> ## Documentation Index
> Fetch the complete documentation index at: https://docs.compliance.legaltalent.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# MCP Connector Privacy Policy

> How the Legal Talent KYC Connector for Claude collects, uses, shares, and retains data

**Last updated:** July 2, 2026

This Privacy Policy describes how the **Legal Talent KYC Connector** (the
"Connector") — the Model Context Protocol (MCP) server that lets your team operate
the Legal Talent KYC platform from Anthropic's Claude products (Claude.ai, Claude
Desktop, Claude Mobile, Claude Code, and Cowork) — collects, uses, shares, and
retains data.

This policy covers the Connector specifically. It is a supplement to — and should
be read together with — the general
[Legal Talent Privacy Policy](https://compliance.legaltalent.ai/es/privacy), which
governs the underlying KYC platform (identity verification, AML screening, adverse
media, storage, retention, and data-subject rights). Any data you view or send
inside Claude is additionally subject to
[Anthropic's Privacy Policy](https://www.anthropic.com/legal/privacy) and your
agreement with Anthropic. Where this policy is silent, the general Legal Talent
Privacy Policy applies.

## Who is responsible

The Connector is operated by **Legaltalent LLC** ("Legal Talent", "we", "us"), a
limited liability company incorporated in Delaware, USA. For support and privacy
questions about the Connector, contact us at
[support@legaltalent.ai](mailto:support@legaltalent.ai). Formal data-subject
requests can also be submitted as described in the general
[Legal Talent Privacy Policy](https://compliance.legaltalent.ai/es/privacy).

## How the Connector works

The Connector is a remote MCP server hosted at `https://mcp.kyc.legaltalent.ai/mcp`.
You add it to Claude as a connector and authorize it with your Legal Talent
account using OAuth 2.1 (Authorization Code flow with PKCE). Once connected,
Claude can call the Connector's tools on your behalf — for example to create
verification session links, run sanctions/PEP/adverse-media screenings, review
sessions, and read usage metrics. Each tool is a thin proxy to the existing Legal
Talent KYC API; the Connector does not perform screening or store your compliance
records itself.

## Data we collect

### Authentication and connection data

When you connect and use the Connector, we process:

* **Identity from sign-in.** Authentication is delegated to the Legal Talent
  identity provider (Amazon Cognito). We receive your verified user identity and
  the tenant (organization) you belong to. We do **not** receive or store your
  password.
* **OAuth client registrations** created by your Claude client (Dynamic Client
  Registration), including client metadata and redirect URIs.
* **Authorization codes and tokens.** Short-lived authorization codes and opaque
  access/refresh tokens issued to your Claude client. Tokens are stored **hashed**
  at rest.
* **A per-connection API key.** On authorization we mint a scoped API key bound to
  your tenant and store it **encrypted** (AWS KMS). It is used only to call the KYC
  API for that connection and can be revoked at any time.
* **Operational logs.** Request metadata (tenant identifier, request identifiers,
  timestamps, coarse status) used for security, debugging, and abuse prevention.

### Operational data passed through tools

When Claude calls a tool, the Connector forwards your request parameters to the
KYC API and returns the result to your Claude conversation. Depending on the tool,
this can include verification session details, screening requests and result
summaries, workflow definitions, team member names (read-only), usage figures, and
shareable access links or short-lived download links.

**Data minimization.** The Connector is designed to keep personal data out of the
model context: list results are truncated and limited to minimal fields, full
document data and step-level personal data are not returned, and analytics are
returned as aggregates. Detailed screening matches are represented as summaries and
short-lived presigned links rather than raw personal data.

## How we use data

We use the data above to:

* Authenticate you and authorize the Connector to act for your tenant.
* Execute the tool actions you (via Claude) request against the KYC platform.
* Maintain the security, integrity, and reliability of the Connector, including
  rate limiting and abuse prevention.

We do **not** use your data to train machine-learning models, and we do not sell
personal data.

## Data shared with Claude (Anthropic)

Because the Connector operates inside Claude, the **inputs you provide** and the
**tool results the Connector returns** enter your Claude conversation and are
processed by Anthropic as part of delivering the Claude service. Anthropic's
handling of that data is governed by
[Anthropic's Privacy Policy](https://www.anthropic.com/legal/privacy) and your
plan's terms. Review the minimization guidance above and avoid requesting more
personal data into the conversation than you need.

## Third-party services (sub-processors)

The Connector relies on the following providers:

* **Anthropic** — processes prompts and tool results within your Claude session.
* **Amazon Web Services (AWS)** — hosting and infrastructure (Lambda, API Gateway,
  DynamoDB, KMS, Secrets Manager) and identity (Amazon Cognito), in the regions
  where the Legal Talent platform operates.
* **dLocal** — when a screening requires payment, the Connector returns a hosted
  payment link; payment card details are handled by dLocal and are never processed
  or stored by the Connector.

The underlying KYC platform uses additional sub-processors (for example, AWS,
Amazon Rekognition, and messaging providers) as listed in the general
[Legal Talent Privacy Policy](https://compliance.legaltalent.ai/es/privacy).

## Data storage and security

* Tokens and connection records are stored in an access-controlled DynamoDB table,
  isolated per tenant; access tokens are stored hashed and per-connection API keys
  are encrypted with AWS KMS.
* All traffic is served over HTTPS/TLS. The Connector enforces OAuth 2.1 with PKCE,
  returns generic error messages that exclude personal data, and applies standard
  security headers.
* Access is scoped to the tenant established at sign-in; the Connector never accepts
  a tenant identifier chosen by the client.

## Data retention

* **Authorization codes:** \~60 seconds.
* **Access tokens:** \~1 hour.
* **Refresh tokens:** up to 30 days (rotated on use).
* **Per-connection API key and connection record:** retained while the connection
  is active and deleted when you disconnect or revoke the connection.
* **Operational logs:** retained for a limited period for security and debugging,
  then deleted or aggregated.

Compliance records (sessions, screenings, and their results) are stored and
retained by the Legal Talent KYC platform under its own retention policy, not by
the Connector. See the general
[Legal Talent Privacy Policy](https://compliance.legaltalent.ai/es/privacy) for
platform retention periods (typically aligned with AML obligations).

## Relationship to the general Legal Talent Privacy Policy

This document addresses only the additional processing introduced by operating the
KYC platform through Claude via the Connector. All other processing — identity
verification, biometrics, screening data sources, international transfers,
retention, security measures, and your data-subject rights (including the legal
bases and jurisdiction-specific rights under GDPR, LGPD, and Uruguay's Law 18.331)
— is described in the general
[Legal Talent Privacy Policy](https://compliance.legaltalent.ai/es/privacy). In
case of any conflict regarding platform data, the general policy prevails.

## Your choices and controls

* **Revoke access at any time** by removing the connector in Claude, or by deleting
  the connection from the Legal Talent dashboard. Revocation deletes the associated
  tokens and per-connection API key.
* **Access, correction, and deletion requests** for your personal data can be made
  by contacting [support@legaltalent.ai](mailto:support@legaltalent.ai).

## Changes to this policy

We may update this policy to reflect changes to the Connector or legal
requirements. Material changes will be reflected by updating the "Last updated"
date above.

## Contact

Legal Talent — [support@legaltalent.ai](mailto:support@legaltalent.ai)
