These MCP Service Data Processing Terms ("Data Processing Terms") describe how WPF Holdings LLC, doing business as Stayker ("Stayker," "we," "us," or "our"), collects, processes, stores, and protects data in connection with the Stayker MCP (Model Context Protocol) service ("MCP Service"). The MCP Service enables AI platforms and developer-built AI agents to search hotel inventory, retrieve rates, and initiate hotel bookings through Stayker's platform.
These Data Processing Terms supplement Stayker's general Privacy Policy and SaaS Terms of Service. In the event of a conflict between these Data Processing Terms and the general Privacy Policy or SaaS Terms of Service with respect to data processed through the MCP Service, these Data Processing Terms shall control.
By integrating with or using the Stayker MCP Service, you ("Developer" or "you") agree to these Data Processing Terms on behalf of yourself and your end users.
"MCP Service" means the Stayker MCP server and associated APIs that enable AI platforms and agents to access Stayker's hotel search, rate retrieval, and booking initiation capabilities via the Model Context Protocol.
"Developer" means any individual or entity that integrates the Stayker MCP Service into an AI agent, application, or platform.
"End User" means any individual who interacts with a Developer's AI agent or application that uses the Stayker MCP Service.
"Search Data" means information submitted through MCP tool calls for the purpose of searching hotel inventory, including destination, check-in and check-out dates, number of guests, and geographic coordinates.
"Booking Data" means information associated with a hotel booking initiated through the MCP Service, including guest name, contact information, and reservation details. Booking Data does not include payment card information (see Section 5).
"Personal Data" means any information that identifies or can be used to identify a natural person, including name, email address, and phone number.
"Travel Provider" means the third-party hotel, lodging provider, or booking fulfillment partner that provides the actual accommodation service.
When an AI agent calls the Stayker MCP search or rate tools, the following data may be transmitted to Stayker:
Search Data is transient. It is used solely to query hotel inventory in real time and is not stored beyond the duration of the API request, except in aggregated, anonymized form for service performance monitoring.
When an AI agent initiates a booking through the MCP Service, the following data may be transmitted:
Booking Data is stored by Stayker for the purpose of creating and managing the hotel reservation, communicating booking confirmations, and providing customer support. Booking Data may be shared with the applicable Travel Provider solely to fulfill the reservation.
Developers who register for the MCP Service provide account information including name, email address, organization name, and API credentials. This data is used to authenticate API requests, manage the Developer's account, and communicate service updates.
Stayker automatically collects technical data associated with MCP Service requests, including API call timestamps, tool names invoked, response times, error codes, and IP addresses. This data is used for service monitoring, rate limiting, debugging, and security purposes.
Stayker processes data collected through the MCP Service for the following purposes only:
Stayker does not: (a) sell, rent, or lease any Personal Data; (b) use Personal Data for advertising, profiling, or marketing; (c) train machine learning models on Personal Data or End User queries; or (d) retain Search Data beyond the API request except in anonymized, aggregated form.
The MCP Service does not store payment card information. When a hotel reservation requires a payment guarantee or deposit, guest credit card information is transmitted via encrypted connection to our travel distribution partner solely to fulfill the reservation requirement. Stayker does not store, log, or retain payment card data at any point in this process. Card data is transmitted in transit only and is not written to any Stayker database or log file. Stayker is not the Merchant of Record — the hotel retains guest payment details and any charges are made directly by the hotel at check-in or check-out.
Stayker shares data only in these limited circumstances:
Stayker does not share data with advertising networks, data brokers, or any other third parties for their own commercial purposes.
| Data Type | Retention Period |
|---|---|
| Search Data | Not retained beyond the API request. Anonymized metrics retained indefinitely. |
| Booking Data | Retained for the duration of the reservation plus 12 months after checkout. |
| Developer Account Data | Retained for the duration of the account plus 90 days after closure. |
| Technical and Usage Data | API logs retained for 90 days. Aggregated metrics retained indefinitely. |
Stayker implements industry-standard security measures to protect data processed through the MCP Service, including:
Stayker is based in the United States. Data processed through the MCP Service is stored and processed in the United States. For Developers or End Users located in the European Economic Area (EEA) or the United Kingdom, Stayker relies on Standard Contractual Clauses or other approved transfer mechanisms to ensure adequate protection of personal data transferred internationally.
End Users whose Personal Data is processed through the MCP Service may exercise the following rights, subject to applicable law:
Requests may be directed to service@stayker.com. Stayker will respond to verified requests within 30 days.
Developers integrating the Stayker MCP Service agree to:
Stayker receives only data explicitly passed through MCP tool calls. Stayker does not receive or access broader conversations between End Users and AI agents, conversation history, prompts, or any AI platform internal data. The scope of data received by Stayker is limited strictly to the parameters included in each MCP tool invocation.
Stayker uses the following categories of subprocessors in connection with the MCP Service:
A list of specific subprocessors is available upon request by contacting service@stayker.com.
In the event of a data breach affecting Personal Data processed through the MCP Service, Stayker will notify affected Developers within 72 hours of becoming aware of the breach. Notification will include a description of the nature of the breach, the categories and approximate number of data subjects affected, the likely consequences, and the measures taken or proposed to address the breach.
Stayker may update these Data Processing Terms from time to time. Updates will be posted at stayker.com/legal/mcp-policy. Material changes will be communicated to registered Developers via the email address on file. Continued use of the MCP Service after the effective date of any changes constitutes acceptance of the updated terms.
WPF Holdings LLC, d/b/a Stayker
Email: service@stayker.com
Phone: 704-686-8006
Mailing Address:
WPF Holdings, LLC
30 N Gould St STE N
Sheridan, Wyoming 82801
© 2019–2026 WPF Holdings LLC, d/b/a Stayker. All Rights Reserved.