Callio

Privacy Policy

Last updated: May 31, 2026

Callio ("we", "us", or "our") operates the Callio platform available at callio.dev. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service, including our Claude AI connector (MCP integration).

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and (optionally) a password or Google OAuth credentials.

API Keys

We store a SHA-256 hash of your Callio API keys — never the raw key itself — along with the last 4 characters for identification. Keys are used to authenticate requests made through the Callio platform.

API Usage Logs

When you or Claude (via the MCP connector) make API calls through Callio, we log:

  • Which API was called (e.g., "openai", "stripe")
  • The HTTP method and endpoint path
  • Response status code and latency
  • Request and response size (bytes)
  • Timestamp

We do not log the contents of API request bodies or response payloads.

Claude MCP Connector Data

When you connect Callio to Claude via our MCP integration:

  • We receive your Callio API key as a Bearer token from Claude
  • We create a server-side session linked to your account to enable reliable authentication
  • We process tool calls (search_apis, get_api_info, call_api) on your behalf
  • Tool call arguments and results pass through our servers but are not permanently stored

2. How We Use Your Information

  • To authenticate your requests to the Callio platform and MCP connector
  • To proxy your API calls to third-party APIs and return results
  • To track usage against your plan limits (free, pro, etc.)
  • To display your usage history and analytics in your dashboard
  • To send important account notifications (billing, security alerts)
  • To improve our service and debug issues

3. Third-Party APIs

Callio acts as a proxy between you (or Claude) and third-party APIs. When you call an API through Callio:

  • Your request is forwarded to the target API provider
  • The API provider receives the request according to their own privacy policy
  • Callio does not store the request payload or response data

You are responsible for reviewing the privacy policies of third-party APIs you use through Callio.

4. Data Storage

Your data is stored securely in the following infrastructure:

  • Database: PostgreSQL hosted on Supabase (EU region)
  • Application: Deployed on Vercel (serverless, global CDN)
  • Payments: Processed by Stripe — we never store payment card data

5. Data Sharing

We do not sell your personal data. We share data only:

  • With service providers who help operate our platform (Supabase, Vercel, Stripe)
  • When required by law or valid legal process
  • To protect the safety, rights, or property of Callio or our users

6. Data Retention

  • Account data is retained while your account is active
  • API call logs are retained for 90 days for analytics purposes
  • MCP sessions expire after 365 days and are automatically cleaned up
  • Upon account deletion, your personal data is removed within 30 days

7. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Object to or restrict processing of your data
  • Export your data in a portable format

To exercise these rights, contact us at privacy@callio.dev.

8. Cookies

Callio uses essential session cookies to keep you logged in. We do not use tracking or advertising cookies. We may use analytics cookies (e.g., Vercel Analytics) to understand aggregate usage patterns. You can disable cookies in your browser settings.

9. Security

We implement industry-standard security practices including:

  • HTTPS encryption for all data in transit
  • SHA-256 hashing of API keys at rest
  • Role-based access control within the application
  • Regular security reviews

10. Children's Privacy

Callio is not directed at children under 13. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by displaying a notice on our website. Continued use of Callio after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact:

Callio

Email: privacy@callio.dev

Website: callio.dev

HomeMCP ConnectorContact