Privacy & disclaimer

This is a personal project run by the OneWheelGeek. It is a self-hosted, multi-user MCP gateway for Mastodon, GotoSocial, and Bluesky accounts, offered for personal use. It is not a commercial product, there is no company behind it, and there is no support obligation.

What it stores

To act on your behalf, this service stores the access token / app password (or OAuth session) for each social account you link. These are encrypted at rest. The service also keeps your passkey credentials, a record of your linked accounts and API tokens, and an audit log of the MCP calls made through your account. It does not show your handles, identities, or credentials to other users — each account is isolated.

About your credentials

I'll do my best to protect your stored credentials — they're encrypted and access is scoped to your account. But this is a hobby project, not a professionally operated, audited, or certified service. I make no legal guarantee that your credentials are safe. Accidents, bugs, outages, and breaches happen.

Use this service at your own risk. Prefer a narrowly-scoped access token or a dedicated app password, and revoke it on the instance the moment you stop using this service or suspect any problem. To the maximum extent permitted by law, this service is provided "as is", without warranty of any kind, and the operator accepts no liability for any loss or damage arising from its use.

Run your own

fedi-mcp is open source and self-hostable. If you'd rather not trust this operator with your credentials, you can run your own instance — see the project README. That way the only person you have to trust is you.

Questions

Reach out to the OneWheelGeek. If any of this is unacceptable for your situation, please don't store a credential here.