Overview
The Sefaria Library MCP ("Server") is a bridge between Claude and the Sefaria digital library. This privacy policy explains how data is handled when you use this server.
Last Updated: May 14, 2025
1. Data We Collect
When you use the Sefaria MCP server, the following data is collected:
1.1 Request Data
- Query parameters: Text references, search queries, and filter options you provide
- Request metadata: Timestamp, IP address (via Cloudflare), and HTTP headers
- No session data: The server operates in stateless mode; no session tokens or user identifiers are stored
1.2 Content Data
The server does not store, log, or retain the text content returned from Sefaria. All text is fetched in real-time from Sefaria's API and passed directly to Claude without caching or storage.
2. How We Use Data
Request data is used solely to:
- Fulfill your request by querying Sefaria's API
- Monitor server performance and availability (via Cloudflare)
- Debug errors and improve the service
- Comply with legal obligations
We do not:
- Sell, trade, or rent your personal information
- Share data with third parties for marketing purposes
- Build profiles or use data for targeted advertising
- Retain request logs beyond standard infrastructure retention periods
3. Third-Party Services
3.1 Sefaria API
The server proxies requests to Sefaria.org. Your search queries and text references are transmitted to Sefaria to fetch content. Review Sefaria's privacy policy for details on how they handle data.
3.2 Cloudflare Workers
The server runs on Cloudflare Workers. Cloudflare may collect standard infrastructure data including IP addresses, request metadata, and performance metrics. Review Cloudflare's privacy policy for details.
3.3 Claude (Anthropic)
When you use this server via Claude, your requests and the server's responses are subject to Anthropic's privacy policy. The server itself does not see or retain your Claude conversations.
4. Data Retention
- Request logs: Retained by Cloudflare according to their infrastructure policies (typically 30 days or less)
- Content data: Not retained by the server; fetched on-demand from Sefaria
- User data: No user accounts or profiles are created or maintained
5. Security
The server employs the following security measures:
- HTTPS encryption for all communications
- Cloudflare's DDoS protection and WAF
- Stateless architecture (no sensitive data storage)
- CORS headers configured to allow cross-origin requests from Claude
However, no system is 100% secure. If you believe there is a security issue, please report it responsibly.
6. Your Rights
Since the server does not create or retain user profiles, there is no personal data to access, correct, or delete. If you have concerns about data handled by Sefaria or Cloudflare, contact them directly:
7. Changes to This Policy
This privacy policy may be updated at any time. Changes will be posted to this page with an updated "Last Updated" date. Continued use of the server constitutes acceptance of changes.
8. Contact
For questions about this privacy policy or the Sefaria MCP server, contact:
- Email: shimonkolodny@gmail.com
- Source Code: GitHub (project details available upon request)
9. Compliance
This server is designed to comply with:
- GDPR (General Data Protection Regulation)
- CCPA (California Consumer Privacy Act)
- COPPA (Children's Online Privacy Protection Act) — not intended for users under 13
By operating in stateless mode and not retaining personal data, the server minimizes privacy risks and regulatory exposure.