Is my data secure when using MCP with external AI models?
Dataslayer MCP uses enterprise-grade security with OAuth 2.1 authentication, encrypted connections, and ISO 27001 certification. Your credentials stay with Dataslayer, AI providers only receive the specific data you request.
Short answer: Yes. When you connect Dataslayer to an external LLM via MCP (Claude, ChatGPT, Mistral, a self-hosted model, etc.), your credentials never leave Dataslayer, traffic is encrypted, and only the minimum information needed to answer your query is ever sent to the model.
How MCP security works
- You authenticate directly with Dataslayer via OAuth 2.1.
- Dataslayer issues an encrypted access token to your AI provider.
- When the AI needs data, it requests it through Dataslayer's MCP server.
- Your marketing platform credentials (Google Ads, Meta Ads, GA4, LinkedIn Ads, TikTok Ads, etc.) never leave Dataslayer, they are never passed to any LLM, under any circumstance.
The natural-language layer (applies to every LLM)
Regardless of which LLM you connect through MCP (Claude, ChatGPT, Mistral, a local model, etc.), a small part of the request flow passes through OpenAI. We use it to transform your natural-language query into the structured prompt that the chosen LLM then executes.
The information that goes through this step is only the minimum necessary to resolve the query. It may include things like an account or campaign name, but never raw data, rows, credentials, or PII.
What is shared vs. what is protected
Sent to the AI model:
- Marketing data explicitly requested in the query
- Query results answering your specific question
Never sent to any AI model:
- Your Dataslayer login credentials
- Your marketing platform credentials (Google Ads, Meta Ads, GA4, LinkedIn Ads, TikTok Ads, etc.)
- Unrequested data or account settings
- Anything outside the scope of the current question
Security protections
- Encryption in transit via industry-standard HTTPS/TLS
- OAuth 2.1 authentication protocol
- ISO 27001 & ISO 27701 certifications (audited by Bureau Veritas)
- Token-based access with automatic expiration
- Scoped, read-only permissions
- No credential storage with any AI provider
You control your data
- Revoke access at any time: disconnect the AI provider from Dataslayer whenever you want. Access ends immediately.
- Choose what to share: you decide which accounts and data sources are available in each session.
Bring your own LLM (including local models)
You can connect Dataslayer MCP to any MCP-compatible LLM, including:
- Hosted models (Claude, ChatGPT, Mistral, Gemini, etc.)
- Local / self-hosted models running on your own infrastructure
When you use a local model, data residency is maximal: the model runs on your machines or in your private environment, so the only data leaving your perimeter is the MCP traffic to Dataslayer itself, which is already encrypted and covered by our certifications.
The overall security posture in this setup depends on the LLM you choose, combined with the security guarantees of Dataslayer MCP. This is the recommended configuration for organizations with strict data residency or compliance requirements.
Data residency
Data residency depends on which LLM you use with MCP:
- Anthropic (Claude): query traffic traverses Anthropic's infrastructure.
- OpenAI (ChatGPT): query traffic traverses OpenAI's infrastructure.
- Mistral: query traffic traverses Mistral's EU-based infrastructure for GDPR compliance.
- Local / self-hosted LLM: data stays within your own environment. Maximum residency control.
In every case, your marketing platform credentials remain with Dataslayer and are never shared with any model.
Related FAQs
Looking for a different way to use AI with Dataslayer? See also:
- How secure is my data with the Dataslayer AI Chat? The AI Chat built into app.dataslayer.ai, powered by Google Gemini.
- How secure is my data with Dataslayer GPT? The Dataslayer Custom GPT inside ChatGPT.
As always, please contact us via our live chat on our website or via email if you still have doubts or questions. We are happy to help!