OPDSTAR NHI MCP — Privacy Policy

Effective: 2026-05-13 · Applies to the /api/mcp remote MCP endpoint and the @opdstar/nhi-mcp npm package.

The OPDSTAR Taiwan NHI MCP server is a public, read-only reference data service. It exposes curated Taiwan National Health Insurance data — rejection codes, audit clauses, drug payment rules, fee schedule, special materials, and appeal-case precedents — to AI agents via the Model Context Protocol. It does not require, collect, or store any user accounts, patient data, or personal information.

1. What we do not collect

The MCP endpoint operates without authentication. We do not require — and the protocol does not transmit — any of the following:

• User identity, account, email, or login credentials
• Patient names, medical records, clinical notes, SOAP text, or any other patient-identifiable data
• Provider identity, facility identity, clinic identity, or NHI provider codes belonging to a real clinic
• Payment information, billing identity, or financial data
• Cookies, tracking pixels, or persistent client-side identifiers

MCP tool calls accept only reference-data lookup parameters (e.g. an NHI rejection code like 0110A, a procedure code like 51017C, or a free-text keyword for the audit-guideline corpus). Callers should not include patient-identifiable data in these parameters, and the server has no facility to interpret or persist such data even if accidentally submitted.

2. What we log

The endpoint runs on Vercel and Supabase, which generate operational logs strictly for the purpose of running the service:

• Edge access logs (Vercel): timestamp, HTTP status, response size, request URL path, client IP, user-agent. Retained per Vercel's standard retention.
• Database query logs (Supabase): execution time and row counts for diagnostic purposes. No request body or response body is logged.
• Error traces: error messages and stack traces for failed requests, for debugging.

These logs are used only to operate, secure, and debug the service. They are not sold, shared, or used for advertising or profiling.

3. Use of the data we return

The data returned by the MCP server is sourced from publicly available Taiwan NHI announcements (健保署 audit guidelines, drug payment rules, fee schedule, rejection-code dictionaries) and appeal-case statistics (judicial open data). It contains no personal data and no patient-identifiable information. Callers may use, store, and incorporate the returned data into downstream applications subject to the terms in the MCP Terms of Service.

4. AI agent integrations

When a third-party AI agent (Claude Desktop, Cursor, Claude.ai, etc.) connects to this MCP server, the agent transmits MCP protocol frames over HTTPS. We have no access to the broader conversation that takes place inside the agent — only the individual JSON-RPC tool-call arguments needed to resolve each request reach us. End-user conversation history, chat transcripts, and agent-side reasoning never reach OPDSTAR servers.

5. Third-party processors

• Vercel — edge function hosting, DNS, CDN.
• Supabase — Postgres database for reference data storage.

Both subprocessors are bound by their own published privacy policies and DPAs.

6. Security

The MCP endpoint is served over HTTPS with TLS 1.2+. The Supabase database is accessed via a service-role key held only by Vercel edge functions; the key is not exposed to clients. All MCP endpoints are read-only — there is no write surface that callers can reach.

7. Changes

If we change this policy in a way that affects callers or processed data, we will update the Effective date above and announce the change at github.com/tatsuju/opdstar-nhi-mcp.

8. Contact

Privacy questions: support@opdstar.com.