MCP Access Model v2.6

AI4Love provides an MCP (Model Context Protocol) server that lets AI assistants — Claude, ChatGPT, or any MCP-compatible client — query your supporter data conversationally. This page explains exactly what the assistant can see, what it can do, and how access is controlled.

How It Works

Staff member                 AI Assistant              MCP Server            Airtable
    │                            │                         │                    │
    │── "Who are our at-risk" ──▶│                         │                    │
    │                            │── MCP tool call ───────▶│                    │
    │                            │                         │── validate key ───▶│
    │                            │                         │◀── key valid ──────│
    │                            │                         │── query data ─────▶│
    │                            │                         │◀── records ────────│
    │                            │                         │── allow-list ──┐   │
    │                            │                         │   filter       │   │
    │                            │                         │◀───────────────┘   │
    │                            │◀── filtered results ────│                    │
    │◀── formatted answer ──────│                         │                    │

Staff asks a question in their AI assistant
The assistant calls one of 19 read-only MCP tools
The MCP server validates the user's access key against Airtable
If valid, the server queries your Airtable base
Results pass through allow-list field filtering (see below)
Filtered data returns to the assistant for response formatting

What the Assistant Can Do

All 19 MCP tools are read-only. The full list:

Tool	Purpose
`list_supporters`	Filter supporters by status, donation amount, volunteer hours
`get_supporter`	Look up a specific person by name or email
`get_supporter_timeline`	Full chronological history — donations, volunteering, engagements, events
`get_donations`	Query donation records
`list_volunteers`	Query volunteer activity and hours
`list_engagements`	Query communication/interaction history
`get_participation`	Event attendance and participation timeline
`list_events`	View events by category
`get_insights`	AI-generated recommendations
`get_at_risk_supporters`	Who is at risk of lapsing?
`get_conversion_opportunities`	Who has upgrade potential?
`get_recognition_queue`	Who deserves recognition?
`get_campaign_recommendations`	What campaign actions should we take?
`get_relationship_alerts`	Which relationships need attention?
`get_summary_stats`	Dashboard overview
`export_supporters`	Structured export for external platforms
`query_kindmind`	Search nonprofit sector research
`query_vault`	Search your organization's internal knowledge base
`get_schema`	View database field structure

What the Assistant Cannot Do

Create, modify, or delete any record
Access fields outside the allow-list
Trigger actions, send messages, or initiate outreach
Access data from other organizations
Bypass rate limits or daily caps

Access Controls

Per-User Keys

Each staff member receives a unique access key stored in their Airtable account record. The key field is restricted using Airtable's field-level permissions — staff cannot view each other's keys in the base interface.

Keys are validated with timing-safe comparison on every request. There is no persistent session — revoking a key takes effect on the very next request.

Organization Isolation

Each MCP request resolves to a specific organization, which maps to a dedicated Airtable base. A user authenticated for Organization A cannot query Organization B's data under any circumstances. This is enforced at the credential routing layer — each org has its own Airtable API token and base ID.

Rate Limits and Extraction Prevention

Control	Limit	Purpose
Per-minute rate limit	60 requests/key	Prevents rapid-fire enumeration
Response size cap	100 records/response	Bounds any single query
Daily retrieval cap	5,000 records/key/24h	Prevents slow-motion bulk extraction
Anomaly detection	Logged and flagged	High-frequency patterns visible in audit trail

Normal conversational usage is typically 50–200 records/day. The daily cap is set well above normal use but well below the threshold for meaningful data extraction.

Data Minimization (Allow-List Filtering)

The MCP server applies allow-list field filtering before returning data to the AI assistant.

How it works:

Only explicitly approved engagement fields are included in responses (donation amount, volunteer hours, event participation, communication history)
All other fields are blocked by default — including any custom fields added to the base after onboarding
Specific tools that require additional fields (e.g., export_supporters includes name and email for mailing preparation) declare their allowed fields explicitly in code
This is deterministic and rule-based — a predefined list, not an AI judgment call

What this means for the LLM:

The AI assistant never sees full street addresses, phone numbers, dates of birth, or government identifiers
Even if a field exists in your Airtable base, it does not reach the LLM unless it is on the allow-list
Adding new fields to Airtable does not automatically expose them through MCP

The LLM Data Path

When the MCP server returns filtered data to the AI assistant, that data transits through the LLM provider's infrastructure.

Provider	Tier	Training	Retention
Anthropic (Claude)	API (commercial)	No — excluded from training by API terms	Up to 30 days for trust & safety
OpenAI (ChatGPT)	API (commercial)	No — excluded from training by API policy	Up to 30 days for abuse monitoring

Default configuration follows standard API retention policies (up to 30 days). Zero-retention configurations are available depending on contract tier — documented in your DPA.

Your options:

Restrict MCP to a single LLM provider
Disable MCP entirely (AI-generated insights in Airtable continue independently)
Request zero-retention configuration (subject to provider contract terms)

Audit Trail

Every MCP query is logged:

Field	Example
User key (hashed)	`a3f8...`
Timestamp	`2026-03-25T14:32:01Z`
Tool invoked	`get_at_risk_supporters`
Org ID	`org_stf`
Records returned	`12`
Response time	`340ms`

Logs are available in Vercel function logs (1-hour retention) or via SIEM streaming (30–90 day retention) for partners on high-compliance onboarding.

Supporter PII is never logged — not names, emails, or donation amounts.

Disabling MCP

MCP is optional. If your organization prefers not to expose supporter data through AI assistants:

Remove the user's access key from their Airtable account record
Or: request that AI4Love disable MCP access for your entire organization

AI-generated insights continue to appear in the dashboard — they are written directly to Airtable by the nightly agents and do not depend on MCP.

MCP Access Model v2.6 ​

How It Works ​

What the Assistant Can Do ​

What the Assistant Cannot Do ​

Access Controls ​

Per-User Keys ​

Organization Isolation ​

Rate Limits and Extraction Prevention ​

Data Minimization (Allow-List Filtering) ​

The LLM Data Path ​

Audit Trail ​

Disabling MCP ​