Noibu MCP Terms of Service

Last Updated: May 12th, 2026

These Noibu MCP Terms of Service (“MCP Terms”) govern Customer’s use of Noibu’s AI-powered diagnostic and optimization features that connect to third-party platform accounts (“Noibu MCP”). These MCP Terms supplement and are incorporated into the Master Services Agreement between Noibu and Customer (“Agreement”). Capitalized terms not defined here have the meanings given in the Agreement.

‍Key Principles

Noibu MCP enables Customer’s connected AI Model to access two categories of data: (a) Connected Platform Data from Customer’s third-party platform accounts, and (b) Noibu Account Data from Customer’s own Noibu account (read-only). Connections to third-party platforms are established by Customer via each Platform’s own OAuth flow, facilitated by a third-party Integration Provider (currently Composio), which stores OAuth tokens and Connected Platform Data on Customer’s behalf; Noibu never receives, sees, or stores those tokens or that data. Access to Customer’s Noibu account is established via OAuth facilitated by an Auth Provider (currently Stytch), which performs the authorization handshake only and does not store tokens or data; Noibu Account Data is served by Noibu’s own systems directly to Customer’s AI Model session. Noibu Account Data is Customer Data and may include End User Personal Data captured in session recordings. Noibu does not use Customer Data, Connected Platform Data, or Noibu Account Data to train AI models. Once any data is received by Customer’s AI Model, it is subject to the AI Provider’s own privacy, security, training, and retention practices, which Customer is responsible for reviewing.

‍1. Definitions

“Noibu MCP” means Noibu’s suite of AI-powered features that enable Customer’s connected AI Model (as defined below) to access (i) data from Customer’s third-party platform accounts (“Connected Platform Data”), and (ii) data from Customer’s Noibu account, including sessions, error data, heatmaps, analytics, and account configurations (“Noibu Account Data”), in each case for the purpose of providing diagnostics, optimization recommendations, and analytics within Customer’s connected AI Model session.

“Platform” means any third-party service to which Customer connects via Noibu MCP, including those listed in Section 3.

“OAuth Token” means a platform-issued access credential obtained through a Platform’s OAuth 2.0 authorization flow and used by Noibu to access Platform data on Customer’s behalf.

“Connected Platform Data” means data retrieved from a connected Platform account pursuant to the scopes authorized by Customer via that Platform’s OAuth flow. References in these MCP Terms to “Platform Data” mean Connected Platform Data.

“Noibu Account Data” means data in Customer’s Noibu account, including but not limited to sessions, error data, performance and analytics data, heatmaps, account configurations, and any End User Personal Data captured therein. Noibu Account Data forms part of Customer Data under the Agreement.

“Auth Provider” means the third-party authentication service Noibu uses to facilitate OAuth authorization between Customer’s AI Model and Customer’s Noibu account (currently Stytch). The Auth Provider handles the OAuth authorization flow only and does not store OAuth tokens, Noibu Account Data, or Connected Platform Data.

“Integration Provider” means the third-party integration platform Noibu uses to facilitate OAuth authorization, token storage, and API connectivity between Noibu MCP and the connected Platforms (currently Composio). The Integration Provider stores OAuth Tokens and retrieves Platform Data on Customer’s behalf. Noibu MCP routes AI Model tool calls to the Integration Provider, which executes the calls against the connected Platforms and returns the responses to Customer’s AI Model session; Platform Data does not transit or reside on Noibu’s servers. During the OAuth authorization flow, Customer may be required to accept the Integration Provider’s own terms of service and privacy policy, which create a direct relationship between Customer and the Integration Provider with respect to the integration services. Noibu is not a party to that relationship and is not responsible for the Integration Provider’s terms.

“AI Model” means any third-party AI language model or AI platform service procured and operated separately by Customer (“AI Provider”), including but not limited to Anthropic Claude, OpenAI GPT, Google Gemini, or any other AI platform Customer connects to Noibu MCP. The AI Model is not a Noibu product. Noibu MCP acts as a passive connector and skill layer that executes tool calls directed to it by the AI Model. Customer is solely responsible for reviewing and complying with the applicable AI Provider’s terms of service, privacy policy, and data processing terms prior to connecting that AI Provider to Noibu MCP.

“Write Action” means any Noibu MCP operation that creates, modifies, or deletes data in a connected Platform account, as further described in Section 6. Write Actions may be available across all supported Platforms to the extent of the OAuth scopes authorized by Customer.

