Twinkle HubTwinkle Hub
Sign in

Milestone: thank you — Twinkle Hub reached 3,000 registered users in its first month.

To integrate with Anthropic Official Connectors and align our auth flow with the directory's requirements, new sign-ups are paused as of today. Existing users may also see brief API key disruptions during the cutover.

We'll announce the restoration on Changelog. Agent Skills and the docs remain available. Questions: support@twinkleai.tw.

📌 2026-06-08 added: Drug-leaflet search 10-100x faster — millisecond-level responses (1 datasets)

View full changelog →

Legal

Privacy Policy

We collect the minimum needed to run the service, bill correctly, and prevent abuse. Below: what we collect, why, and who sees it.

Last updated: 2026-05-31
Alpha-stage terms. Material changes will be emailed and the 'Last updated' date will be revised here.

What we collect

When you sign up or use the service we collect:

  • Profile from OAuth provider: email, display name, avatar URL (Google / GitHub).
  • API usage logs: per-MCP-request timestamp, tool name, cost, response size. Stored in our self-hosted API gateway.
  • Technical metadata: IP (short-term log, rotated within 30 days), user-agent.
  • OAuth access tokens (since 2026-05): when you connect via Claude or another third-party AI assistant, we issue an access token to that client, stored in our oauth_storage table. Tokens expire in 1 hour; you can revoke any time at /account. The token itself contains no conversation content — it's only a proof of identity.

What we use it for

  • Running the service (auth, key issuance, billing, support)
  • Abuse prevention (rate limiting, anomaly detection)
  • Product improvement (aggregate stats, never re-identifying individuals)

Who we share with

As little as possible. Necessary parties:

  • Twinkle Hub MCP gateway (self-hosted on GCP): hosts your API key + spend tracking. Data stays within our GCP project.
  • Google Cloud Platform: infrastructure (Cloud Run, Cloud SQL, Secret Manager) in asia-east1 (Changhua, Taiwan).
  • Downstream data sources: your query content is forwarded to the relevant source (e.g. data.gov.tw). Their license terms apply independently.
  • When using via an AI assistant (Claude, Cursor, etc.): your conversation with the AI is handled by that vendor (their privacy policy applies). We only see the MCP tool calls coming from the AI (including query parameters), never the full conversation.
  • Anthropic (if you connect via the listed Claude Connector): Anthropic collects "functional metadata" (tool call counts, error rates, latency) for service improvement. See Software Directory Terms.
  • Legal compulsion: formal court / government request with statutory basis.

Cookies

  • __Secure-authjs.session-token: login session (HttpOnly, Secure, SameSite=Lax). Cleared on logout.
  • NEXT_LOCALE: language preference (zh-TW / en). 1-year expiry.
  • OAuth callback state: short-lived during sign-in flow, 5-minute expiry.

We do not use analytics or advertising cookies.

Your rights

  • Read: view your data at /account.
  • Modify: display name comes from your OAuth provider — change it on Google / GitHub.
  • Delete: email us; processed within 72 hours (account data + API key wiped).
  • Export: email us for a JSON dump (spend_logs + account profile).
  • Revoke third-party AI client OAuth connections: go to /account → Connected AI Clients to see clients you've authorised; revoke with one click. Token invalidates immediately.

Retention

  • Account data (users, user_notification_prefs): until you delete. Soft-delete then hard-delete after 72 hours.
  • API usage logs (spend_logs): kept indefinitely for (a) billing reconciliation (b) abuse prevention (c) customer history. Aggregated stats kept beyond 12 months; per-request detail (tool args, response size) may be anonymised as needed.
  • OAuth oauth_storage: access tokens swept 1 hour after expiry. Authorization codes 10 minutes. Registered clients until you revoke.
  • Honeypot mcp_auth_rejections (auth attempt log): 90-day rolling window.
  • IP log (Cloud Run access log): rotated every 30 days.
  • Audit log (admin_actions): kept indefinitely for compliance / internal review.

Cross-border transfers

The service is hosted on GCP asia-east1 (Changhua, Taiwan). OAuth authentication reaches Google / GitHub's global nodes; when you connect via the Claude Connector, data passes through Anthropic's US nodes (Anthropic is a US company). If you prefer to avoid cross-border transfer, use our .mcpb Desktop Extension instead (runs on your machine, doesn't go through Anthropic).