Skip to main content
This page explains how the MCP connector handles access and data, so you and your security team know what to expect before connecting. The connector reaches Kepler the same way the app does and is held to the same protections.

Authentication and access

  • You sign in as yourself. The connector authenticates with OAuth 2.1 against your Kepler account. There are no API keys to create, paste, or rotate.
  • Scoped to you. Your assistant can reach only your own conversations and results, the same data you would see in the app. You cannot see another user’s research, and they cannot see yours.
  • Your sign-in token stays at the edge. Your access token is validated when it reaches Kepler and is not passed along to the systems that run your research. Those systems act on your verified identity, not your credentials.
  • Access is read and run management only. Through the connector, your assistant can start, continue, and cancel your own research runs and read your own results. It cannot change your account settings or anyone else’s data.

What is stored

Your research conversations and their results are saved to your Kepler account, just as they are when you use the app. That is what lets you revisit a run later, list recent runs, and continue a conversation with full context. A run you start through the connector appears in the web app, and the reverse holds too.

What Kepler reads

To answer a request, Kepler reads public primary sources: SEC filings (XBRL), earnings call transcripts, and market data. It works from these documents directly, which is what makes every figure auditable through its citations.

Transport

All communication with the connector is over HTTPS, so traffic between your client and Kepler is encrypted in transit.

Compliance and trust

Kepler maintains a formal security program and is SOC 2 Type II certified, with GDPR and CCPA support, and ISO 27001 in progress. For current details, certifications, and to request documentation, see the Kepler security page and the Trust Portal.

Your data, retention, and deletion

How Kepler collects, retains, and deletes data, and your rights over it, are governed by Kepler’s policies. Rather than restate them here, refer to the authoritative documents:

Privacy Policy

How Kepler handles personal data and your rights.

Terms

The terms governing your use of Kepler and your data.

Questions

For security reviews, data processing questions, or vendor assessments, email support@kepler.ai or see Contact us.