npm - copilot-money-mcp - Versions diffs - 1.4.0 → 1.6.0 - Mend

copilot-money-mcp 1.4.0 → 1.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/PRIVACY.md CHANGED Viewed

@@ -1,6 +1,6 @@
 # Privacy Policy for Copilot Money MCP Server
-**Last Updated:** January 12, 2026
+**Last Updated:** April 11, 2026
 ## Disclaimer
@@ -10,16 +10,21 @@
 The Copilot Money MCP Server is designed with privacy as a core principle. This document outlines our privacy practices and commitments.
+The server operates in two modes:
+- **Read-only mode (default):** Reads data exclusively from your local Copilot Money database cache. No network requests are made.
+- **Write mode (opt-in, `--write` flag):** Adds the ability to modify your Copilot Money data. Because Copilot Money is backed by Google Firebase/Firestore, write operations require authenticated network requests to Firebase/Firestore on your behalf. See the [Write Mode and Network Access](#write-mode-and-network-access) section below.
 ## Data Collection
-**We do not collect, store, or transmit any of your data.**
+**We do not collect, store, or transmit any of your data to our servers or any third party.** The server has no backend, no analytics, and no telemetry.
 The Copilot Money MCP Server:
-- Operates entirely on your local machine
+- Operates on your local machine
 - Reads data only from your local Copilot Money database cache
-- Never sends your financial data to external servers
-- Never transmits data over the internet
+- Never sends your financial data to servers operated by this project (we don't have servers)
 - Does not include any analytics or telemetry
+- Makes zero network requests in the default read-only mode
+- In opt-in write mode, makes network requests **only** to Google Firebase/Firestore (the same backend Copilot Money itself uses) to apply the changes you request
 ## Data Access
@@ -33,14 +38,16 @@ The server reads from your local Copilot Money database, which is stored at:
 This database contains:
 - Transaction records (amounts, dates, merchant names, categories)
 - Account information (balances, account types, institution names)
-- Category data
+- Budgets, goals, tags, categories, and recurring transactions
+- Investment holdings, prices, and performance data
 ### How We Access Data
-- **Read-Only:** The server only reads data; it never modifies your Copilot Money database
-- **Local Processing:** All data processing happens on your machine
-- **No Network Requests:** The server makes zero network requests
-- **No External APIs:** No connections to third-party services
+- **Local Reads:** All data reads happen against your local Copilot Money database cache
+- **Local Processing:** All query processing, filtering, and aggregation happens on your machine
+- **Read-Only by Default:** In the default mode, the server only reads data and makes zero network requests
+- **No Third-Party Analytics:** No connections to analytics, tracking, or telemetry services
+- **Opt-In Writes:** Write operations are disabled unless you explicitly start the server with `--write`. When enabled, writes are sent directly to Google Firebase/Firestore — the same backend Copilot Money itself uses — and not to any intermediary operated by this project
 ## Data Usage
@@ -49,24 +56,31 @@ Data read from your local database is used exclusively to:
 2. Perform local calculations (e.g., spending aggregations, category summaries)
 3. Filter and search transactions based on your requests
-All processing happens in memory on your local machine and is never persisted outside of the existing Copilot Money database.
+If you explicitly enable write mode with `--write`, data you ask the server to modify is additionally used to:
+4. Construct authenticated Firestore REST API requests that apply your requested changes to your own Copilot Money account
+All processing happens in memory on your local machine. No data is persisted outside of the existing Copilot Money database and its native Firebase/Firestore backend.
 ## Data Sharing
 **We do not share your data with anyone.**
 - No data is sent to our servers (we don't have servers)
-- No data is sent to third parties
+- No data is sent to third parties for analytics, advertising, or tracking
 - No data is sent to Anthropic (beyond what Claude Desktop processes locally)
 - No analytics or crash reports are transmitted
+In opt-in write mode, requested changes are sent directly from your machine to Google Firebase/Firestore using your own Copilot Money credentials. This is the same backend Copilot Money itself uses to persist your data — no intermediary server operated by this project is involved. This traffic is governed by Google's and Copilot Money's own privacy policies.
