Privacy Policy

Last updated: June 4, 2025

Introduction

Summon (“we,” “our,” or “us”), developed by Chainlit SAS, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect information when you use Summon, our open-source desktop application for working with AI agents and Model Context Protocol (MCP) servers.

What Summon Is

Summon is a local-first desktop application that helps developers:

  • Generate MCP client setups from OpenAPI specifications
  • Securely manage API credentials
  • Create local mock MCP servers for testing
  • Connect to and debug MCP interactions
  • Edit and iterate on tool definitions

Data Collection and Storage

What We DON’T Collect

We do not collect, store, or transmit:

  • Your API specifications or OpenAPI files
  • Your API credentials or authentication tokens
  • Your tool definitions or configurations
  • Any data processed through MCPs
  • Personal files or documents
  • Any content you create or modify within the application

What We DO Collect

We collect only anonymous usage metadata through PostHog analytics, including:

  • Application start/stop events
  • Feature usage statistics (which features are used, not what data is processed)
  • Error events and crash reports (without personal data)
  • Performance metrics
  • General usage patterns

This metadata helps us understand how the application is being used and improve the user experience. We never collect the actual content of your work.

Local Data Storage

All your working data is stored locally on your device:

  • OpenAPI specifications are stored in your local file system
  • API credentials are securely stored in your operating system’s keychain (macOS Keychain, Windows Credential Manager, Linux Secret Service)
  • MCP configurations and tool definitions are saved locally
  • Application settings and preferences are stored locally

We have no access to any of this local data.

Third-Party Services

PostHog Analytics

We use PostHog for anonymous usage analytics. PostHog may collect:

  • Anonymous usage events
  • Technical information about your device (OS version, app version)
  • Performance and error data

PostHog’s privacy policy can be found at: https://posthog.com/privacy

No personally identifiable information or your working data is sent to PostHog.

Website Analytics and Marketing Partners

When you visit our website, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email. We (or service providers on our behalf) may then send communications and marketing to these emails. You may opt out of receiving this advertising by visiting https://app.retention.com/optout.

Data Security

Since Summon is local-first:

  • Your sensitive data never leaves your device
  • API credentials are stored using your operating system’s secure credential storage
  • We implement industry-standard security practices in our codebase
  • The application is open-source, allowing for community security review

Future Changes

We are planning to introduce optional cloud features in the future, including:

  • Team collaboration capabilities
  • Enhanced observability and monitoring
  • Advanced testing and optimization features

When we introduce server-side features, we will:

  • Update this privacy policy with clear information about any data collection
  • Provide you with clear choices about using cloud features
  • Maintain the local-first approach as the default option
  • Give you advance notice of any changes

Your Rights

Since we don’t collect personal data beyond anonymous usage metrics:

  • Your working data remains entirely under your control
  • You can disable analytics in the application settings
  • You can delete the application and all local data at any time

Open Source Commitment

Summon’s core functionality is open-source. You can:

  • Review our code to understand exactly what data is collected
  • Contribute to the project on GitHub
  • Fork the project if you prefer a completely analytics-free version

Changes to This Policy

We may update this Privacy Policy from time to time. When we introduce new features (especially cloud features), we will:

  • Update this policy accordingly
  • Notify users of significant changes
  • Provide clear opt-in choices for any new data collection

Contact Us

If you have questions about this Privacy Policy, please contact us at:

Regional Compliance

This privacy policy is designed to comply with major privacy regulations including GDPR, CCPA, and other applicable laws. Since we collect minimal data and everything is processed locally, compliance requirements are minimal.