How do I generate an MCP server with FloMCP?

Sign up for a free account (no card required), describe your server in plain English across 5 short steps, and FloMCP generates complete TypeScript code — Zod schemas, handlers, error handling, and README included. Download and run immediately.

What is an MCP server and why do I need one?

An MCP server exposes your tools, APIs, and databases to AI assistants like Claude and GitHub Copilot. Without one, your AI only uses its training data. With one, it can query your database, call your APIs, and take real actions in real time. FloMCP generates the complete server code so you don't have to write the boilerplate yourself.

How long does it take to build MCP online?

As little as 1 minute with FloMCP, compared to 10+ hours writing one manually. FloMCP automates every step from schema creation to error handling.

Can I build MCP for Claude and Copilot?

Yes — generated servers work with Claude Desktop, GitHub Copilot, Cursor, Windsurf, Cline, and any assistant supporting the MCP standard.

Are FloMCP servers secure?

Yes. FloMCP generates OWASP-compliant code with input validation, zero hardcoded credentials, bounded execution, and protection against SSRF and injection attacks from day one.

Can I use FloMCP for complex API integrations?

Absolutely. FloMCP handles REST APIs, GraphQL, databases, file systems, and webhooks — including authentication flows, rate limiting, and error recovery.

How does FloMCP compare to building MCP manually?

Manual MCP development takes 10+ hours across boilerplate, schemas, error handling, testing, and documentation. FloMCP does it in under 2 minutes — with security checks built in.

What makes FloMCP different from just asking Claude or ChatGPT?

FloMCP is purpose-built for MCP: the generated code follows the MCP specification exactly, includes Zod schemas, passes 22 security checks, and comes with a working README and claude_desktop_config.json — not a generic snippet that still needs hours of debugging.

Privacy Policy

Name: FloMCP
Author: FloMCP

1. Who We Are

FloMCP ("we", "us", "our") operates the FloMCP.com website and MCP server generation service. We are the data controller responsible for the personal data you provide to us.

Contact: privacy@flomcp.com

2. What We Collect

Account information: Email address and password (hashed and salted by Supabase Auth — we never see your plaintext password).
Usage data: MCP servers you generate, security scores, credit balance, generation timestamps, and dashboard activity.
Generated server content: The source code and tool definitions of servers you generate, stored so you can access them from your dashboard.
Support communications: Messages you send via our support system.
Technical / security data: IP address, browser type, and request logs retained for security monitoring and abuse prevention.
Analytics: Anonymised page-view data via Vercel Analytics (no cookies, no cross-site tracking, no personal identifiers).

We do not collect payment card details directly. If and when paid plans are processed by a payment provider, that provider handles all card data under their own PCI-DSS compliant environment and privacy policy.

3. Legal Basis for Processing (GDPR)

If you are located in the EEA, UK, or another jurisdiction with similar data protection laws, we process your personal data on the following legal bases:

Contract (Art. 6(1)(b) GDPR): Processing your email, usage data, and generated content is necessary to provide the Service you signed up for.
Legal obligation (Art. 6(1)(c) GDPR): We may process data to comply with applicable laws (e.g. record-keeping, responding to lawful requests).
Legitimate interests (Art. 6(1)(f) GDPR): Processing IP addresses and logs for security monitoring, fraud prevention, and abuse detection — balanced against your interests and rights.

4. How We Use Your Data

To provide, operate, and improve the FloMCP service.
To send transactional emails (account confirmation, support replies, billing notifications).
To enforce our Terms of Service and Acceptable Use Policy.
To analyse usage patterns in aggregate (never individually identifiable).
To investigate abuse, fraud, or illegal activity.
To comply with legal obligations.

We do not use your data for advertising, sell it to third parties, or use it for any purpose unrelated to providing the Service.

5. Data Storage & Retention

Your data is stored in Supabase (PostgreSQL) hosted on AWS infrastructure. We apply industry-standard encryption at rest and in transit (TLS 1.2+).

Data type	Retention
Account data	Until account deletion + 30 days
Generated servers	Until you delete them or your account
Security / request logs	90 days, then purged
Support messages	3 years from last interaction
Anonymised analytics	Indefinitely (no personal data)

6. Data Sharing & Processors

We do not sell your personal data. We share the minimum necessary data with the following processors, each bound by data processing agreements:

Supabase — database and authentication provider (AWS us-east-1).
Anthropic (Claude API) — your generation prompts are sent to Claude to produce MCP server code. Anthropic processes this data under their API terms and privacy policy. Prompts are not retained by FloMCP beyond the generated output.
Resend — transactional email delivery.
Vercel — hosting and privacy-friendly analytics.
Payment processor — billing data is handled directly by our payment provider under their own privacy policy. FloMCP does not receive or store card details.

We may disclose personal data if required by law, court order, or to protect the rights and safety of FloMCP, our users, or the public.

7. International Data Transfers

FloMCP is operated from India and uses infrastructure based in the United States (Supabase on AWS). If you are located in the EEA or UK, your personal data is transferred to countries that may not have equivalent data protection laws.

We rely on the European Commission's Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum as the appropriate safeguard for these transfers where applicable. You may request a copy of the relevant safeguards by contacting us at privacy@flomcp.com.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you.
Rectification: Request correction of inaccurate or incomplete data.
Erasure: Request deletion of your account and personal data.
Portability: Receive your data in a structured, machine-readable format.
Restriction: Ask us to restrict processing of your data in certain circumstances.
Objection: Object to processing based on legitimate interests.
Complaint: If you are in the EEA or UK, you have the right to lodge a complaint with your local data protection authority (e.g. the ICO in the UK, or your national DPA in the EU).
CCPA (California residents): You have the right to know what personal data we collect, to delete it, and to opt out of its sale. We do not sell personal data.
India DPDP Act 2023: Indian residents have rights to access, correction, erasure, and grievance redressal under the Digital Personal Data Protection Act 2023.

To exercise any of these rights, contact us at privacy@flomcp.com. We will respond within 30 days (or as required by applicable law). We may ask you to verify your identity before processing your request.

9. Cookies

We use a single session cookie for authentication (set by Supabase Auth). This cookie is strictly necessary for the Service to function and cannot be opted out of while using your account.

We do not use tracking cookies, advertising cookies, or third-party cookies. Vercel Analytics uses no cookies.

10. Children

FloMCP is not directed at children. You must be at least 16 years old (or the applicable age of digital consent in your country) to create an account. We do not knowingly collect personal data from anyone under 16. If you believe we have inadvertently collected data from a child, please contact us immediately at privacy@flomcp.com and we will delete it promptly.

11. Security

We implement industry-standard technical and organisational measures to protect your personal data, including TLS encryption in transit, encryption at rest, access controls, and regular security reviews. However, no internet transmission is completely secure and we cannot guarantee absolute security.

If you discover a security vulnerability, please disclose it responsibly to security@flomcp.com.

12. Changes to This Policy

We may update this policy from time to time. When we make material changes, we will update the "Last updated" date at the top and notify registered users by email at least 14 days before changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

13. Contact & Complaints

For any privacy questions, data subject requests, or complaints:

Email: privacy@flomcp.com
General support: support@flomcp.com

If you are dissatisfied with our response, you may escalate to your national data protection authority.

Also see our Terms of Service, Acceptable Use Policy, and Refund Policy.