 ## Data Security
 ### Technical Safeguards
-- **Local-Only Architecture:** All operations are performed locally
-- **No Network Access:** The server does not make network requests
-- **Read-Only Access:** Cannot modify or delete your financial data
+- **Local-First Architecture:** All queries, filtering, and aggregation happen locally
+- **No Network Access in Default Mode:** With read-only mode (default), the server makes zero network requests
+- **Opt-In Writes:** Write tools are disabled unless you explicitly start the server with `--write`
+- **Authenticated Writes Only:** When write mode is enabled, network requests go only to Google Firebase/Firestore, authenticated with your own Copilot Money credentials over HTTPS
+- **No Third-Party Network Destinations:** The server never contacts destinations other than Google's Firebase/Firestore endpoints (and only in write mode)
 - **macOS Sandbox Compliance:** Respects macOS file system permissions
 ### Your Control
@@ -76,6 +90,31 @@ You maintain full control over your data:
 - You can stop the server at any time by closing Claude Desktop
 - You can uninstall the server at any time
 - Your Copilot Money data remains in its original location
+- **Write mode is strictly opt-in:** Write tools are unavailable unless you explicitly start the server with `--write`. Without this flag, the server cannot modify your Copilot Money data even if instructed to do so
+## Write Mode and Network Access
+By default, the server starts in read-only mode and makes zero network requests. If you explicitly enable write mode by starting the server with the `--write` flag, the following additional behavior applies:
+### What Happens in Write Mode
+- The server can execute write tools that modify your Copilot Money data (categorizing transactions, creating budgets, editing goals, etc.)
+- To apply those changes, the server authenticates to Google Firebase using a Firebase refresh token extracted from your local Copilot Money session, then sends Firestore REST API requests directly to `https://firestore.googleapis.com`
+- These requests go to the **same Firebase/Firestore backend that Copilot Money itself uses** — your changes reach your own Copilot Money account, just as they would if you had made them in the Copilot Money app
+- No write traffic passes through any server operated by this project
+### What Does Not Happen
+- No write traffic is ever sent to servers operated by this project (we don't have any)
+- No write traffic is sent to Anthropic or any third party other than Google (Firebase/Firestore)
+- The server never initiates writes on its own — every write is the direct result of a tool call you (or an AI assistant on your behalf) issued
+- Your Firebase credentials are held only in memory and are never logged, persisted, or transmitted to anyone other than Google's token-exchange endpoint
+### Governing Policies
+Network traffic in write mode is subject to:
+- [Google's Privacy Policy](https://policies.google.com/privacy) (as Firebase/Firestore is operated by Google)
+- Copilot Money's own terms and privacy policy (as you are modifying data on their backend)
 ## Claude Desktop Integration
@@ -89,7 +128,8 @@ When integrated with Claude Desktop:
 This server does not integrate with any third-party services beyond:
 - **Claude Desktop** (optional, required for AI-powered queries)
-- **Copilot Money** (reads local database created by the app)
+- **Copilot Money** (reads the local database created by the app)
+- **Google Firebase / Firestore** (only in opt-in write mode; this is Copilot Money's own backend, accessed directly with your own Copilot Money credentials)
 ## Children's Privacy
@@ -103,7 +143,7 @@ We may update this privacy policy from time to time. Changes will be reflected i
 This server is open source. You can:
 - Review the source code at https://github.com/ignaciohermosillacornejo/copilot-money-mcp
-- Verify that no data is transmitted externally
+- Verify exactly which network destinations (if any) are contacted in each mode
 - Audit the data access patterns
 - Contribute improvements
@@ -115,4 +155,4 @@ For privacy-related questions or concerns:
 ## Summary
-**In short:** This server is a local-only tool that reads your Copilot Money data to enable AI-powered queries via Claude Desktop. Your data never leaves your machine, and we never collect, store, or transmit your financial information.
+**In short:** This server is a local-first tool that reads your Copilot Money data to enable AI-powered queries via Claude Desktop. In its default read-only mode, your data never leaves your machine. If you explicitly opt in to write mode with the `--write` flag, the server can additionally apply your requested changes by talking directly to Copilot Money's own Firebase/Firestore backend using your own credentials. We never collect, store, or transmit your financial information to servers operated by this project — we don't have any.