MCP Connector Privacy Notice
Last updated: June 2026
This notice explains how the Soon MCP connector handles data when you connect Soon to an AI client (such as Claude, ChatGPT, Codex, Cursor, or any other Model Context Protocol client). It is specific to the connector. It sits alongside, and does not replace, our main Privacy Policy and Terms of Service, which continue to apply to your use of Soon.
In short: when you connect an AI client to Soon, the client can read and, with the right permissions, change your team's schedule on your behalf, using only the access your Soon account already has. We do not create a separate copy of your schedule for the connector and we do not sell your data. The key thing to understand is that once you ask the AI client to do something, the schedule data it reads is sent to that AI provider, which is a separate company with its own privacy policy. You can disconnect at any time.
1. Who is responsible for your data
Soon is workforce-scheduling software used by employers and teams. For most data processed through the connector, your employer or team is the data controller and Soon Technologies B.V. acts as a data processor on their behalf, under the agreement between Soon and that organization. This notice describes what the connector does so that controllers, administrators, and team members understand it.
- Service provider: Soon Technologies B.V., Herengracht 420, 1017 BZ Amsterdam, The Netherlands (KvK 75939401).
- Website: https://soon.works
- Connector ("MCP server"): soon-mcp, served at https://mcp.soon.works/mcp
- Privacy contact: hello@soon.works
2. What the connector does
The connector lets an AI client you choose connect to Soon over an encrypted, OAuth-protected connection. After you sign in and approve the connection, the AI client can call a defined set of tools to:
- Read scheduling information (who you are, your boards, team members, shifts, roles, assignments, leave, availability, and workload statistics).
- Make changes when you ask it to and your permissions allow (create or edit shifts, assign or remove people, publish schedules, request or approve leave, and manage intraday activities).
The connector only ever acts with the permissions your own Soon account already has. It cannot see teams, boards, or people you could not see directly in Soon, and a team member cannot use it to gain administrator powers they do not otherwise have. Your role and board access are re-checked on every request.
3. What data the connector can access
The data the connector can read or change depends on your role and which tools the AI client calls. It can include:
Identity and account
- Name (first, last, display name) and email address
- Profile avatar, time zone, language, and time-format preference
- Account verification status, team role (for example admin or member), and board access level
Schedule and work
- Boards, shifts, shift roles, and locations or sublocations where work happens
- Assignments: who is scheduled, plus scheduled and actual start, end, and break times
- Workload statistics: scheduled hours, contract or minimum weekly hours, remaining, over, and under-contract hours, utilization, days worked, longest shift, consecutive days, and weekend hours
- Job-role and skill taxonomy assigned to people
- Schedule-change requests (cover, swap, cancellation, time changes) and who raised them
- Intraday activities inside shifts (for example when each person takes lunch or breaks)
Leave and availability
- Leave and absence records: dates, status, and the leave category (which can imply a reason, such as sickness or parental leave)
- Availability patterns derived from existing shifts and leave
Sensitive data
Some of the above can be sensitive. In particular, leave and absence categories may imply a reason for absence, and workload statistics (consecutive days, weekend hours, over-contract hours) can indicate working intensity. The connector applies Soon's existing access rules: for example, a team member cannot read other people's leave that is marked private, while administrators can. Treat any output that contains this information accordingly, and only ask the AI client to surface it when you have a legitimate reason to.
4. How the connection works and what we store
To connect, the AI client uses the OAuth 2.0 authorization-code flow with PKCE (SHA-256) and Dynamic Client Registration. You sign in to Soon and approve a consent screen that names the client and the permissions ("scopes") it is requesting. To operate the connection, Soon stores:
- Tokens and authorization codes, stored only as one-way (hashed) values, never in plain text. Access tokens expire after 1 hour, refresh tokens after 30 days, and authorization codes after 10 minutes. Refresh tokens rotate, and reuse of a stolen token revokes the whole session.
- Client registration details for the AI client (its name, the redirect URLs it registered, and the requested scopes).
- The user and team identifiers the connection is bound to, and the scopes granted.
