When did you last read a privacy policy?

What if you could just ask it questions instead?

**Andrew Gruen, PhD**
CEO, Working Paper
Senior Fellow, FPF

Right. Nobody reads them.

The fine print is designed to

Be complete enough to satisfy regulators
Be defensible enough to satisfy lawyers
("Readable" doesn't make the list.)

"We may use Content you provide us to improve our Services, for example to train the models that power ChatGPT."

"Once you choose to delete Personal Data, we will remove it from our systems within 30 days..."¹

https://openai.com/policies/us-privacy-policy/ ↩︎

The answers are all in there

The questions are yours. The gap between them is 25 pages of legal English.

So why are we still reading documents by hand when every one of us has an AI assistant open in another tab?

Teach an AI to read the fine print:

Building (and instrumenting, and shipping) an MCP server in 30 minutes

github.com/agruen/mcp-demo — clone it now, everything from today is in there

What exactly do you mean when you say...

MCP

From the Model Context Protocol — an open standard (modelcontextprotocol.io)

Tools: small functions you write that return structured data — think get_retention_rules()
Transport: discovery and invocation over plain HTTP — the assistant asks "what tools do you have?"
Clients: Claude, ChatGPT, Gemini... one endpoint serves them all

The key mental shift

The AI is your user

You're not building an API for developers
A language model reads your tool descriptions and decides, mid-conversation, which one answers the human
Tool descriptions are prompts. Write them like instructions to a smart intern.

Live demo

https://mcp-demo.workingpaper.co

Anatomy: four layers, no magic

A markdown file — the policy, scraped from openai.com
One JSON file — sections → topics → tables → a 26-term glossary
tools.py — 18 plain Python functions
FastMCP + FastAPI — the MCP endpoint at /mcp/, a docs page at /, the dashboard at /reporting/

No database. No vector store. No embeddings. No RAG.

A 25-page policy fits in one JSON file that loads once at startup. The model can't hallucinate what it reads from structured data — and every response carries an attribution line back to the source.

Design tools around intents, not the table of contents

get_training_optout() — the question everyone actually has
get_retention_rules() — what "delete" really does
get_children_policy() — the question parents have
get_privacy_essentials() — one "start here" call, so a lazy (efficient) model nails it on the first try
...plus generic list / search / fetch for everything else

A toy answers questions.

An instrument tells you what was asked.

Pattern one: user intent hints

Every tool call is implicit intent — calling get_children_policy is the signal "a parent/guardian/caretaker is asking"
Responses steer the model — a hints block with next_steps prompts the assistant through your data
The model self-reports — every tool description ends: "call policy.log_activity to report what you helped with"

The AI summarizes the user's intent and reports it back

user_goal: what the human was trying to do, in the LLM's own words
interaction_type: question, opt_out_help, deletion_help...
user_type: consumer, parent, teen, business user...
concern: training, deletion, ads, children, rights...
It's voluntary. Models comply most of the time — and the dashboard measures the rate.

Pattern two: the reporting dashboard

A published document becomes an instrumented document

Which provisions people actually consult — the training opt-out, or the children's rules?
Where the confusion is — heavy glossary lookups and zero-result searches are a revision agenda, generated by demand
Who is asking — the user-type × concern heatmap is a constituent-needs report
This is the feedback loop most policy authors never get.

Everything that makes intent data useful makes it sensitive

\(Intent + Telemetry = Insight + Liability\)

Questions reveal circumstances: "how do I delete a chat with medical info" is closer to a confession than a page view
The user consented to their assistant — not to your logs
"Anonymous" wears thin at low volume
Run one of these, and you're somebody's data processor now

We built a tool for asking "what does this company know about me?"

But now that we have the tool... We have the same question again. What does the MCP know about me?

(That's not a bug in the lesson. That is the lesson.)

Ship it

docker compose up --build -d

One container, one command
Runs on a Raspberry Pi — same two commands, 64-bit OS required
Caddy in front for free TLS, or point your existing reverse proxy at :8080
The two gotchas: set PUBLIC_HOST, and don't buffer SSE

Connect yours, right now

claude.ai → Settings → Integrations → Add MCP
Paste the server URL (it's on screen)
Ask: "Does OpenAI sell my data?"
Then open /reporting/ — congratulations, you're a data point.

Homework: build one with Claude Code

Structure the document — schema first: sections, topics, tables, glossary
Design tools around the 8–10 questions people actually bring
Add the intent loop + the dashboard
Serve and ship — FastMCP + FastAPI + Docker
Verify like you mean it — call every tool through the real endpoint
Steps 1–2 are where the human judgment lives. Claude Code is genuinely good at 3–5 — once it has a working example to follow. You now have two.

What document will you serve?

The employee handbook
Your lease
The union contract
The city zoning code
A school district's AI policy (we did that one too — it's in /example)

Questions?

Thank you!

My Inbox is Yours 📨

ag@workingpaper.co

github.com/agruen/mcp-demo