2. OAuth Authorization Model

All Platform connections through Noibu MCP are established exclusively via each Platform’s own OAuth 2.0 authorization flow, facilitated by the Integration Provider. The following applies to all connections:

Customer initiates each connection from within the AI platform and is redirected to the applicable Platform’s authorization screen.
Customer grants permissions through the Platform’s own consent interface, which discloses the specific scopes being authorized. Where the connection is facilitated by the Integration Provider, Customer may also be required to accept the Integration Provider’s terms of service and privacy policy during the OAuth flow.
OAuth Tokens issued by the Platform are received and stored by the Integration Provider on Customer’s behalf. Noibu does not receive, see, or store OAuth Tokens or Customer’s Platform login credentials.
OAuth Tokens are encrypted at rest and in transit by the Integration Provider and are used solely to retrieve Platform Data within authorized scopes.
Customer may revoke Noibu’s access to any connected Platform at any time by revoking the OAuth Token through that Platform’s account settings. Revocation will prevent further Platform Data retrieval but does not retroactively delete Platform Data already processed within a prior session.

Because authorization is granted directly by Customer through each Platform’s own consent flow, the scope of access available to Noibu MCP through the Integration Provider is controlled and limited by the Platform’s OAuth implementation and the permissions Customer selects at the time of authorization.

3. Supported Platforms and Data Scopes

Noibu MCP currently supports the following Platform integrations. Access is limited to the scopes listed. Noibu may add or remove supported Platforms with reasonable notice.

Platform	Data Accessed	Access Type & Restrictions
Google Ads	Active campaigns, conversion performance, budget and spend, ad group and keyword performance via GAQL, accessible accounts	Read and write via AI-instructed actions. Create/mutate campaigns, ad groups, and keywords. Write Actions subject to Section 6.
Klaviyo	Lists and subscribers, campaign detail and performance, profiles, events	Read and write via AI-instructed actions. Create lists, add/update profiles, create and update campaigns. Write Actions subject to Section 6.
Mailchimp	Campaign detail and stats, audience info and contacts, recent activity	Read and write via AI-instructed actions. Add and update contacts, update campaigns. Write Actions subject to Section 6.
Google Search Console	Top search queries, site detail	Read only. Add site scope available but requires explicit Customer confirmation prior to execution.
Facebook / Instagram	Page posts, post detail and comments, page conversations, media detail and comments, post engagement	Read and write via AI-instructed actions. Create posts, comments, and media containers. No write to direct messages or conversations. Write Actions subject to Section 6.
Gorgias	Support team overview	Read only.

3.1 Integration Provider. Connections to the Platforms listed above are facilitated through the Integration Provider (currently Composio), which provides the OAuth authorization, token storage, and API connectivity infrastructure between Noibu MCP and each Platform. Noibu MCP routes AI Model tool calls to the Integration Provider, which executes the calls against the connected Platforms and returns the responses to Customer’s AI Model session. Customer acknowledges and agrees that: (a) during the OAuth authorization flow, Customer may be required to accept the Integration Provider’s own terms of service and privacy policy, which create a direct relationship between Customer and the Integration Provider with respect to the integration services; (b) Noibu is not a party to that relationship; (c) Noibu is not responsible for the Integration Provider’s terms, performance, availability, security practices, or data handling beyond what is set out in Noibu’s own agreements with the Integration Provider; and (d) Noibu may change the Integration Provider, or use multiple Integration Providers, with reasonable notice to Customer.

3.2 Noibu Account Data Access via MCP. Noibu MCP also enables Customer’s connected AI Model to access Noibu Account Data on a read-only basis. Access is established via an OAuth 2.0 authorization flow into Customer’s Noibu account, facilitated by an Auth Provider (currently Stytch). The Auth Provider handles the authorization handshake only; OAuth tokens are not persistently stored by the Auth Provider, and Noibu Account Data is served by Noibu’s own systems directly to Customer’s AI Model session in response to AI Model tool calls. Noibu MCP does not currently support write operations against Customer’s Noibu account; Section 6 (Write Actions) applies only to Connected Platform Data.

Noibu Account Data is Customer Data under the Agreement. By enabling Noibu MCP and connecting an AI Model, Customer instructs Noibu to make Noibu Account Data available to Customer’s chosen AI Model on Customer’s behalf. Such transmission is at Customer’s direction and is not a disclosure of Customer Data by Noibu to a third party for purposes of the Agreement. Once Noibu Account Data is received by Customer’s AI Model, it is processed by the AI Provider subject to the AI Provider’s own terms of service, privacy policy, training, retention, and security practices, and Noibu has no control over and no liability for the AI Provider’s handling of that data.

