Privacy Policy — Access-MCP | A-Point Systems Ltd
Legal · A-Point Systems Ltd

Privacy Policy

Last updated: 20 June 2026
Terms·Privacy·Refund·EULA

This Privacy Policy explains how A-Point Systems Ltd, a company incorporated in Israel (company registration no. 514562115), with its registered office at HaLapid 12, Petach Tikva, Israel (A-Point, we, us, or our) collects, uses, and protects personal information in connection with the Access-MCP website at access-mcp.ai (the Site) and the Access-MCP software and services (the Service). A-Point is the data controller for the personal information described in this Policy.

1. Summary

  • We collect the minimum information needed to provide and improve the Service: your email and a few optional details when you register, pseudonymous licensing/usage signals from the Software, and standard analytics on the Site.
  • The Software never sends us the contents of your databases. It runs locally and reports only a pseudonymous installation identifier, the version, and operation counts for licensing and metering.
  • Payments are handled by Paddle, our Merchant of Record, which collects billing information directly. We do not store your full payment details.
  • You have rights over your information, including access, correction, and deletion.

2. Information we collect

a. Information you provide

  • Registration (Free tier): your work email address, and optionally your company name and a short note about what you are working on. This is used to issue your license key and for the purposes in Section 3.
  • Service / migration inquiries: if you contact us or submit a form (for example, the migration or support assessment form), the name, email, company, phone (if given), and message details you provide.

b. Information from the Software (licensing and metering)

To operate the freemium licensing model, the Software communicates with our licensing API and transmits:

  • a pseudonymous installation identifier derived by hashing machine and user identifiers (it does not reveal your name, machine name, or files);
  • the Software version;
  • operation counts (used to enforce daily limits and entitlements);
  • the license key you have activated, if any;
  • the IP address of the request and an approximate timestamp, as an inherent part of any internet communication.

We do not receive database names, table or field names, query contents, record data, VBA code, or any other content of your databases through this channel.

c. Information collected automatically on the Site

Standard server logs and privacy-conscious analytics (for example, page views and aggregate usage) collected via our infrastructure and analytics providers, including Google Analytics. We keep cookie use to the minimum necessary; where we use non-essential analytics that require consent, we obtain it as required by applicable law.

d. Payment information

When you purchase a Pro subscription, Paddle collects and processes your payment and billing information as the Merchant of Record. Paddle shares with us limited transaction data (such as your email, subscription status, country, and an order identifier) so we can provision and manage your subscription. We do not receive or store your full card details.

3. How we use information

We use personal information to:

  • provide, operate, and secure the Service, including issuing and validating license keys and enforcing usage limits;
  • provision and manage Pro subscriptions and respond to support and billing inquiries;
  • send you your license key and essential transactional messages;
  • send product updates and related communications where you have registered or otherwise consented (you can unsubscribe at any time);
  • understand and improve the Service through aggregate analytics;
  • detect, prevent, and address fraud, abuse, security issues, and violations of our terms;
  • comply with legal obligations and enforce our agreements.

4. Legal bases (EEA / UK)

Where the GDPR or UK GDPR applies, we rely on: performance of a contract (to provide the Service you request); legitimate interests (to secure, operate, and improve the Service, and to send relevant product communications to business users — balanced against your rights); consent (for non-essential analytics/marketing where required, which you may withdraw); and legal obligation (to comply with applicable law).

5. Sharing and sub-processors

We do not sell your personal information. We share it only with service providers who process it on our behalf under appropriate safeguards, and as required by law. Our principal sub-processors are:

Cloudflare, Inc.
Site hosting / CDN, the licensing API (Workers), and data storage (D1 / KV).
Paddle.com
Payments, billing, tax, and Merchant-of-Record services.
Resend
Transactional and product-update email delivery.
Google (Analytics)
Site usage analytics.

We may also disclose information to comply with legal process, to protect our rights and the safety of others, or in connection with a corporate transaction (such as a merger or acquisition), subject to this Policy.

6. International transfers

We are based in Israel and use providers located in various jurisdictions, including the United States and the European Union. Where personal information is transferred internationally, we rely on appropriate safeguards (such as the European Commission's Standard Contractual Clauses and recognized adequacy decisions, including the adequacy decision covering Israel) as required by applicable law.

7. Data retention

We retain personal information only as long as necessary for the purposes described in this Policy: registration and licensing data for as long as your account or license is active and for a reasonable period afterward; transaction records for as long as required for accounting, tax, and legal purposes; and analytics/log data for a limited period. We delete or anonymize information when it is no longer needed.

8. Security

We use technical and organizational measures appropriate to the risk, including encryption in transit (HTTPS), access controls, and the principle of collecting the minimum data necessary. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

9. Your rights

Depending on your location, you may have the right to access, correct, delete, or port your personal information; to object to or restrict certain processing; and to withdraw consent. EEA/UK residents have rights under the GDPR/UK GDPR. California residents have rights under the CCPA/CPRA, including the right to know, delete, correct, and opt out of "sale" or "sharing" (we do not sell personal information). Residents of Israel have rights under the Israeli Privacy Protection Law.

To exercise any right, contact us at office@apoint.co.il. We will respond as required by applicable law. You also have the right to lodge a complaint with your local data protection authority. For payment-related data held by Paddle, please also refer to Paddle’s privacy notice.

10. Children

The Service is not directed to children under 18, and we do not knowingly collect personal information from them. If you believe a child has provided us information, contact us and we will delete it.

11. Changes to this Policy

We may update this Policy from time to time. When we do, we will revise the "Last updated" date above and, where appropriate, notify you. Your continued use of the Service after changes take effect constitutes acceptance.

12. Contact

A-Point Systems Ltd · HaLapid 12, Petach Tikva, Israel
Email: office@apoint.co.il · Web: https://access-mcp.ai