Noibu's AI Plugin brings your store data into your LLM, so you can ask questions and take action in one place. Check it out →

Noibu MCP Terms of Service

Effective date: June 12th, 2026

These Noibu MCP Terms of Service (the “MCP Terms”) govern Customer’s use of Noibu MCP features made available by Noibu Technologies Inc. (“Noibu”). These MCP Terms are incorporated into and form part of the master agreement between Customer and Noibu under which Customer accesses Noibu’s services (the “Agreement”). Capitalized terms used but not defined herein have the meanings given in the Agreement.

Key Principles

Noibu MCP enables Customer’s connected AI Model to access read-only Noibu Data and to perform limited workflow operations on Noibu issues and tickets within Customer’s Noibu account. Authorization is established via an OAuth 2.0 flow into Customer’s Noibu account, facilitated by an Auth Provider (currently Stytch) that performs the authorization handshake only and does not store tokens or data. Noibu Data is served by Noibu’s own systems directly to Customer’s AI Model session. Noibu Data is Customer Data and may include End User Personal Data captured in session recordings, heatmaps, and other behavioral telemetry. Noibu does not use Customer Data or Noibu Data to train AI models. Once Noibu Data is received by Customer’s AI Model, it is subject to the AI Provider’s own privacy, security, training, and retention practices, which Customer is responsible for reviewing.

1.  Definitions

Noibu MCP” means Noibu’s Model Context Protocol server and associated features that enable Customer’s connected AI Model to (i) access Noibu Data on a read-only basis, and (ii) perform limited workflow operations on issues and tickets within Customer’s Noibu account (as further described in Section 4).

Noibu Data” means data in Customer’s Noibu account, including but not limited to session recordings, error data, performance and analytics data, heatmaps, user behavior data, dashboards, issue and ticket data, account configurations, and any End User Personal Data captured therein. Noibu Data forms part of Customer Data under the Agreement.

AI Model” means any third-party AI language model or AI platform service procured and operated separately by Customer (“AI Provider”), including but not limited to Anthropic Claude, OpenAI GPT, Google Gemini, or any other AI platform Customer connects to Noibu MCP. The AI Model is not a Noibu product. Noibu MCP acts as a passive connector and skill layer that executes tool calls directed to it by the AI Model. Customer is solely responsible for reviewing and complying with the applicable AI Provider’s terms of service, privacy policy, and data processing terms prior to connecting that AI Provider to Noibu MCP.

Auth Provider” means the third-party authentication service Noibu uses to facilitate OAuth authorization between Customer’s AI Model and Customer’s Noibu account (currently Stytch). The Auth Provider handles the OAuth authorization flow only and does not store OAuth tokens or Noibu Data.

Write Action” means an action executed by Noibu MCP, in response to a tool call from Customer’s AI Model, that modifies the state of an issue or ticket within Customer’s Noibu account (for example, closing or reopening an issue, changing issue status, assigning or unassigning an owner, adding or modifying tags or labels, or adding comments or notes to an issue or ticket). Write Actions do not include modifications to Customer’s production systems, source code, websites, applications, or any data outside Customer’s Noibu account.

End User” has the meaning given in the Agreement and generally refers to individuals who interact with Customer’s websites or applications and whose activity may be captured in Noibu Data.

2.  Authorization Model
Connections between Customer’s AI Model and Customer’s Noibu account are established exclusively via OAuth 2.0 authorization. The following applies to all such connections:

  • Customer initiates the connection through Noibu MCP and is redirected to a Noibu-hosted OAuth authorization screen, which is facilitated by the Auth Provider.
  • Customer grants the connection by authenticating into Customer’s Noibu account through the authorization screen. The scope of access is limited to the Noibu Data and Write Actions described in these MCP Terms.
  • OAuth Tokens issued through this flow are not persistently stored by the Auth Provider, and Noibu does not receive, see, or store Customer’s Noibu account login credentials.
  • OAuth Tokens are used solely to authenticate tool calls from Customer’s AI Model to Noibu MCP and authorize access to Noibu Data within Customer’s account.
  • Customer may revoke the authorization at any time through Customer’s Noibu account settings or by disconnecting the AI Model integration. Revocation immediately terminates Noibu MCP’s ability to respond to tool calls from that AI Model.

