API keys
Keys are shown once, stored securely, limited to catalog access and can be revoked by their owner.
Security
Design MCP is read-only, connections are encrypted and every API key can be revoked from your dashboard.
Keys are shown once, stored securely, limited to catalog access and can be revoked by their owner.
The MCP endpoint uses HTTPS. Requests require a valid API key and are rate-limited to reduce misuse.
The tools return design information. They cannot browse your files, run your code or change your workspace.
We keep the account, API-key and security records needed to operate the service. Do not include credentials or confidential material in tool inputs.
Security reporting
Please do not test against other accounts or publish sensitive details. Email the issue, its impact and the steps needed to reproduce it to [email protected].