Legal & data handling
Draft — pending legal review
This page is a draft generated for internal review. It has not yet been reviewed or approved by legal counsel and is not a final, binding legal document. It will be finalized with counsel before being relied upon. Do not treat it as legal advice.
This page explains, in plain terms, how the Tecnicora MCP for Odoo connector handles your data, who processes it, and what the connector can and cannot do. For the detailed drafts, see the linked documents at the bottom.
How your data flows
Your Odoo credential is encrypted and held inside your own session token by Anthropic's connector system — Tecnicora does not store it at rest. When you ask Claude a question, your encrypted credential and the resulting Odoo data are processed through Anthropic's cloud and Tecnicora's server in real time, then discarded. Tecnicora stores neither your credentials nor your business data at rest. The connection is read-only: Tecnicora's tools can read your Odoo data but cannot create, edit, or delete anything.
The three-party data path
When you ask Claude a question that touches your Odoo, the request travels along a path with three parties:
- Your Odoo — the source of the business data, hosted by you or your Odoo provider (Odoo Online, Odoo.sh, or self-hosted).
- Tecnicora's server (Fly.io) — the MCP connector at
https://mcp-odoo.tecnicora.com/mcp. It authenticates the request, reads the requested data from your Odoo over a read-only connection, and returns it. It does not persist your credentials or your data. - Anthropic's cloud — where Claude runs and where your encrypted session token (which holds your Odoo credential) is kept by the connector system.
Data moves between these three parties in real time and is discarded when the request completes.
Sub-processors
Tecnicora relies on the following sub-processors to deliver the service:
| Sub-processor | Role |
|---|---|
| Fly.io | Hosting and compute for Tecnicora's MCP connector server. |
| Anthropic | Claude (the AI assistant) and the connector store that holds your encrypted session token. |
| WorkOS | Authentication and magic-link login. |
| Stripe | Subscription billing — if and when a paid tier exists. |
Credential & security posture
- Read-only connector. The connector's tools can read your Odoo data but cannot create, edit, or delete anything in Odoo. It is an assistant, not an auditor.
- Encrypted credential. Your Odoo API key is encrypted (Fernet) inside your own session token. Tecnicora does not store it at rest.
- Nothing persisted, nothing logged. Tecnicora does not store your credentials or your business data at rest on its servers, and does not log your business data.
- You stay in control. You can revoke the API key in Odoo at any time (My Preferences → Security → API Keys). The connection stops working immediately.
- Scope it down. We recommend connecting with a dedicated, read-only Odoo user so Claude sees only what that user is allowed to see.
Informational use only — not professional advice
Not accounting, tax, or financial advice
The connector's output is informational and analytical only. It is not accounting, tax, legal, or financial advice. Always verify the underlying data in Odoo before making any business, accounting, or financial decision. Because the connector is read-only, it cannot change your records — it is an assistant, not an auditor.
Detailed documents
- Privacy Policy — what data is processed and what is not stored.
- Terms & Conditions — the terms of using the service.
- Acceptable Use Policy — what you may and may not do with the connector.
- Data Processing Agreement (summary) — roles, sub-processors, and how to request the full DPA.
Contact
For any legal or data-handling question, contact your Tecnicora consultant or Tecnicora support.