Privacy & security
Picnic MCP is built on three guarantees: passkey-bound sessions, scoped access, and read-only-by-default capabilities.
Authentication: OAuth 2.0 + passkey
Picnic MCP follows RFC 9728 (opens in a new tab) (OAuth 2.0 Protected Resource Metadata). When your AI client connects:
- The client discovers the OAuth metadata at
/.well-known/oauth-authorization-server. - You're redirected to Picnic's consent page.
- You sign in with your passkey — the same one you use in the Picnic app. There are no shared API keys, no static tokens to copy and paste, no passwords.
- You pick which scopes to grant. The token issued back to your AI client is bound to that specific passkey: every tool call validates that the requested data belongs to a smart account that passkey controls.
If you delete the passkey, the token stops working.
Scopes
Each capability is its own scope. You approve scopes individually on the consent screen, and your AI client can never use a scope you haven't granted.
| Scope | Description | Status |
|---|---|---|
read:profile | View your name, email, and account status | Coming soon |
read:balances | View your token balances across all accounts and chains | Available |
read:transactions | View your transaction history | Available |
read:card | View your card details, status, and spending limits | Coming soon |
read:card:transactions | View your card transaction history | Coming soon |
propose:swap | Propose a token swap for your approval | Coming soon |
propose:transfer | Propose a crypto transfer for your approval | Coming soon |
propose:pix | Propose a PIX payment for your approval | Coming soon |
execute:swap | Submit a signed swap to the network | Coming soon |
execute:transfer | Submit a signed crypto transfer | Coming soon |
execute:pix | Submit a signed PIX payment | Coming soon |
manage:card | Freeze or unfreeze your card | Coming soon |
What Picnic MCP cannot do (today)
- It cannot move funds. All
propose:*andexecute:*scopes are reserved for future capabilities and are not currently functional. - It cannot export keys or any signing material. Signing always happens in the Picnic app, on your device, with your passkey.
- It cannot see anything outside the smart accounts the authenticated passkey controls.
Revoking access
Open the Picnic app and revoke the AI client's connection. The token stops working immediately on the next request.