Skip to content

Legal

Compliance

Last updated: February 25, 2026

This page summarizes how MCP Canvas approaches data protection and operational security. MCP Canvas is operated by Hasher Technologies LLC (hasher.sh). Hasher Technologies LLC is the sole legal entity for this Service; "MCP Canvas" is a product/service name and not a separate legal entity or DBA. This page is provided for transparency and does not constitute legal advice.

Security Practices

  • Passwords are stored using one-way bcrypt hashing.
  • Administrative actions are access controlled by role.
  • Abuse-sensitive authentication routes include request rate limiting (for example: register, login, forgot/reset/change password).

Data Retention

We retain account and workspace data for as long as needed to operate the Service. When accounts are deleted, account profile records, saved canvases, and verification/reset token records are removed. Minimum operational/security records may be retained where required for abuse prevention or legal obligations.

Deletion Requests

Users can self-serve account deletion from Settings. If you cannot access your account, contact support for assistance.

Certification Claims

We do not currently make claims on this page about formal third-party certifications (for example SOC 2 or ISO 27001) unless explicitly announced.

Contact

Compliance questions? Email contact@mcpcanvas.com.

Related policies: Terms, Privacy, Disclaimer.