When you connect an AI assistant — like Claude or ChatGPT — to your Thinkific school using the Thinkific MCP Server, you're giving that AI the ability to work with your school's data on your behalf. This page explains exactly how that works, what the AI can and can't access, and how your data is protected.
The Thinkific MCP Server uses OAuth 2.0 — the same industry-standard authorization method used by apps like Google, Slack, and Salesforce. When you connect your AI assistant, you go through a one-time authorization flow where you explicitly grant access. Thinkific then issues a secure token that the AI uses to make requests on your behalf.
A few important things to know:
Access is controlled by scopes — specific permissions you grant at the time of connection. The AI can only access what those scopes allow.
For the current version of the Thinkific MCP Server, the AI can read information about:
The AI cannot access:
As we expand the product to support write actions (like updating enrollments or content), those capabilities will be listed as separate, clearly labeled permissions — and you'll need to explicitly grant them.
Here's the data flow when you ask an AI to do something with your Thinkific data:
Thinkific controls what data is accessible. The AI can only retrieve what Thinkific's MCP Server allows, based on the scopes you granted.
The AI platform controls what happens in your session. Once data is returned to your AI session, it's governed by that platform's privacy and data handling policies — not Thinkific's. We recommend reviewing your AI provider's privacy policy to understand how session data is handled.
Thinkific does not store or cache the data returned during your AI session. The MCP Server facilitates the request and returns the result — it doesn't keep a copy.
Your learner records contain personally identifiable information (PII) — names, email addresses, and enrollment history. The Thinkific MCP Server handles this with care:
If your organization has a Data Processing Agreement (DPA) with Thinkific, that agreement covers data accessed through the MCP Server.
When you connect an AI assistant to your Thinkific school, your data is used for one purpose only: completing the tasks you ask the AI to perform. Nothing more.
Thinkific does not train AI models. The AI model you're using — whether that's Claude, ChatGPT, or another assistant — is a third-party product that Thinkific connects to, not one we build or train. Your course content, learner records, and school data are not used to improve or train any model on our end.
Your data doesn't flow back to Thinkific for AI purposes. When you ask your assistant a question about your school, the assistant sends a request to Thinkific to fetch the relevant data. That data goes back to your assistant to answer your question. Thinkific doesn't receive it back for any other purpose, and we don't store what the assistant did with it.
What about the AI provider? The model doing the actual thinking — whether that's Claude, ChatGPT, or another assistant — is governed by its own data policies. Most enterprise AI providers, including Anthropic and OpenAI, offer plans that explicitly exclude customer data from model training. We recommend checking your plan with your AI provider to confirm what applies to you.
If you have questions about data privacy, connected apps, or how the MCP Server handles your data, contact [email protected].