Security & Data Storage
Your CRM data security is our top priority. Here’s how Daeda MCP protects your information.
Data Storage Location
Section titled “Data Storage Location”Your CRM data is stored locally at:
| Platform | Path |
|---|---|
| macOS/Linux | ~/.daeda-mcp/data/ |
| Windows | %APPDATA%\daeda-mcp\data\ |
Security Features
Section titled “Security Features”- All data stays on your machine - Nothing is sent to Daeda servers
- Database is encrypted at rest - Uses your HubSpot token as the encryption key
- Only SELECT queries are allowed - AI can read but never modify your CRM
- Dangerous SQL keywords are blocked - INSERT, UPDATE, DELETE, DROP, etc.
- Your HubSpot token is never stored - Only used for encryption and API calls
Token Handling
Section titled “Token Handling”If you change your HubSpot token, the database will be re-initialized automatically since it’s encrypted with the previous token.
Read-Only Access
Section titled “Read-Only Access”The get_raw_sql tool enforces strict read-only access:
- Queries must start with
SELECTorWITH - Multiple statements (semicolons) are rejected
- A blocklist prevents dangerous keywords
- Results are limited to 1,000 rows
- Query timeout is 30 seconds
Permissions Required
Section titled “Permissions Required”Daeda only requests the minimum HubSpot scopes needed:
| Scope | Purpose |
|---|---|
crm.export | Bulk export of CRM data |
crm.objects.contacts.read | Read contact records |
crm.objects.companies.read | Read company records |
crm.objects.deals.read | Read deal records |
No write permissions are ever requested.