Who is responsible
The Connector is operated by Legaltalent LLC (“Legal Talent”, “we”, “us”), a limited liability company incorporated in Delaware, USA. For support and privacy questions about the Connector, contact us at support@legaltalent.ai. Formal data-subject requests can also be submitted as described in the general Legal Talent Privacy Policy.How the Connector works
The Connector is a remote MCP server hosted athttps://mcp.kyc.legaltalent.ai/mcp.
You add it to Claude as a connector and authorize it with your Legal Talent
account using OAuth 2.1 (Authorization Code flow with PKCE). Once connected,
Claude can call the Connector’s tools on your behalf — for example to create
verification session links, run sanctions/PEP/adverse-media screenings, review
sessions, and read usage metrics. Each tool is a thin proxy to the existing Legal
Talent KYC API; the Connector does not perform screening or store your compliance
records itself.
Data we collect
Authentication and connection data
When you connect and use the Connector, we process:- Identity from sign-in. Authentication is delegated to the Legal Talent identity provider (Amazon Cognito). We receive your verified user identity and the tenant (organization) you belong to. We do not receive or store your password.
- OAuth client registrations created by your Claude client (Dynamic Client Registration), including client metadata and redirect URIs.
- Authorization codes and tokens. Short-lived authorization codes and opaque access/refresh tokens issued to your Claude client. Tokens are stored hashed at rest.
- A per-connection API key. On authorization we mint a scoped API key bound to your tenant and store it encrypted (AWS KMS). It is used only to call the KYC API for that connection and can be revoked at any time.
- Operational logs. Request metadata (tenant identifier, request identifiers, timestamps, coarse status) used for security, debugging, and abuse prevention.
Operational data passed through tools
When Claude calls a tool, the Connector forwards your request parameters to the KYC API and returns the result to your Claude conversation. Depending on the tool, this can include verification session details, screening requests and result summaries, workflow definitions, team member names (read-only), usage figures, and shareable access links or short-lived download links. Data minimization. The Connector is designed to keep personal data out of the model context: list results are truncated and limited to minimal fields, full document data and step-level personal data are not returned, and analytics are returned as aggregates. Detailed screening matches are represented as summaries and short-lived presigned links rather than raw personal data.How we use data
We use the data above to:- Authenticate you and authorize the Connector to act for your tenant.
- Execute the tool actions you (via Claude) request against the KYC platform.
- Maintain the security, integrity, and reliability of the Connector, including rate limiting and abuse prevention.
Data shared with Claude (Anthropic)
Because the Connector operates inside Claude, the inputs you provide and the tool results the Connector returns enter your Claude conversation and are processed by Anthropic as part of delivering the Claude service. Anthropic’s handling of that data is governed by Anthropic’s Privacy Policy and your plan’s terms. Review the minimization guidance above and avoid requesting more personal data into the conversation than you need.Third-party services (sub-processors)
The Connector relies on the following providers:- Anthropic — processes prompts and tool results within your Claude session.
- Amazon Web Services (AWS) — hosting and infrastructure (Lambda, API Gateway, DynamoDB, KMS, Secrets Manager) and identity (Amazon Cognito), in the regions where the Legal Talent platform operates.
- dLocal — when a screening requires payment, the Connector returns a hosted payment link; payment card details are handled by dLocal and are never processed or stored by the Connector.
Data storage and security
- Tokens and connection records are stored in an access-controlled DynamoDB table, isolated per tenant; access tokens are stored hashed and per-connection API keys are encrypted with AWS KMS.
- All traffic is served over HTTPS/TLS. The Connector enforces OAuth 2.1 with PKCE, returns generic error messages that exclude personal data, and applies standard security headers.
- Access is scoped to the tenant established at sign-in; the Connector never accepts a tenant identifier chosen by the client.
Data retention
- Authorization codes: ~60 seconds.
- Access tokens: ~1 hour.
- Refresh tokens: up to 30 days (rotated on use).
- Per-connection API key and connection record: retained while the connection is active and deleted when you disconnect or revoke the connection.
- Operational logs: retained for a limited period for security and debugging, then deleted or aggregated.
Relationship to the general Legal Talent Privacy Policy
This document addresses only the additional processing introduced by operating the KYC platform through Claude via the Connector. All other processing — identity verification, biometrics, screening data sources, international transfers, retention, security measures, and your data-subject rights (including the legal bases and jurisdiction-specific rights under GDPR, LGPD, and Uruguay’s Law 18.331) — is described in the general Legal Talent Privacy Policy. In case of any conflict regarding platform data, the general policy prevails.Your choices and controls
- Revoke access at any time by removing the connector in Claude, or by deleting the connection from the Legal Talent dashboard. Revocation deletes the associated tokens and per-connection API key.
- Access, correction, and deletion requests for your personal data can be made by contacting support@legaltalent.ai.