Because authorization is granted directly by Customer through a Noibu-hosted OAuth flow, the scope of access available to Noibu MCP is controlled by Customer and may be revoked at any time.

3.  Noibu Data Access

3.1  Read Access to Noibu Data.  Noibu MCP enables Customer’s connected AI Model to retrieve Noibu Data on a read-only basis. Noibu Data is served by Noibu’s own systems directly to Customer’s AI Model session in response to AI Model tool calls. Categories of Noibu Data that may be accessible include session recordings and replay data, error data, performance and diagnostic metrics, heatmaps and user behavior data, analytics and dashboards, issue and ticket data, and account configurations and settings.

3.2  Customer Data Characterization.  Noibu Data is Customer Data under the Agreement. By enabling Noibu MCP and connecting an AI Model, Customer instructs Noibu to make Noibu Data available to Customer’s chosen AI Model on Customer’s behalf. Such transmission is at Customer’s direction and is not a disclosure of Customer Data by Noibu to a third party for purposes of the Agreement. Once Noibu Data is received by Customer’s AI Model, it is processed by the AI Provider subject to the AI Provider’s own terms of service, privacy policy, training, retention, and security practices, and Noibu has no control over and no liability for the AI Provider’s handling of that data.

3.3  End User Personal Data in Noibu Data.  Customer acknowledges that Noibu Data, including session recordings, heatmaps, and related behavioral telemetry, may contain Personal Data relating to Customer’s End Users (such as form inputs, click trails, navigation paths, or other behavioral signals), including information that may not have been masked under Customer’s session-capture configuration. When Customer enables Noibu MCP and routes Noibu Data to its AI Model, such End User Personal Data may be transmitted to and processed by the AI Provider. Customer is solely responsible for: (a) ensuring its session-capture and data-masking configurations are appropriate for transmitting Noibu Data to its AI Provider; (b) ensuring its own privacy notices, terms of service, and End User consents adequately disclose and authorize such onward processing by the AI Provider; (c) determining whether the AI Provider’s training, retention, and security practices are acceptable for the categories of data being transmitted; and (d) complying with all applicable data protection laws in connection with such transmission.

4. Write Actions

4.1  Scope of Write Actions.  In addition to read access to Noibu Data, Noibu MCP supports a limited set of Write Actions that allow Customer’s AI Model to perform workflow operations on issues and tickets within Customer’s Noibu account. Write Actions are limited to issue and ticket lifecycle and metadata changes; for example, closing, reopening, or changing the status of an issue or ticket; assigning or unassigning owners; adding or modifying tags, labels, or priorities; and adding comments or notes. Write Actions do not include, and Noibu MCP cannot perform, any modification to Customer’s production systems, source code, websites, applications, infrastructure, or any data or systems outside Customer’s Noibu account.

4.2  Initiation of Write Actions.  Write Actions may be initiated in two ways: (a) Customer-Directed Actions, where Customer or Customer’s authorized users provide instructions directly to the AI Model, which then directs Noibu MCP to execute Write Actions on Customer’s Noibu account; and (b) Skill-Directed Actions, where Customer activates a Noibu-provided skill, or a skill that Customer has subsequently modified or configured, which provides instructions to the AI Model on Customer’s behalf. Where Customer has modified, customized, or extended a Noibu Skill after initial setup, Noibu is not responsible for the instructions contained in the modified skill, and full accountability for the actions taken by the AI Model in response to that modified skill rests with Customer. In all cases, Noibu MCP acts as a passive executor of tool calls it receives from the AI Model. Noibu does not control, predict, or guarantee the specific actions the AI Model will take in response to any instruction, whether Customer-provided, Noibu-provided, or Customer-modified.

4.3  Customer Responsibility for AI Model Behavior.  Customer is solely responsible for supervising the AI Model’s use of Noibu MCP, including reviewing Write Actions before confirming them where the AI Provider’s interface supports confirmation, and ensuring that Write Actions executed by the AI Model are appropriate for Customer’s workflows. Because Noibu MCP acts only on tool calls it receives from the AI Model, and the AI Model acts on Customer’s instructions or on Customer-activated skills, the chain of authorization runs from Customer through the AI Model to Noibu MCP.