The connector reads your live Soon data at the moment a tool is called. It does not create a separate stored copy of your schedule, team, or leave data.
For security and troubleshooting, Soon writes application logs that record events such as token issuance, token verification, and each tool call. These logs include identifiers (user ID, team ID, client ID) and the scopes used. Token values themselves are masked. Operational logs are kept only as long as needed for security and troubleshooting and are then deleted in line with our standard retention practices.
5. Who your data is shared with
The AI client or provider you connect (important). When you ask the AI client to do something, the data the connector returns is sent to that client and the company that operates it (for example Anthropic for Claude, or OpenAI for ChatGPT and Codex). That provider is a separate controller or processor governed by its own privacy policy and terms, not by this notice. Soon does not control how that provider stores, processes, or trains on the data it receives. Review the AI provider's policy before connecting, and only request the data you need for the task.
Soon's own services. When you use the staffing or intraday optimization tools, the connector sends the relevant scheduling data (such as user IDs, time zones, role and shift timing, and for intraday, user names) to Soon's own optimization services to compute suggestions. These are Soon-operated systems, not third-party vendors, and are covered by Soon's agreement with your organization.
Product feedback. If you use the feedback tool to send a message to the Soon team, that message is delivered to Soon's internal channel together with your name, email, and team name, so we can follow up. This only happens when you explicitly submit feedback.
Infrastructure providers. Soon runs on cloud infrastructure (Amazon Web Services, in the EU / Ireland region) and uses a cache that briefly holds your IP address to rate-limit requests. These providers process data on Soon's instructions as sub-processors.
We do not sell your personal data and do not use connector data for advertising.
6. International transfers
Soon hosts connector infrastructure in the EU (AWS eu-west-1, Ireland). If you connect an AI client whose provider is outside the EU / EEA (for example a US-based provider), then the data you ask that client to read will be transferred to that provider under its own terms and safeguards. That transfer is a direct result of your decision to connect and use that client.
7. Legal basis (EEA / UK)
Where Soon acts as a processor, it processes connector data on the documented instructions of your organization (the controller), under the data-processing terms in their agreement with Soon. The connection itself is established on the basis of your explicit authorization through the OAuth consent screen. Your organization, as controller, is responsible for ensuring it has a lawful basis to make this data available to an AI client.
8. Data retention
- Authorization codes: expire after 10 minutes.
- Access tokens: expire after 1 hour.
- Refresh tokens: expire after 30 days, or immediately when you disconnect or revoke.
- Client registrations and logs: retained as described in section 4.
- Your scheduling data: retained in Soon under your organization's main agreement, not by the connector, which holds no separate copy.
9. Your choices and rights
- Disconnect at any time from within your AI client, or by revoking access in Soon. Revoking ends the session and invalidates the associated tokens immediately.
- Grant the minimum. Approve only the scopes you need on the consent screen.
- Access, correction, deletion, and other rights. Because your employer is usually the controller, please direct requests to access, correct, export, or delete personal data to your organization's Soon administrator, or contact us at hello@soon.works and we will assist the controller. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local supervisory authority.
10. Security
- All connector traffic is over HTTPS / TLS.
- All tokens and authorization codes are stored only as one-way hashes.
- OAuth requires PKCE (SHA-256); refresh tokens rotate with theft detection.
- Access is scoped and re-checked against your live role and board permissions on every request, including a separate authorization check for write actions.
- Rate limiting protects the authorization and connector endpoints.
No system is perfectly secure, but Soon applies the controls above to protect connector access.
11. Children
Soon is a workplace product and is not directed to children. The connector is not intended for anyone under the age at which they can lawfully work in their jurisdiction.
12. Changes to this notice
We may update this notice as the connector evolves. Material changes will be reflected by the "Last updated" date above and, where appropriate, communicated to connected organizations.
13. Contact
Questions about this notice or about how the connector handles data:
Soon Technologies B.V.
Herengracht 420
1017 BZ Amsterdam
The Netherlands
KvK: 75939401
Email: hello@soon.works