Learn how Dataslayer MCP protects your data with OAuth 2.1 and ISO 27001 certification. Secure authentication without sharing credentials with AI providers.
How does Dataslayer MCP handle authentication?
Dataslayer MCP uses OAuth2.1 authentication to securely connect your marketing data to AI providers like Claude, ChatGPT, and Mistral AI. This means you authenticate directly with Dataslayer when setting up the connection, and your credentials are never shared with the AI provider.
How the authentication process works
When you connect Dataslayer MCP to an AI provider, here's what happens:
You add the MCP server
You configure the connection in your AI provider's settings using Dataslayer's generic MCP server URL: https://agents.dataslayer.ai/mcp
This URL is the same for all users and all AI providers.
You authenticate with Dataslayer
After adding the server, you're redirected to Dataslayer's secure login page, where you enter your Dataslayer credentials. This authentication happens directly between you and Dataslayer, the AI provider never sees your username or password.
Authorization is granted
Once authenticated, Dataslayer issues a secure access token that allows the AI provider to request data on your behalf. This token is encrypted and tied specifically to your Dataslayer account.
Secure data retrieval
When you query data through the AI provider, the request is sent to Dataslayer's MCP server with your access token. Dataslayer verifies the token, retrieves the requested data from your connected sources, and sends it back to the AI provider to display in your conversation.
What data is shared with AI providers?
It's important to understand what information goes where:
Shared with the AI provider:
- The marketing data you explicitly request in your queries (metrics, dimensions, campaign names, etc.)
- Query results that answer your questions
NOT shared with the AI provider:
- Your Dataslayer username or password
- Your marketing platform credentials (Google Ads, Facebook Ads, etc.)
- Data you haven't specifically requested
- Access to your Dataslayer account settings
The AI provider only receives the specific data needed to answer your questions. Your underlying credentials and account access remain solely with Dataslayer.
Security measures
Dataslayer MCP implements multiple layers of security:
- Encrypted connections: All communication between the AI provider, Dataslayer's MCP server, and your data sources uses industry-standard encryption (HTTPS/TLS).
- OAuth2.1 standard: This authentication protocol is widely used by major tech companies and provides secure, token-based access without exposing passwords.
- Token-based access: Access tokens can be revoked at any time, and they automatically expire if not used regularly.
- No credential storage by AI providers: Your Dataslayer login credentials are never transmitted to or stored by Claude, ChatGPT, or Mistral AI.
- Scoped permissions: The MCP connection only has access to retrieve data. It cannot modify your Dataslayer account, change settings, or access marketing platform credentials.
Industry certifications
Dataslayer holds internationally recognized security and privacy certifications that validate our commitment to protecting your data:
- ISO 27001: Certified for Information Security Management Systems, covering cybersecurity and privacy protection.
- ISO 27701: Privacy-focused certification ensuring compliance with GDPR, CCPA, and other data protection regulations.
- Audited by Bureau Veritas: Our certifications are regularly audited by an accredited third-party certification body.
These certifications ensure that Dataslayer's infrastructure, processes, and handling of your marketing data meet global best practices for information security and privacy management.
Learn more about our security practices at dataslayer.ai/security.
Managing and revoking access
You have full control over your MCP connections:
To revoke access from an AI provider:
- Go to the AI provider's settings (Apps & Connectors in ChatGPT, Connectors in Mistral, or Settings in Claude)
- Find Dataslayer in your connected servers
- Click Disconnect or Remove
Disconnecting the MCP server immediately revokes the access token, and the AI provider can no longer retrieve data from your Dataslayer account.
Provider-specific considerations
While the authentication process is similar across all three AI providers, there are some differences:
- Claude: Uses the same OAuth2.1 process. Authentication happens during the initial setup.
- ChatGPT: Also uses OAuth2.1. Requires Developer mode to be enabled and only works on the web interface.
- Mistral AI: Uses OAuth2.1 authentication. Available on all plan tiers, including free accounts. EU-hosted infrastructure provides additional data sovereignty benefits.
All three providers use the same Dataslayer MCP server URL and the same authentication method.
What happens if my token expires?
Access tokens are designed to remain active as long as you're using the connection regularly. If a token expires due to inactivity:
- You'll receive an error message when trying to query data
- Simply disconnect and reconnect the MCP server to re-authenticate
- Your previous settings and configuration are preserved
Data residency and compliance
Your marketing data flows directly from Dataslayer to the AI provider you're using:
- Claude: Anthropic's infrastructure
- ChatGPT: OpenAI's infrastructure
- Mistral AI: EU-based data centers (GDPR compliant)
Dataslayer acts as the secure intermediary, ensuring your underlying marketing platform credentials never leave Dataslayer's infrastructure.
Privacy and data retention
- Dataslayer stores your authentication credentials and access tokens securely
- AI providers process the query results you request, but typically don't retain your specific marketing data long-term (refer to each provider's privacy policy for details)
- Your marketing platforms (Google Ads, Facebook Ads, etc.) remain separate. MCP only retrieves data, it never modifies or accesses credentials
Related questions
- Which AI providers does Dataslayer MCP support?
- What are the differences between ChatGPT, Claude, and Mistral within MCP?
- Can I use multiple AI providers at the same time?
As always, please contact us via our live chat on our website or via email if you still have doubts or questions. We are happy to help!