HomeDiscoveryOther resources
Guides

Loomi Connect MCP security and compliance

Suggest Edits

Bloomreach hasn't released an official MCP server. If you're using agentic systems with custom-built or third-party MCPs, you do so at your own risk and aren't supported by Bloomreach.

📘

Status

The Bloomreach Loomi Connect MCP server is under development. Stay tuned for further product updates. If you want to help us make it better, send feedback to [email protected].

Security and compliance 

Bloomreach builds products with a privacy-by-design and security-by-design approach and supports major frameworks, including GDPR and comparable regulations. For more information on how Bloomreach handles privacy and data processing, visit:

Third‑party MCP servers and your responsibilities

If you're building or deploying your own MCP server using Bloomreach APIs, here's what you need to know.

Bloomreach only guarantees the functionality and design of upcoming Loomi Connect MCP servers. Third-party MCP servers, including open-source projects or self-built connectors, aren't reviewed, certified, or supported by Bloomreach for security, privacy, or compliance.

If you use a third-party MCP server to access Bloomreach APIs, you're fully responsible as the data controller for:

  • What data the server exposes, including any PII or profile-level data.

  • Which AI vendors and platforms receive that data.

  • Meeting all legal requirements under GDPR and other applicable laws, including DPAs, SCCs, and DPIAs.

Bloomreach can change backend functionalities at any time and doesn't guarantee backward compatibility for third-party MCP servers. 

📘

Important

Any personal data exported from Bloomreach APIs to third-party servers or AI tools is your responsibility and at your own risk. If this applies to your setup, involve your Data Protection Officer or privacy counsel before proceeding.

Can I use a third‑party MCP server with Bloomreach APIs?

Technically, yes—but it's not recommended for production use with customer data. Bloomreach doesn't validate or support third-party MCP servers for security, privacy, or compliance. You're fully responsible for what those servers do with your data, which AI vendors receive, and whether that's compatible with your legal and contractual obligations.

Disclaimer

The Loomi Connect MCP Server and the information in this document are provided “as is” and don't constitute legal advice. Regulations such as GDPR, CCPA/CPRA, and others are complex and evolving.

You should consult your Legal and privacy teams to:

  • Determine appropriate legal bases for any AI-related processing of personal data. 

  • Validate that your configuration and AI vendor relationships meet your regulatory and contractual requirements.

Bloomreach will continue to evolve the Loomi Connect MCP Server and its documentation as the MCP standard and AI ecosystem mature.

Updated about 4 hours ago