Privacy Policy

Last updated: March 6, 2026

ADW Google MCP ("the Application") is an open-source Model Context Protocol server that connects AI assistants to Google Workspace services (Drive, Docs, Sheets, Calendar, and Gmail).

1. Data Collection and Storage

The Application does not collect, transmit, or store any user data on external servers. All data processing occurs locally on the user's machine. The only data stored locally is:

  • OAuth 2.0 refresh token — used to authenticate with Google APIs on your behalf
  • OAuth client ID and client secret — identifies the application to Google

These credentials are stored in ~/.config/google-drive-mcp/ on your local filesystem with restricted file permissions (owner-only read/write).

2. How Your Data Is Used

The Application accesses your Google Workspace data solely to fulfill requests made by you through your AI assistant. This includes reading and writing files in Google Drive, editing Google Docs and Sheets, managing Google Calendar events, and reading, sending, and organizing Gmail messages.

All API calls are made directly from your machine to Google's servers. No data passes through any intermediate server operated by us.

3. Third-Party Sharing

We do not share, sell, or transfer your data to any third party. The Application communicates only with Google APIs and your local AI assistant.

4. Google API Scopes

The Application requests the following OAuth scopes:

  • drive — Read and manage Google Drive files
  • documents — Read and manage Google Docs
  • spreadsheets — Read and manage Google Sheets
  • calendar — Read and manage Google Calendar
  • gmail.modify — Read, write, and organize Gmail messages
  • gmail.send — Send email on your behalf
  • gmail.settings.basic — Manage Gmail filters and settings

These scopes are required for the Application's tools to function. You authorize them during the setup process.

5. Revoking Access

You can revoke the Application's access to your Google account at any time by visiting myaccount.google.com/permissions and removing ADW Google MCP. You can also delete the local configuration files from ~/.config/google-drive-mcp/.

6. Security

OAuth credentials are stored with restricted file permissions (0600). The OAuth callback server binds to localhost only (127.0.0.1). No credentials are logged or included in error messages.

7. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated date.

8. Contact

For questions about this privacy policy, open an issue on GitHub.

← adw-google-mcp