3.3 End User Personal Data in Noibu Account Data. Customer acknowledges that Noibu Account Data, including session recordings and related behavioral data, may contain Personal Data relating to Customer’s End Users, including information that may not have been masked under Customer’s session-capture configuration. When Customer enables Noibu MCP and routes Noibu Account Data to its AI Model, such End User Personal Data may be transmitted to and processed by the AI Provider. Customer is solely responsible for: (a) ensuring its session-capture and data-masking configurations are appropriate for transmitting Noibu Account Data to its AI Provider; (b) ensuring its own privacy notices, terms of service, and End User consents adequately disclose and authorize such onward processing by the AI Provider; (c) determining whether the AI Provider’s training, retention, and security practices are acceptable for the categories of data being transmitted; and (d) complying with all applicable data protection laws in connection with such transmission.

4. AI Model and Data Processing

4.1 Noibu MCP as Connector. Noibu MCP is a connection and skill layer only. Noibu does not independently process, analyse, or transmit Platform Data to any AI model. All data processing, analysis, and generation of recommendations occurs within the AI Model service procured and operated by Customer. Noibu MCP provides the connection to Customer's third-party Platform accounts and makes available pre-built Noibu Skills that Customer's AI Model may use to perform tasks. Noibu is not a data processor with respect to AI model operations.

4.2 Customer Responsibility for AI Processing. Because data processing occurs within the AI Model service Customer has selected and connected to Noibu MCP, Customer is solely responsible for ensuring that the AI Provider's data practices, privacy policy, and terms of service are acceptable to Customer and compliant with applicable law. Noibu makes no representations regarding how any AI Model processes, stores, or retains data transmitted to it. Customer should review the applicable AI Provider's privacy policy and data processing terms prior to connecting their AI Model to Noibu MCP.

5. Customer Responsibilities

5.1 Platform Terms Compliance. By connecting a Platform account, Customer represents and warrants that Customer’s use of Noibu MCP in connection with that Platform complies with all applicable developer, advertiser, and data terms of that Platform, including but not limited to:

Noibu is not responsible for Customer’s compliance with Platform terms and is not liable for any consequences arising from Customer’s breach of those terms.

5.2 Authority to Connect. Customer warrants that it has the authority to grant Noibu OAuth access to each connected Platform account, including where the account is managed on behalf of an end-advertiser or third party. Where Customer connects accounts containing personal data of Customer’s own end users, Customer warrants that it has a lawful basis under applicable privacy law (including GDPR, PIPEDA, CCPA, and US applicable privacy laws) to share that data with Noibu for processing.

5.3 End-User Disclosure. Where applicable, Customer is responsible for ensuring that any disclosure or consent obligations owed to Customer’s own end users regarding AI processing of data derived from their interactions are satisfied prior to connecting a Platform account.

6. Write Actions

‍6.1 Scope of Write Actions. Write Actions may be initiated in two ways: (a) Customer-Directed Actions, where Customer or Customer’s authorized users provide instructions directly to the AI Model, which then directs Noibu MCP to execute Write Actions on connected Platform accounts; and (b) Skill-Directed Actions, where Customer activates a Noibu-provided skill or a skill that Customer has subsequently modified or configured, which provides instructions to the AI Model on Customer’s behalf. Where Customer has modified, customized, or extended a Noibu Skill after initial setup, Noibu is not responsible for the instructions contained in the modified skill, and full accountability for the actions taken by the AI Model in response to that modified skill rests with Customer. In all cases, Noibu MCP acts as a passive executor of tool calls it receives from the AI Model. Noibu does not control, predict, or guarantee the specific actions the AI Model will take in response to any instruction, whether Customer-provided, Noibu-provided, or Customer-modified.

6.2 Test Accounts. Noibu strongly recommends that Customer designate separate test or sandbox accounts for all Platforms where Write Actions are available.

6.3 Customer Responsibility. Customer is solely responsible for the accuracy, legality, and appropriateness of any Write Actions executed through Noibu MCP. Noibu is not liable for any consequences, including campaign errors, data loss, or policy violations with any Platform, arising from Write Actions authorized by Customer.

6.4 Risk of AI-Instructed Write Actions. Noibu MCP connects to and executes actions on connected Platform accounts at the direction of the AI Model, based on instructions provided by Customer, Customer's authorized users, or a Noibu-provided skill activated by Customer. Noibu MCP is a passive executor: it does not interpret Customer's intent and does not independently decide what actions to take. Write Actions may include creating, modifying, pausing, or deleting data across any connected Platform, including ad campaigns, product listings, email lists, subscriber profiles, social media posts, and contact records. Customer understands that AI models may interpret instructions in ways that produce unintended outcomes, and that some Write Actions executed through Noibu MCP may be irreversible.

