Skip to content

Point Hacks MCP App – Privacy Addendum

This addendum supplements the Point Hacks Privacy Policy and describes data practices for the Point Hacks MCP App when used through ChatGPT, Claude, or other MCP-compatible clients.

What the MCP App does

The Point Hacks MCP App helps users discover and compare Australian credit card and frequent flyer offers published on Point Hacks. It is an informational comparison tool. Point Hacks Australia Pty Ltd is not a credit provider and does not provide personal financial advice.

Authentication

The MCP App does not require users to log in. No Point Hacks account is created or accessed through the connector.

Data we collect through the MCP App

Server-side (MCP tool responses)

When tools run, our server fetches public offer catalog data from the Point Hacks Plastic API (card names, fees, bonuses, guide URLs, apply URLs, and related editorial fields). This data is returned to the AI client to answer the user’s request.

We append attribution query parameters to outbound guide and apply links in tool output:

  • placementslugpt
  • UTM parameters (utm_sourceutm_mediumutm_campaign, and related fields when present)

These parameters identify that the click originated from the MCP integration. They do not include payment card numbers, government identifiers, or ChatGPT/Claude conversation content.

Client-side (interactive UI views)

When a user interacts with the card finder or card preview UI inside an MCP App iframe, we may append similar attribution parameters when the user clicks ApplyRead the guide, or Card Match links.

In the browser context we may also read or set:

  • custom_client_id cookie (gaid) when present on Point Hacks domains
  • A first-party anon_uid in browser storage when no gaid cookie exists
  • UTM values previously stored in browser storage
  • Standard ad click identifiers from the page URL (gclidfbclid, etc.) when present

We use these solely for affiliate attribution and analytics aligned with our existing site practices.

Data we do not collect

  • ChatGPT or Claude conversation transcripts
  • User files or attachments from the AI client
  • Credit card numbers, bank account details, or government-issued identifiers
  • MCP user account credentials (the connector is unauthenticated)

Third parties

Outbound links may route through Point Hacks-owned redirect and apply domains (secure-apply.pointhacks.comgo.pointhacks.com) before reaching card issuers or partners. Third-party sites are governed by their own privacy policies.

Offer data is served from Point Hacks infrastructure (Plastic / PocketBase on pointhacks-plastic-delivery.fly.dev and plastic.pointhacks.com.au).

Fonts are loaded from Adobe Typekit (use.typekit.netp.typekit.net). Card images may be served from i.pointhacks.com and Plastic file storage.

Affiliate disclosure

Point Hacks may receive commissions when users apply for products through tracked links. Commission relationships are disclosed in the app UI where applicable and on Point Hacks guide pages.

Retention

Attribution clicks are processed according to Point Hacks’ existing delivery and analytics retention practices described in the main Privacy Policy. Browser storage values persist according to standard cookie and local storage lifetimes on the user’s device.

Your choices

Users can stop using the connector at any time by disconnecting it in their AI client settings. Browser storage and cookies can be cleared through normal browser controls.

Changes

We may update this addendum when the MCP App changes. The “Last updated” date above will be revised when material changes are published.

Contact

Questions about this addendum: [email protected]