Privacy Policy — Saudi Invoice MCP

Summary: this service is stateless and stores nothing. No database, no accounts, no cookies, no analytics.

Request parameters — the base64 signed UBL invoice, its invoiceHash and uuid, and your bring-your-own ZATCA CSID credentials (x-zatca-csid-token, x-zatca-csid-secret) sent as HTTP headers — are used in memory only to forward the reporting/clearance/compliance submission to the government ZATCA gateway (Fatoora), then discarded. The invoice is already signed on your side; this server never signs, never computes or stores the ICV/PIH hash-chain, and never persists the CSID. Invoice data is processed and stored by ZATCA under the merchant's own taxpayer context. The host (Vercel) keeps short-lived HTTP logs per its privacy policy; credential headers are never logged by the application.

Because nothing is stored, there is nothing to delete or export.

Contact: reports@wishpool.app · Source (MIT): github.com/junter1989k-ai/saudi-invoice-mcp