Last updated: 2026-01-10
Garage MCP is a self-hosted personal automation server. This policy describes how the admin UI and MCP services handle data.
We store credentials and tokens needed to operate the server, such as OAuth refresh tokens, API keys, and MCP client credentials. These values are stored in the local Redis database that you operate.
Stored credentials are used only to fulfill the actions you request through the admin UI or MCP tools, such as reading Google Calendar events or sending Gmail messages.
We do not sell or share your data with third parties. Requests are sent only to the external APIs you authorize (Google APIs, Govee, and similar services).
Data is retained until you revoke access, delete credentials, or clear the database.
The admin UI and MCP endpoints are protected by authentication. You are responsible for securing your deployment and network.
For questions, contact the administrator of this deployment.