback for MCP servers
- ConfigPig (configpig.com) — Managed config file registry
- Deplixo (deplixo.com) — App deployment and hosting platform
- MCP Manager — Desktop app for MCP server management
- MCP Scoreboard (mcpscoreboard.com) — MCP server quality leaderboard
- AITokenPricer (aitokenpricer.com) — LLM pricing reference
- GitHub Action Watch — GitHub Actions monitoring dashboard
- brightwingsystems.com — Our corporate website
1. Information We Collect
Deployed Content (Deplixo)
When you deploy an app through Deplixo, we collect the code and files you submit (HTML, CSS, JavaScript, and related assets), along with any optional metadata you provide (such as an app title or custom URL slug).
Data Received via AI Platform Integrations
Several of our services integrate with third-party AI platforms (such as Claude by Anthropic and ChatGPT by OpenAI) through the Model Context Protocol (MCP). When you deploy an app from within an AI assistant, the deploy payload—your code, files, and metadata—is sent from the AI platform to our MCP server and then to our API. We receive and store only the deploy payload. We do not receive, access, or store your conversations with the AI assistant, and we do not share your deployed content back to the AI platforms.
Account Information
When you create an account on any of our applications, we collect your email address and, if you use social login (Google or GitHub), basic profile information provided by those services (such as your name and profile picture). Some services (such as Deplixo) allow you to use the service without creating an account.
Usage Data
We collect standard server logs (IP addresses, browser type, pages visited, timestamps) to operate and improve our services. This includes logs generated by both our main application servers and our MCP servers. For Deplixo deployed apps, we track page views using a privacy-friendly visitor hash—we do not store raw IP addresses in page view records.
App Storage Data (Deplixo)
If your deployed app uses the built-in data storage (collections or SQL via the Deplixo SDK), that data is stored on our servers to provide cross-session and cross-device data persistence.
Application-Specific Data
- AI Cost Manager: API usage data, cost records, provider configurations, and budget settings you submit for tracking.
- AI Prompt Bucket: Prompt content, version history, environment configurations, and team assignments.
- PatchworkMCP: MCP server feedback data, agent session logs, and pull request metadata.
- ConfigPig: Configuration file content, version history, format metadata, and label assignments.
- MCP Manager: MCP server configurations stored locally on your device. Credentials are stored in your OS keychain and never transmitted to our servers.
- MCP Scoreboard: Publicly available MCP server metadata. No personal data is collected beyond optional account information.
- AITokenPricer: No personal data is collected. The site is fully anonymous.
- GitHub Action Watch: GitHub repository names and workflow run data you choose to monitor.
Payment Information
Payments are processed by Stripe. We do not store credit card numbers or full payment credentials on our servers. Stripe's privacy policy governs how your payment data is handled.
Cookies
We use essential cookies for authentication and session management (for users with accounts). We also use a small number of functional cookies to remember your preferences (such as theme settings). We do not use third-party advertising or tracking cookies.
Error & Performance Data
We use Sentry for error tracking. When errors occur, we collect technical data including stack traces, browser information, and request metadata to diagnose and fix issues.
2. Legal Basis for Processing
We process your personal information on the following legal bases:
- Contract performance: To provide the services you have requested, including hosting and serving your deployed apps and managing your accounts.
- Legitimate interest: To operate, maintain, and improve our services, detect abuse, and ensure security.
- Consent: Where required by applicable law, such as for optional communications.
3. How We Use Your Information
- To host and serve the apps you deploy (Deplixo)
- To provide persistent storage for your deployed apps
- To provide, maintain, and improve our services
- To authenticate your identity and manage your account
- To process payments and manage billing
- To communicate with you about the services (e.g., security alerts, updates)
- To respond to support requests
- To diagnose technical issues and monitor service health
- To detect and prevent fraud, abuse, or security incidents
We do not sell your personal data. We do not use your data for advertising. We do not train AI models on your content.
4. Data Sharing
We do not sell your personal information. We may share information only in the following circumstances:
- Public apps (Deplixo): Code you deploy to Deplixo is publicly accessible by design. Anyone with the URL can view your deployed app, and if forking is enabled, they can view its source code. Data stored by your app through the Deplixo SDK is accessible to anyone who visits the app unless you enable authentication or access codes.
- Service providers: We use third-party service providers to operate our services. These providers only access data as necessary to perform their functions and are bound by contractual obligations to protect it. Our service provider categories include:
- Cloud hosting and infrastructure (server hosting, CDN)
- Email delivery (Postmark, for transactional emails)
- Error monitoring and logging (Sentry)
- Payment processing (Stripe, for paid subscriptions and purchases)
- Legal requirements: We may disclose information if required by law, subpoena, or other legal process.
- Business transfers: If Brightwing Systems, LLC is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
5. Data Retention
Deplixo deployed apps on the free tier are retained for 30 days after creation. Apps associated with a paid account are retained for as long as the account is active. If you delete your account, we will remove your personal information and associated data within 30 days, except where retention is required by law or for legitimate business purposes (such as resolving disputes). Anonymous (unclaimed) apps may be removed at our discretion.
For other Brightwing Systems services, account data and content are retained for as long as your account is active. After account deletion, data is removed within 30 days unless retention is required by law.
6. International Data Transfers
Our servers are located in the United States and Europe (Germany). If you access our services from outside these regions, your information may be transferred to, stored, and processed in a country other than your own. By using our services, you consent to the transfer of your information as described in this policy. We take appropriate measures to ensure that your data is treated securely and in accordance with this Privacy Policy regardless of where it is processed.
7. Data Security
We implement industry-standard security measures to protect your information, including encryption in transit (TLS), secure password hashing, encrypted credentials at rest, access-controlled databases, and regular backups. MCP Manager stores credentials locally in your operating system's secure keychain—they never leave your device. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.
8. Your Rights
All users may:
- Access and update your account information at any time through your account settings
- Request a copy of your data by contacting us
- Delete your account and associated data by contacting us
- Request deletion of specific deployed apps (Deplixo)
- Opt out of non-essential communications
- Export your data through in-app features where available
California Residents (CCPA)
If you are a California resident, you have the right to: know what personal information we collect, use, and disclose; request deletion of your personal information; and opt out of the sale of your personal information. We do not sell your personal information. To exercise these rights, contact us at hello@brightwingsystems.com. We will not discriminate against you for exercising any of these rights.
European Economic Area, UK, and Swiss Residents (GDPR)
If you are located in the EEA, UK, or Switzerland, you have the right to: access your personal data; rectify inaccurate data; request erasure of your data; restrict or object to processing; request data portability; and lodge a complaint with your local data protection supervisory authority. To exercise these rights, contact us at hello@brightwingsystems.com.
9. Children's Privacy
Our services are not directed to children under the age of 13 and we do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at hello@brightwingsystems.com.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of our services after changes constitutes acceptance of the revised policy.
11. Contact Us
If you have questions about this Privacy Policy or want to exercise your data rights, contact us at hello@brightwingsystems.com.