Daeda MCP - Security & Data Storage

Security & Data Storage

Your CRM data security is our top priority. Here's how Daeda MCP protects your information.

Data Storage Location

Your CRM data is stored locally at:
Platform
Path
macOS/Linux
~/.daeda-mcp/data/
Windows
%APPDATA%\daeda-mcp\data\

Security Features

  • All data stays on your machine - Nothing is sent to Daeda servers
  • Database is encrypted at rest - Uses your HubSpot token as the encryption key
  • Only SELECT queries are allowed - AI can read but never modify your CRM
  • Dangerous SQL keywords are blocked - INSERT, UPDATE, DELETE, DROP, etc.
  • Your HubSpot token is never stored - Only used for encryption and API calls

Token Handling

If you change your HubSpot token, the database will be re-initialized automatically since it's encrypted with the previous token.

Read-Only Access

The get_raw_sql tool enforces strict read-only access:
  • Queries must start with SELECT or WITH
  • Multiple statements (semicolons) are rejected
  • A blocklist prevents dangerous keywords
  • Results are limited to 1,000 rows
  • Query timeout is 30 seconds

Permissions Required

Daeda only requests the minimum HubSpot scopes needed:
Scope
Purpose
crm.export
Bulk export of CRM data
crm.objects.contacts.read
Read contact records
crm.objects.companies.read
Read company records
crm.objects.deals.read
Read deal records
No write permissions are ever requested.