← Back to Invoker

Privacy Policy

Last updated: February 11, 2026

1. What Invoker Does

Invoker is an MCP (Model Context Protocol) server that lets you deploy HTML pages and forms to live URLs directly from AI conversations. We provide hosting, form submission capture, webhooks, and email notifications.

2. Information We Collect

Account Information

When you sign up, we collect your email address for authentication. We use Supabase Auth for identity management.

Deployment Content

We store the HTML content you deploy. Deployed pages are publicly accessible at their assigned URL.

Form Submissions

When visitors submit forms on your deployed pages, we capture the form data and the submitter's IP address. This data is stored and made available to you via the API and dashboard.

Usage Data

We collect basic usage metadata such as deployment counts, submission counts, and API request logs for operational purposes.

3. How We Use Your Information

  • To provide, maintain, and improve the Invoker service
  • To authenticate your identity and secure your account
  • To deliver form submissions and webhook notifications to you
  • To send email notifications about new submissions (when enabled)
  • To enforce usage limits and prevent abuse

4. Data Storage and Security

Your data is stored on Supabase (PostgreSQL) and Cloudflare (Workers KV for page hosting). API keys are stored as SHA-256 hashes and cannot be recovered in plaintext.

We use HTTPS for all API communications and enforce row-level security policies on all database tables.

5. Data Sharing

We do not sell your personal information. We may share data with:

  • Infrastructure providers (Cloudflare, Supabase) — as necessary to operate the service
  • Webhook endpoints — form submission data is forwarded to webhook URLs you configure
  • Email service (Resend) — your email address and submission data when email notifications are enabled

6. Your Rights

You can:

  • Delete your deployments at any time via the API or dashboard
  • Delete your API keys at any time
  • Request deletion of your account and all associated data by contacting us

7. Cookies

The Invoker dashboard uses Supabase Auth session tokens stored in your browser. We do not use third-party tracking cookies or analytics.

8. Changes to This Policy

We may update this privacy policy from time to time. Changes will be reflected by updating the "Last updated" date at the top of this page.

9. Contact

For privacy-related questions or data deletion requests, email privacy@invoker.page.

Invoker · Home · Dashboard