‍6.5 Customer as Authorizing Party. All Write Actions executed through Noibu MCP are initiated by Customer’s use of the AI Model and are deemed authorized by Customer. Because Noibu MCP acts only on tool calls it receives from the AI Model, and the AI Model acts on Customer’s instructions, the chain of authorization runs from Customer through the AI Model to Noibu MCP. Noibu does not independently initiate Write Actions. Customer is solely responsible for supervising the AI Model’s use of Noibu MCP, reviewing actions before confirming them, and ensuring their use of the AI Model complies with the applicable AI Provider’s terms of service.

6.6 No Liability for AI-Instructed Actions. To the maximum extent permitted by applicable law, Noibu is not liable for any loss, damage, or disruption, including loss of data, revenue, ad spend, or business operations arising from Write Actions executed through Noibu MCP based on AI-generated instructions, whether or not such actions were intended by Customer.

6.7 Recommendation to Use Test Environments. Noibu strongly recommends that Customer designate separate test accounts or sandbox environments for any Noibu MCP operations involving Write Actions, and avoid connecting live production accounts to write-enabled features until Customer is fully familiar with Noibu MCP’s behaviour.

6.8 Noibu Skills. Noibu may make available pre-built skill templates ("Noibu Skills") that provide instructions to the AI Model to assist with specific tasks on Customer's connected Platform accounts. By activating a Noibu Skill, Customer authorizes the AI Model to receive and act on those instructions. Noibu Skills are designed to perform specific, defined tasks and are not intended to cause data loss or disruption. However, because the AI Model independently interprets and executes instructions, Noibu does not warrant that activating a Noibu Skill will produce only the anticipated outcome. Customer remains responsible for reviewing any actions taken and for supervising the use of Noibu Skills on production accounts.

‍7. Platform Availability and Changes

‍7.1 Third-Party Dependency. Noibu MCP functionality depends on third-party Platform APIs, OAuth authorization systems, and the Integration Provider’s infrastructure, all of which are outside Noibu’s control. Noibu does not warrant that any particular Platform integration or the Integration Provider will remain available, uninterrupted, or functional. Platforms or the Integration Provider may restrict, modify, suspend, or revoke API access or service at any time without notice to Noibu.

7.2 No Liability for Platform Changes. Noibu is not liable for any loss, interruption, or degradation of Noibu MCP functionality resulting from changes to Platform APIs, Platform policies, Platform-imposed restrictions on third-party access, or any outage, modification, suspension, or termination of services by the Integration Provider.

7.3 Customer Credentials. Customer is responsible for maintaining valid OAuth authorizations for each connected Platform account. If a Platform revokes or expires an OAuth Token, Noibu MCP features dependent on that connection will cease to function until Customer re-authorizes the connection.

‍8. Data, Privacy, and Security

‍8.1 Privacy Policy. The collection, use, and handling of Platform Data by Noibu is further described in Noibu’s Privacy Policy, available at Noibu Privacy Policy.

The Privacy Policy is incorporated into these MCP Terms by reference.

8.2 Data Processing Addendum. To the extent Noibu processes personal data originating from Platform accounts or contained in Noibu Account Data in its capacity as a data processor on behalf of Customer, such processing is governed by the Data Processing Addendum (“DPA”) attached to or incorporated into the Agreement. The Integration Provider acts as a sub-processor with respect to Connected Platform Data, and the Auth Provider acts as a sub-processor with respect to OAuth authorization into Customer’s Noibu account. Customer’s acceptance of these MCP Terms constitutes Customer’s authorization of each such sub-processor for those purposes.

8.3 Security. Noibu maintains appropriate technical and organizational measures to protect the components of Noibu MCP that Noibu operates, consistent with the security standards set out in the Agreement. Customer acknowledges that OAuth Tokens and Platform Data are stored and processed by the Integration Provider, and that the security of those materials is governed by the Integration Provider’s own security practices and the terms agreed between Noibu and the Integration Provider. Noibu performs reasonable due diligence on the security posture of its Integration Provider but does not warrant the security practices of any third party.

9. Updates to These MCP Terms

Noibu may update these MCP Terms at any time. For material changes, Noibu will provide at least fourteen (14) days’ notice by email to Customer’s account contact. Customer’s continued use of Noibu MCP following the effective date of updated MCP Terms constitutes acceptance of those terms. If Customer does not accept updated MCP Terms, Customer must disconnect all Platform connections and cease using Noibu MCP features.

‍10. Governing Law

These MCP Terms are governed by the same governing law and jurisdiction provisions as the Software Services Agreement(“MSA”). In the event of a conflict between these MCP Terms and the Software Services Agreement(“MSA”) with respect to Noibu MCP features, these MCP Terms shall govern.