privacy

Privacy Policy

Last updated: May 26, 2026

This policy covers two surfaces: the public website at lakesideai.dev, and the MCP (Model Context Protocol) services at mcp.lakesideai.dev. The first section describes the website. The second section describes the MCP services.

Data controller

The data controller for this website is:

The full operator postal address is in the Legal Notice. The controller's representative in Switzerland and the European Economic Area (Art. 27 GDPR) is Alexander Braafladt, reachable at the same email.

What we collect on this website

This website is a static landing page. We do not collect personal data through forms, accounts, analytics, advertising, or tracking cookies.

The only data processing that occurs from your visit is:

• Server access logs. Our hosting provider records technical information about each request, including IP address, timestamp, user agent string, and the URL requested. These logs exist for security, abuse prevention, and operational diagnostics.
• Network transit. Traffic to this site passes through Cloudflare, which provides DNS, CDN, and TLS termination services.

If you contact us by email at any address on the lakesideai.dev domain, we will receive and retain the contents of your message in order to respond to you.

Legal basis (GDPR Art. 6)

• Server logs and infrastructure: legitimate interest in operating and securing the site (Art. 6(1)(f)).
• Email correspondence: pre-contractual measures or legitimate interest in responding to inquiries (Art. 6(1)(b) or (f)).

Retention

• Server access logs: retained by our hosting provider per their default policy, typically not exceeding 30 days.
• Email correspondence: retained as long as necessary to handle the inquiry and any reasonable follow-up, then archived or deleted.

Recipients and processors

We use the following service providers, who process technical data on our behalf:

• Hetzner Online GmbH (Germany) - hosting infrastructure
• Cloudflare, Inc. (United States) - DNS, CDN, email routing
• Google, LLC - receipt of email sent to addresses on this domain

Cloudflare and Google are US-based providers; international transfers are covered by their EU/Swiss Standard Contractual Clauses and Data Processing Addendum.

Your rights

Under the Swiss Federal Act on Data Protection (FADP) and, where applicable, the EU General Data Protection Regulation (GDPR), you have the right to:

• Request access to your personal data
• Request correction or deletion
• Object to processing based on legitimate interest
• Lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or your local supervisory authority in the EU/EEA

To exercise these rights, contact privacy@lakesideai.dev.

Cookies

This website does not set cookies.

Changes

This policy may be updated. The "last updated" date at the top reflects the most recent change.

---

MCP Services (mcp.lakesideai.dev)

This section covers the MCP (Model Context Protocol) services hosted at mcp.lakesideai.dev, including the OpenAeroStruct, OpenConcept, and related analysis tool servers. This environment is a research and development preview and is not a production service.

Data controller

The data controller for the MCP services is Lakeside AI Engineering, LLC (Delaware, United States), reachable at privacy@lakesideai.dev. The controller's representative in Switzerland and the European Economic Area (Art. 27 GDPR) is Alexander Braafladt, reachable at the same email. The full operator postal address is in the Legal Notice.

Account data (authentication)

Authentication is provided by a self-hosted Keycloak instance. When you create an account or authenticate via OAuth, the following data is stored:

• Email address
• Username and display name (as provided)
• OAuth provider identifiers (where applicable)
• Account creation timestamp
• Login timestamps and source IP addresses
• Session and token metadata

This data is used to authenticate you, authorize tool access, and protect the service against abuse. It is retained for the lifetime of your account; on account deletion, it is removed within 30 days, subject to log retention below. A choice of using Google for OAuth is also available but optional.

Tool inputs and outputs (provenance logging and development)

When you call MCP tools on this environment, the inputs you submit and the outputs returned are recorded in a provenance database (range-safety) and may be used by the operator for the purpose of:

• Reproducibility and audit of analysis runs
• Cross-tool result linking
• Diagnostics and debugging
• Service development and improvement, including refinement of tools and methods

What is logged and used: all parameters passed to MCP tools, all results returned, decision logs, and the workflow graph linking these.

Retention: provenance records are retained for a maximum of six months, after which they are deleted or anonymized.

Access: provenance data is accessible only to the operator and is not shared with third parties in identifiable form. See Section 8 of the Terms of Service for the full scope of permitted use.

Important: Because submitted inputs may be used for service development, do not submit confidential or proprietary data unless you have arranged a separate confidentiality agreement. Contact privacy@lakesideai.dev to discuss.

Sub-processors

At present, MCP tool execution is performed entirely on infrastructure under the operator's control. No external AI APIs are called as part of tool execution. Tool computations run on self-hosted physics solvers (OpenAeroStruct, OpenConcept, and related).

If this changes, for example, if agentic features begin calling external LLM APIs with user-submitted data, this notice will be updated and affected users will be notified before the change takes effect.

Infrastructure providers in use:

• Hetzner Online GmbH (Germany) - server hosting
• Cloudflare, Inc. (United States) - DNS, TLS, reverse proxy

Confidentiality posture

This environment is intended for research, development, and demonstration use. It is not approved for production engineering work, sensitive commercial data, or export-controlled material.

In particular: do not submit data subject to ITAR (International Traffic in Arms Regulations), EAR (Export Administration Regulations) controls, or equivalent national export controls. This environment has not been assessed for compliance with such regimes.

If you are evaluating these tools for confidential or commercial work, contact the operator directly to discuss appropriate handling before submitting any sensitive inputs.

Legal basis (GDPR Art. 6)

• Account data: contract performance (Art. 6(1)(b)), providing the service you have requested access to.
• Provenance logging: legitimate interest (Art. 6(1)(f)) in operating a reproducible, auditable analysis service.
• Security and abuse logs: legitimate interest (Art. 6(1)(f)).

Your rights

You have the same rights as described in the main lakesideai.dev privacy policy above: access, rectification, erasure, objection, and the right to lodge a complaint with the Swiss FDPIC or your EU supervisory authority.

For provenance records associated with your account, you may request deletion at any time via privacy@lakesideai.dev. Note that some records may be retained in derived form (anonymized aggregates, for example) for service improvement.

Changes

This notice will be updated as the service evolves. Material changes will be communicated to active account holders via the email associated with their account.