> ## Documentation Index
> Fetch the complete documentation index at: https://eli.work/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Data protection

> What the ELI MCP can and cannot access — and why it can never reach the data inside your tools.

Connecting ELI to your AI assistant is safe by design. This page lays out
exactly what the MCP connection can access — the complete list — and what it has
no ability to touch at all.

<Note>
  **The one thing to know.** ELI's MCP works only with *metadata about your
  software stack* — which tools you run, what they cost, and who has access. It
  has **no capability to read the content inside those tools**: no emails,
  messages, documents, files, source code, tickets, calendars, or customer
  records. That isn't a policy we choose to follow — there is no operation in the
  connection that can do it.
</Note>

## Everything the MCP can do

The connection exposes exactly five tools. This is the complete surface — it
cannot perform any operation that isn't on this list.

<CardGroup cols={2}>
  <Card title="Search the catalog" icon="magnifying-glass">
    Searches ELI's **public** catalog of 10,000+ software tools. Uses no data
    from your workspace. Read-only.
  </Card>

  <Card title="Tool details" icon="file-lines">
    Returns public details about one tool from that catalog. Uses no data from
    your workspace. Read-only.
  </Card>

  <Card title="Your stack" icon="layer-group">
    Returns the stack metadata for workspaces you belong to: workspace name, the
    tools in each, their monthly cost, team members and their roles. Read-only.
  </Card>

  <Card title="Insights" icon="chart-line">
    Returns read-only analytics calculated from the stack metadata above. Nothing
    new is collected, and nothing outside your workspace is used.
  </Card>
</CardGroup>

The fifth tool can make **administrative** changes only — like adding a team
member, adjusting a role, or cancelling a license. Even then it never touches the
data inside your tools, only who has access and what you pay. See
[Administrative actions](#administrative-actions) for the full list and the
safeguards around it.

## What the MCP can never access

These aren't restrictions we apply — they're capabilities the connection simply
doesn't have. No tool listed above, given any input, can reach them.

<Columns cols={2}>
  <Card title="Can see" icon="circle-check">
    * Names, categories, and status of the tools you run
    * Monthly spend and seat counts per tool
    * Team members and their roles
    * Renewal dates and contract terms
    * Public information about tools in ELI's catalog
  </Card>

  <Card title="Can never access" icon="circle-xmark">
    * The **content** inside your tools — emails, messages, files, documents,
      code, tickets, calendars, customer records
    * Any workspace you don't belong to
    * Your stored connector credentials (encrypted, never returned)
    * Your passwords or login credentials
    * Raw payment card numbers (held by Stripe, never by ELI)
  </Card>
</Columns>

<Info>
  Why "never"? A connected tool only ever exposes a fixed set of administrative
  facts to ELI — who has access, how many seats, and what it costs. Reading a
  message or opening a file is not one of the operations the connection can
  perform, so no prompt — however it's phrased — can make it happen.
</Info>

## Administrative actions

One tool — and only one — can do more than read, and everything it does is
**administrative**: it changes who has access, how many seats, and which licenses
are active — never the data inside a tool. It runs a **fixed, standardized list**
of operations, and nothing outside this list can ever be run:

<CardGroup cols={2}>
  <Card title="Read operations">
    List users · list seats · view billing — see who has access, seat counts,
    and billing. Read-only.
  </Card>

  <Card title="Management operations">
    Add a user · deactivate a user · change a role · reduce seats · cancel a
    license — change access, roles, or licenses.
  </Card>
</CardGroup>

Every management operation is protected on multiple layers, enforced in the
backend — not just in the prompt:

<CardGroup cols={2}>
  <Card title="Only when you ask" icon="hand">
    Management operations run only when you explicitly request them. ELI never
    initiates a change on its own.
  </Card>

  <Card title="Permission-gated" icon="lock">
    They require tool-management permission on top of workspace membership.
    Without it, the action is refused.
  </Card>

  <Card title="Workspace-bound" icon="shield">
    A connection registered to one workspace is rejected if used from another.
    You can only act on tools in your own workspace.
  </Card>

  <Card title="Fully logged" icon="list-check">
    Every action — successful or failed — is written to your activity log: who,
    what, and when.
  </Card>
</CardGroup>

## How access is controlled

<CardGroup cols={2}>
  <Card title="Authenticated every request">
    Each request authenticates with OAuth 2.0 or a Personal Access Token bound to
    ELI's MCP server specifically. A token issued for anything else is rejected.
  </Card>

  <Card title="Short-lived & revocable">
    Access tokens expire hourly. Personal Access Tokens are stored only as a hash
    (we can't recover them) and can be revoked instantly — effective on the next
    request.
  </Card>

  <Card title="Encrypted end to end">
    All traffic runs over HTTPS (TLS 1.2+). Data is encrypted at rest (AES-256);
    connector credentials are additionally sealed with AES-256-GCM.
  </Card>

  <Card title="Never used for training">
    Your data and prompts are never used to train or fine-tune any AI model,
    internal or external.
  </Card>
</CardGroup>

## You stay in control

You decide what to connect, and you can cut off access at any time by revoking
your token or disconnecting the MCP — it takes effect on the next request. For
how ELI stores the credentials behind your connections, see [Security](/security).

<Note>
  Questions about how your data is handled, or want to review our controls in
  depth? Email [security@techbible.ai](mailto:security@techbible.ai).
</Note>
