Privacy Policy

Last updated: April 7, 2026

Website

Introduction

seekon.me ("we," "us," or "our") operates this website. This Privacy Policy describes how we collect, use, and share information when you visit seekon.me or contact us.

Information we collect

Information you provide. For example, if you sign up for updates, contact us by email, or submit a form, we may collect your email address and any other details you choose to provide.
Automatically collected data. When you use the site, we and our service providers may collect technical data such as IP address, device and browser type, general location derived from IP, and pages viewed.

How we use information

We use the information we collect to:

Operate, maintain, and improve the website and our services
Respond to your inquiries and send communications you have requested
Analyze usage and trends to understand how visitors use seekon.me
Comply with legal obligations and protect our rights

Analytics and cookies

We may use cookies, pixels, and similar technologies, including analytics tools (such as Google Analytics or Vercel Analytics), to measure traffic and improve the site. You can control cookies through your browser settings; disabling cookies may affect how certain features work.

Sharing of information

We may share information with vendors who help us run the website (for example, hosting, analytics, and email delivery), when required by law, or to protect the safety and integrity of our services. We do not sell your personal information.

Data retention

We retain information only as long as needed for the purposes described in this policy, unless a longer period is required or permitted by law.

Your choices

Depending on where you live, you may have rights to access, correct, or delete certain personal information, or to object to or restrict certain processing. To exercise these rights, contact us using the email below.

Children

seekon.me is not directed at children under 13, and we do not knowingly collect personal information from children under 13.

Changes to this policy

We may update this Privacy Policy from time to time. We will post the revised policy on this page and update the "Last updated" date above.

Contact us

For questions about this Privacy Policy or our privacy practices, contact us at business at seekon.me.

Product Discovery API & MCP

This policy describes how the Product Information Gatherer service (the "Service"), including its HTTP REST API and Model Context Protocol (MCP) endpoint, handles information when you or your tools connect to it.

1. Who operates the Service

Data controller / operator: SeekOn.Me Inc.
Contact for privacy inquiries: business at seekon.me

2. What the Service does

The Service provides programmatic access to a product catalog stored in a database, including:

Semantic (vector) search over product records using natural-language queries
Listing and retrieval of product records (by identifier or attributes)

Access may be offered via:

REST API (e.g. under /api/v1/…)
MCP over HTTP (e.g. under /mcp/), for compatible clients such as AI assistants

3. Information the Service processes

3.1 Authentication

API keys: Clients authenticate using an API key (e.g. sent as a Bearer token or equivalent).
Storage: The Service stores a cryptographic hash of each API key in its database, not the raw key. When a key is used successfully, the Service may update a last access timestamp associated with that client record.
Optional configuration: A server-side secret ("pepper") may be combined with keys before hashing; it must remain consistent for verification to succeed.

3.2 Queries and commands you send

Search queries: Natural-language text you submit for semantic search is processed to retrieve relevant products.
API/MCP parameters: Identifiers, filters, pagination, and other parameters you include in requests are processed to fulfill the request.

3.3 Product and catalog data

The Service returns information from its product database (e.g. names, descriptions, attributes, identifiers, and similar catalog fields) as permitted by your account and the API design.
That data may have been created or enriched through separate workflows (e.g. automated or semi-automated ingestion). It is business/catalog data, not end-user profile data, unless you choose to store personal data in catalog fields (which we do not recommend).

3.4 Technical and security data

Server logs: Like most HTTP services, the operator may collect standard technical data (e.g. IP address, timestamps, request paths, user agent, error logs) for security, debugging, capacity planning, and abuse prevention.
Hosting provider: If the Service runs on a cloud platform (e.g. Railway, AWS, GCP), that provider processes traffic and metadata according to their privacy policy and your agreement with them.

4. Use of third-party services (subprocessors)

Depending on configuration, the Service may use:

Category	Example purpose	Notes
Embedding / language model provider	Turning search text into vectors for semantic search	Query text may be sent to the provider's API under their terms and privacy policy.
Database hosting	Storing products, API client records, embeddings	Hosted PostgreSQL or equivalent.
Application hosting	Running the API and MCP application	e.g. container or PaaS provider.

You are responsible for maintaining agreements and disclosures with your users if you expose this Service through a Custom GPT, plugin, or other third-party product; those platforms have their own privacy terms.

5. Legal bases and purposes (adapt to your jurisdiction)

Where applicable law requires a "legal basis" (e.g. GDPR), processing may be based on:

Performance of a contract with the organization operating the client application
Legitimate interests in operating, securing, and improving the Service (balanced against user rights)
Consent, where you obtain it for specific features

Purposes include: providing the API/MCP, authentication, abuse prevention, improving reliability, and complying with law.

6. Retention

API client records: Retained until you delete them or close the environment, unless a longer period is required by law or security policy.
Logs: Retained for a period appropriate for security and operations (e.g. [INSERT DAYS/MONTHS]), unless a different period is required.
Product catalog: Retained according to your product data lifecycle and business needs.

[Adjust retention to match your actual practices.]

7. Security

The operator implements reasonable technical and organizational measures appropriate to the risk, including:

Hashed storage of API keys
Transport encryption (HTTPS) for client connections (as configured on your deployment)
Access controls on infrastructure and databases

No method of transmission or storage is 100% secure.

8. International transfers

If servers or subprocessors are located outside your country, data may be transferred internationally. You should document mechanisms you rely on (e.g. Standard Contractual Clauses, adequacy decisions) if required in your jurisdiction.

9. Your rights

Depending on applicable law, individuals may have rights to access, rectify, delete, restrict, or object to processing of personal data, or to data portability. Because typical use processes client organizations' queries and catalog data, many requests may need to be routed through the organization that integrated the Service.

To exercise rights, contact: business at seekon.me.

10. Children's privacy

The Service is not directed at children under 13 (or the age required in your jurisdiction). Do not use it to collect personal information from children.

11. Changes to this policy

We may update this policy from time to time. The "Last updated" date will change; material changes may be announced via website notice.

12. Contact

Privacy contact: business at seekon.me
Operator: SeekOn.Me Inc.

End of document.