Last updated: March 17, 2026
Drivepoint MCP Integration Privacy Policy
This privacy policy describes how Bainbridge Growth Incorporated (“Drivepoint,” “we,” “us,” or “our”) collects, uses, and protects data in connection with the Drivepoint MCP integration for Claude (“the Integration”). This policy applies specifically to the Integration; for Drivepoint’s general privacy policy, see Privacy Policy.
How the Integration Works
The Drivepoint MCP integration allows Claude (Anthropic) to access your Drivepoint financial data on your behalf, but only when you explicitly authorize the connection and invoke a tool.
When you connect Drivepoint to Claude, you authenticate via OAuth 2.0 and select the Drivepoint company whose data you want to access. Once connected, Claude can call Drivepoint’s MCP tools to retrieve your financial plan data. Each tool call results in financial data being sent from Drivepoint to Anthropic’s servers so that Claude can process your request and return a response.
No data is shared with Claude unless you initiate a request. You can revoke access at any time.
What the tools expose
The Integration provides Claude with access to the following tools. Each tool returns data scoped to the company you selected during authorization:
- List plans — returns the names, IDs, and metadata of your financial plans
- Get plan content — returns the spreadsheet data (rows, columns, values) from specific tabs within a plan
- Compute values — returns calculated results (such as averages, totals, or filtered subsets) derived from your plan data
Tool responses are sent directly to Claude and are not cached, stored, or logged by the Integration after delivery.
OAuth token storage
Your authenticated session is maintained using OAuth 2.0 tokens stored in Google Cloud Firestore:
- Access tokens are short-lived (1 hour) and are not persisted on Drivepoint servers — they are issued to Claude for the duration of a session
- Refresh tokens are stored in Firestore and used to issue new access tokens. They expire after 30 days and are deleted immediately when you revoke access or when a new refresh token is issued (token rotation)
- Authorization codes are single-use and expire after 10 minutes if unused
Contact Information
For questions or concerns about this privacy policy or your data, contact us at:
Bainbridge Growth Incorporated
Email: support@drivepoint.io
Website: https://www.drivepoint.io
Data We Collect
When you connect your Drivepoint account to Claude through the Integration, we collect and process the following data:
Authentication data
- Your email address (used to verify your identity via Firebase Authentication)
- Your Drivepoint company selection (used to scope access to the correct company’s data)
OAuth session data
- Authorization codes (temporary, single-use, used to establish the connection)
- Access and refresh tokens (used to maintain your authenticated session with Claude)
Data accessed through the Integration
When you use Claude with the Drivepoint Integration, Claude may send requests to access your Drivepoint data on your behalf. The types of data accessed depend on the tools you invoke, and may include:
- Financial plan names and metadata
- Financial plan content (spreadsheet data from plan tabs)
- Computed values (such as averages or totals calculated from data you provide)
We only collect and process data that is necessary to perform the function you request. We do not collect conversation data from Claude. We do not access information about your previous Claude chats or Claude memory.
Data Retention
| Data | Retention |
|---|---|
| Authorization codes | Deleted immediately after use, or after 10 minutes if unused |
| Access tokens | Expire automatically after 1 hour; not stored on our servers |
| Refresh tokens | Expire after 30 days; deleted immediately upon revocation or token refresh |
| Financial plan data | Not stored — queried in real time and returned to Claude; not cached or persisted by the Integration |
Third-Party Data Sharing
We share data with the following third parties solely as required for the Integration to function:
| Third Party | Data Shared | Purpose |
|---|---|---|
| Anthropic (Claude) | Tool responses containing plan metadata, plan content, and computed values | Required for the Integration — Claude sends tool requests and receives responses |
| Google Firebase | Your email address | Used for identity verification during sign-in |
| Microsoft SharePoint | Authenticated API requests | Your Drivepoint financial plans are stored in SharePoint; data is fetched on demand when you request it through Claude |
We do not sell, rent, or otherwise share your data with any parties beyond those listed above. Data shared with Anthropic is subject to Anthropic’s own privacy policy and terms of use.
Usage and Storage
- Authentication data is used solely to verify your identity and authorize access to the correct company’s data.
- Financial plan data is fetched in real time when you invoke a tool through Claude. It is not stored, cached, or logged by the Integration.
- OAuth tokens are used exclusively to maintain your authenticated session between Claude and Drivepoint. Tokens are stored in Google Cloud Firestore.
- All communication between Claude and Drivepoint occurs over HTTPS.
Security measures
- OAuth 2.0 with PKCE (S256) to prevent authorization code interception
- Short-lived access tokens with automatic expiration
- Refresh token rotation (old tokens are deleted when new ones are issued)
- Authorization codes are single-use
- User access is scoped to companies they are explicitly authorized for
Your Rights
You may revoke Claude’s access to your Drivepoint data at any time by contacting support@drivepoint.io. Upon revocation, all associated tokens are immediately deleted.
For questions about your data or to request data deletion, contact support@drivepoint.io.
Changes to This Policy
We may update this policy from time to time. If we make material changes, we will update the “Last updated” date at the top of this page.
