Features
AI Connector Privacy Policy
EMAsphere SA
AI Connector Privacy Policy
Last updated: May 2026
EMAsphere AI Connector — Privacy Notice
Effective date: 2026-05-28
Last updated: 2026-05-28
1. Scope
This notice describes the data handling for the EMAsphere AI Connector, also known as the EMAsphere MCP server. It applies when an EMAsphere customer connects an AI assistant (for example Anthropic's Claude) to their EMAsphere account using the Model Context Protocol (MCP).
This notice does not cover:
- General use of the EMAsphere platform outside the AI Connector — see the main privacy policy.
- Cookies and website analytics — see the same page.
2. What the AI Connector does
The AI Connector lets an EMAsphere user query their own financial data through an AI assistant rather than through the EMAsphere web application. When the user installs the EMAsphere connector in a compatible AI client (such as Claude Desktop or Claude.ai), they grant the AI client permission to call a defined set of EMAsphere tools — KPIs, profit and loss, balance sheet, cash position, breakdowns, situations, and configuration of tables and KPIs — on their behalf.
The AI Connector is an alternative interface to data the user can already access through the EMAsphere application. It does not expand the user's access rights.
3. Data accessed via the AI Connector
Each tool call returns financial data the authenticated user is already entitled to see in EMAsphere, bounded by the entity selected in the AI session and by the user's existing permissions on that entity.
The connector does not create, retrieve, or share any data beyond what the user could obtain through the standard EMAsphere interface. There is no service account, no shared workspace, and no privilege escalation: every call is executed on behalf of the authenticated user.
4. How access is granted
Authentication uses OAuth 2.1 with the Authorization Code flow and PKCE. To enable the connector for a given entity, the EMAsphere administrator of that entity must grant the user the MCP Access`permission. Without this permission, the connector cannot establish a session against the entity.
When the user installs the connector in their AI client, they go through the standard OAuth consent screen and explicitly authorise the AI client to act on their behalf. Consent is recorded as an OAuth grant on the user's EMAsphere account.
5. How access is revoked
Connector access can be ended through three independent channels:
- From the AI client. The user removes the EMAsphere connector from their AI client (for example, in Claude.ai or Claude Desktop, by disconnecting the EMAsphere integration in the connector settings). This deletes the stored authorisation on the client side and ends further calls.
- By an EMAsphere administrator. The administrator of the entity removes the `MCP Access` permission from the user. This takes effect immediately on subsequent tool calls (any request returns a permission error).
- By natural expiry. Token lifetimes are short and non-reusable: access tokens expire after one hour, refresh tokens after thirty days. Refresh tokens are rotated on each use (one-time only). Without continued use through an authorised AI client, access ends without further action.
6. What EMAsphere logs
EMAsphere maintains the following operational records related to the AI Connector:
- Authentication and session events: sign-in, sign-out, token refresh, session expiry, errors.
- Standard API access logs for tool calls made through the connector, recording the called tool, the authenticated user, the entity, timing, and outcome. This is the same logging that applies to any authenticated EMAsphere API call.
Retention follows the platform's general operational-log retention policy (see the main privacy policy).
7. What EMAsphere does *not* receive
The contents of the user's conversation with the AI assistant — both the user's prompts and the assistant's responses — do not pass through EMAsphere. They are exchanged directly between the user, the AI client, and the AI provider.
EMAsphere therefore does not see, store, transmit, or analyse the prompts, the assistant's responses, or any inferences the AI provider may draw from the data returned by tool calls.
8. Third parties
When the user enables the AI Connector, the AI provider chosen by the user processes the user's prompts together with the data returned by EMAsphere tool calls in order to produce a response. That processing is governed by the AI provider's own privacy policy and data-handling commitments, which EMAsphere does not control. Examples:
- Anthropic (Claude Desktop, Claude.ai) — see Anthropic's Privacy Policy.
EMAsphere itself does not share AI-Connector data with any additional third party as part of this flow. For the platform's general subprocessor list, see the main privacy policy.
9. Hosting and data residency
EMAsphere is hosted on Amazon Web Services in the European Union, region `eu-central-1` (Frankfurt). The AI Connector runs on the same infrastructure as the rest of the platform.
10. Data retention
EMAsphere retains operational logs for the AI Connector under the platform's general retention policy (see the main privacy policy). Because conversation content is not received by EMAsphere, no prompt or response content is retained on our side.
11. Your rights under the GDPR
If you are an EMAsphere customer in the European Economic Area, you have the right to access, rectify, erase, restrict, or object to the processing of your personal data, as well as the right to data portability.
To exercise any of these rights in connection with the AI Connector, please contact gdpr@emasphere.com.
12. Changes to this notice
EMAsphere may update this notice as the AI Connector evolves. Material changes are reflected in the Last updated date at the top of this page; significant changes are communicated to administrators.
13. Contact
- Questions about this notice: gdpr@emasphere.com
- Security concerns or vulnerability reports: cto@emasphere.com
- General support: support@emasphere.com