Trust architecture

Security

How Helvetic Research MCP protects identity, AI connections, and private research.

Provider-backed identity

Customers sign in with Google. Helvetic Research MCP does not collect or store customer passwords.

OAuth-protected MCP

Remote AI clients use OAuth discovery, PKCE, short-lived access tokens, and rotating refresh tokens. Tokens and authorization codes are stored only as hashes.

Revocable connections

Authorized AI clients appear in the account workspace and can be revoked immediately, invalidating their active access and refresh tokens.

Production boundary

The public-preview deployment uses managed identity, OAuth controls, persistent database storage, and health checks. Institutional rollouts should add dedicated monitoring, backups, worker isolation, and an agreed SLA.