Privacy

What flows through the relay

When you ask your agent to call a Design Mode tool — for example, get_changes or get_screenshot — the request travels agent → relay → your browser, and the response travels back the same way. That means CSS edits, page selectors, and on-demand screenshots transit our servers in flight.

What we keep

• Tokens (hashed). Your device token is stored in Vercel KV as an SHA-256 hash. We never see the plaintext after registration.
• Connection metadata. Tenant id, message type, byte counts, and latency. No selectors, no payload bodies, no screenshots.

What we don't keep

• Payload bodies. Messages flow through Upstash Redis Streams capped at 100 entries and ~60 seconds. After the agent reads its response, the payload is gone.
• Application logs. Stripped to metadata only at the source. Code review enforces the rule any time a new route is added.
• Training data. We don't train models on your edits or screenshots. The relay is operations-only.

Revocation and recovery

Click Revoke token in the side panel and the token row is deleted immediately. The active SSE stream for that token drops on the next heartbeat (within 25 seconds). Lost the token? Generate a new one — there's no recovery flow because there's no account.

Self-hosted alternative

The whole relay is open source. Deploy your own copy of @design-mode/mcp-cloud on Vercel, point the extension at your URL, and the relay never touches our infrastructure.

Contact

Questions about this stance, or noticed something that contradicts it? Email hello@sandeepbaskaran.com.