The one thing to know. ELI’s MCP works only with metadata about your
software stack — which tools you run, what they cost, and who has access. It
has no capability to read the content inside those tools: no emails,
messages, documents, files, source code, tickets, calendars, or customer
records. That isn’t a policy we choose to follow — there is no operation in the
connection that can do it.
Everything the MCP can do
The connection exposes exactly five tools. This is the complete surface — it cannot perform any operation that isn’t on this list.Search the catalog
Searches ELI’s public catalog of 10,000+ software tools. Uses no data
from your workspace. Read-only.
Tool details
Returns public details about one tool from that catalog. Uses no data from
your workspace. Read-only.
Your stack
Returns the stack metadata for workspaces you belong to: workspace name, the
tools in each, their monthly cost, team members and their roles. Read-only.
Insights
Returns read-only analytics calculated from the stack metadata above. Nothing
new is collected, and nothing outside your workspace is used.
What the MCP can never access
These aren’t restrictions we apply — they’re capabilities the connection simply doesn’t have. No tool listed above, given any input, can reach them.Can see
- Names, categories, and status of the tools you run
- Monthly spend and seat counts per tool
- Team members and their roles
- Renewal dates and contract terms
- Public information about tools in ELI’s catalog
Can never access
- The content inside your tools — emails, messages, files, documents, code, tickets, calendars, customer records
- Any workspace you don’t belong to
- Your stored connector credentials (encrypted, never returned)
- Your passwords or login credentials
- Raw payment card numbers (held by Stripe, never by ELI)
Why “never”? A connected tool only ever exposes a fixed set of administrative
facts to ELI — who has access, how many seats, and what it costs. Reading a
message or opening a file is not one of the operations the connection can
perform, so no prompt — however it’s phrased — can make it happen.
Administrative actions
One tool — and only one — can do more than read, and everything it does is administrative: it changes who has access, how many seats, and which licenses are active — never the data inside a tool. It runs a fixed, standardized list of operations, and nothing outside this list can ever be run:Read operations
List users · list seats · view billing — see who has access, seat counts,
and billing. Read-only.
Management operations
Add a user · deactivate a user · change a role · reduce seats · cancel a
license — change access, roles, or licenses.
Only when you ask
Management operations run only when you explicitly request them. ELI never
initiates a change on its own.
Permission-gated
They require tool-management permission on top of workspace membership.
Without it, the action is refused.
Workspace-bound
A connection registered to one workspace is rejected if used from another.
You can only act on tools in your own workspace.
Fully logged
Every action — successful or failed — is written to your activity log: who,
what, and when.
How access is controlled
Authenticated every request
Each request authenticates with OAuth 2.0 or a Personal Access Token bound to
ELI’s MCP server specifically. A token issued for anything else is rejected.
Short-lived & revocable
Access tokens expire hourly. Personal Access Tokens are stored only as a hash
(we can’t recover them) and can be revoked instantly — effective on the next
request.
Encrypted end to end
All traffic runs over HTTPS (TLS 1.2+). Data is encrypted at rest (AES-256);
connector credentials are additionally sealed with AES-256-GCM.
Never used for training
Your data and prompts are never used to train or fine-tune any AI model,
internal or external.
You stay in control
You decide what to connect, and you can cut off access at any time by revoking your token or disconnecting the MCP — it takes effect on the next request. For how ELI stores the credentials behind your connections, see Security.Questions about how your data is handled, or want to review our controls in
depth? Email security@techbible.ai.