4.4  Reversibility.  Write Actions performed on issues and tickets are generally reversible through Customer’s Noibu account (for example, a closed issue can be reopened). However, certain operations may have downstream effects (such as triggering notifications to assignees or updating reporting metrics) that are not automatically reversible. Customer is responsible for any consequences arising from Write Actions executed at Customer’s instruction or through Customer-activated skills.

4.5  No Liability for AI-Initiated Actions.  All Write Actions executed through Noibu MCP are initiated by Customer’s use of the AI Model and are deemed authorized by Customer. Noibu does not independently initiate Write Actions and shall have no liability for Write Actions executed in response to AI Model tool calls authorized by Customer.

5.  Noibu MCP Availability and Changes

5.1  Third-Party Dependency.  Noibu MCP functionality depends on Customer’s AI Provider, the Auth Provider, and the underlying MCP protocol, each of which is outside Noibu’s control. Noibu does not warrant that Noibu MCP will remain available, uninterrupted, or functional. The Auth Provider, the AI Provider, or the MCP protocol itself may experience outages, modifications, or changes that interrupt Noibu MCP functionality.

5.2  Changes to Noibu MCP.  Noibu may modify the scope of Noibu Data accessible via Noibu MCP, the set of Write Actions supported, or the underlying technical implementation, with reasonable notice to Customer. Noibu may change the Auth Provider, or use additional sub-processors for the OAuth authorization function, with reasonable notice to Customer.

5.3  Customer Credentials.  Customer is solely responsible for managing access to its Noibu account and for any consequences resulting from unauthorized access to the AI Model session connected to Customer’s Noibu account. 

6.  Data, Privacy, Security

6.1  No AI Training Use.  Noibu does not use Customer Data, Noibu Data, or any data transmitted through Noibu MCP to train Noibu’s or any third party’s AI models.

6.2  Data Processing Addendum.  To the extent Noibu processes personal data contained in Noibu Data in its capacity as a data processor on behalf of Customer, such processing is governed by the Data Processing Addendum (“DPA”) attached to or incorporated into the Agreement. The Auth Provider acts as a sub-processor with respect to OAuth authorization into Customer’s Noibu account, and Customer’s acceptance of these MCP Terms constitutes Customer’s authorization of the Auth Provider as a sub-processor for that purpose.

6.3  Security.  Noibu maintains appropriate technical and organizational measures to protect the components of Noibu MCP that Noibu operates, consistent with the security standards set out in the Agreement. Customer acknowledges that OAuth authorization is facilitated by the Auth Provider, and that the security of the authorization handshake is governed by the Auth Provider’s own security practices and the terms agreed between Noibu and the Auth Provider. Noibu performs reasonable due diligence on the security posture of its Auth Provider but does not warrant the security practices of any third party. Once Noibu Data is delivered to Customer’s AI Model, the security and handling of that data is subject to the AI Provider’s own security and data-handling practices, which Customer is responsible for reviewing.

7. Termination of Noibu MCP Access

Customer may disable Noibu MCP access at any time by revoking the OAuth authorization through Customer’s Noibu account settings or by disabling the Noibu MCP integration in Customer’s AI Provider. Noibu may suspend or terminate Customer’s access to Noibu MCP for material breach of these MCP Terms, the Agreement, or applicable law. Termination of Noibu MCP access does not affect Customer’s underlying Noibu account or rights to Noibu Data, which continue to be governed by the Agreement.

8. General

8.1  Conflict with Agreement.  In the event of a conflict between these MCP Terms and the Agreement with respect to Noibu MCP features, these MCP Terms shall govern solely with respect to such features.

8.2  Changes to These MCP Terms.  Noibu may update these MCP Terms from time to time to reflect changes in product functionality, sub-processors, applicable law, or industry practice. Noibu will provide reasonable notice of material changes by email or in-product notification. Customer’s continued use of Noibu MCP features following such notice constitutes acceptance of the updated MCP Terms.

8.3  Contact.  Questions about these MCP Terms may be directed to privacy@noibu.com or to Noibu’s Privacy Officer at the address set out in the Noibu Privacy Policy.

9.  Governing Law

These MCP Terms are governed by the same governing law and jurisdiction provisions as the Software Services Agreement ("MSA")