Privacy Policy

4Degrees is the relationship intelligence and deal flow platform used by private-markets teams to source, drive, and close more deals. This page covers what happens to your data when your firm connects 4Degrees to an external AI client.

Scope #

This policy specifically covers the 4Degrees AI Connector — the Model Context Protocol (MCP) server hosted at https://mcp.4degrees.ai/mcp that lets AI assistants such as Anthropic’s Claude (claude.ai, Claude Desktop, Claude Code) and OpenAI’s ChatGPT (chatgpt.com) query your 4Degrees data on your behalf.

It supplements, but does not replace, our master 4Degrees Privacy Policy, which governs your firm’s overall use of the 4Degrees platform.

What the connector exposes #

Access to data your seat in 4Degrees already has permission to view, scoped to your user account and your firm’s organization. Most operations are reads; a fixed, enumerated set of write operations is available with your explicit consent (see Write actions). Specifically, the connector exposes:

• Contacts (name, title, company, email, phone, location, tags, custom fields, relationship strength signals)
• Companies (name, domain, location, employee count, deal count, custom fields)
• Deals (name, pipeline, stage, owner, value, contacts, tags, custom fields)
• Interaction metadata — subject, sender / recipient names, date, type (email / meeting / note)
• Custom field definitions, pipeline definitions, team membership
• Portfolio dashboards (triage, warmest leads, recent news, job changes, reminders)
• Introduction paths — teammates with the strongest relationship to a contact or company

What is never exposed #

• Encrypted email and meeting bodies (only metadata is queryable, as above).
• Passwords, API keys, billing data, and admin settings.
• Data belonging to other firms, or to teammates whose contacts you do not have permission to view.
• Anything your firm’s administrator has scoped behind permissions you do not hold.

How data flows #

1. You ask your AI assistant a question — for example, “Who’s my warmest path to the new CTO at Stripe?” or “Log a call with Sarah today.”
2. The assistant calls one of the connector’s MCP tools (discover, query, compare, or — for writes — execute_action) using your authenticated bearer token.
3. The connector verifies the token, queries or modifies your 4Degrees data subject to your seat’s permissions, and returns the result to the assistant.
4. The assistant renders the result back to you in the conversation. For most writes, the result includes an undo affordance valid for approximately five minutes.

Per their respective connector terms, neither Anthropic (per Anthropic’s Connector Terms) nor OpenAI (per the OpenAI Apps SDK terms) trains its models on data returned by third-party connectors. 4Degrees does not share connector data with any other third party.

Write actions #

The connector can perform a fixed, enumerated set of write operations on your CRM — only when you have explicitly opted in. The shape of what is supported:

• Contacts — create, rename, edit notes, edit social profiles, edit location, log interactions, set reminders, add or remove tags, edit custom fields.
• Companies — create, update, add notes, add or remove tags, reassign owner.
• Deals — create, update, add notes, add associated contacts, move pipeline stage, add or remove tags, reassign owner.
• Undo — reverse most of the above with a single click on the Undo button posted under each confirmation. Valid for approximately five minutes after the original write. The one exception is setting a contact reminder — those must be cancelled in the web app. Company and deal reminders are undoable like every other write.

Consent

The first time the AI assistant requests a write on your behalf, the connector returns a consent prompt. The AI assistant renders the prompt inline; you click Allow to grant consent for the current and future writes. Until you consent, every write attempt is rejected at the dispatcher — no record is modified. You can revoke consent any time from your 4Degrees account settings; revocation is effective immediately.

Permissions

Every write enforces the same permission cascade as reads: the 4-layer contact visibility cascade (self → org-contact → per-contact override → owner default + teammate exceptions), pipeline-level write authorization, and per-resource ownership checks. The connector cannot write to a record you cannot see in the web app.

Audit

Every successful write is recorded in your 4Degrees activity feed with: who initiated it, the action type, the target resource, the timestamp, and (where applicable) the prior value of the field that changed. Your firm’s administrator can review this audit log at any time.

What is not supported

• No deletes. The connector cannot delete contacts, deals, companies, or notes.
• No bulk operations. Every action targets a single resource. The AI assistant cannot batch-tag, batch-update, or batch-archive.
• No cross-tenant writes. Writes targeting resources outside your firm are rejected.
• No background writes. Every action is triggered by a direct user prompt; the connector does not run scheduled or autonomous actions.

What 4Degrees stores #

For the connector specifically, we log the following per request for audit and reliability purposes:

• Your user and organization identifiers (numeric)
• Which connector endpoint was called, when, and whether it succeeded
• A reference to the access token used (stored only as a one-way hash — the original token value is never persisted)
• Timestamp

We do not store:

• The text of your conversation with Claude or ChatGPT
• The arguments your AI assistant passed to the connector
• The CRM data the connector returned

All traffic between AI assistants and the connector is encrypted in transit. Standard 4Degrees database backup, retention, and deletion policies (see our master Privacy Policy) apply to the audit log.

Authorization & revocation #

The connector uses a secure industry-standard OAuth sign-in flow. Each member of your team explicitly authorizes their AI assistant during setup, and that authorization can be revoked at any time:

• From Claude: Settings → Connectors → 4Degrees → Disconnect.
• From ChatGPT: Apps → 4Degrees → Disconnect.
• From 4Degrees: revoke the access token from your account settings.
• From your firm’s administrator: disabling the AI Connector feature in workspace settings immediately invalidates every token issued to org members across both Claude and ChatGPT.

Revocation is effective immediately on the next request.

Children #

The 4Degrees platform is not intended for use by anyone under the age of 18.

Changes to this policy #

We may update this connector-specific policy from time to time. The “Effective” date at the top of this page reflects the most recent change. Material changes will also be reflected in our master Privacy Policy.

Contact #

Questions about how the connector handles your firm’s data: privacy@4degrees.ai.
Security disclosures: security@4degrees.ai.
General support: support@4degrees.ai.