First off — great project. The server is well-structured, easy to configure, and has genuinely improved how I work with Help Scout conversations in Claude. The inbox auto-discovery and conversation search tools in particular are excellent. Thank you for building and maintaining this.
Description
When REDACT_MESSAGE_CONTENT is enabled, the setting appears to only redact message body content. Customer PII such as full names and email addresses are still returned in API responses and surfaced in the MCP tool output.
Expected behavior
With redaction enabled, all personally identifiable information — including customer names and email addresses — should be masked or omitted from responses passed to the LLM context.
Actual behavior
Customer names and email addresses are visible in tool responses despite REDACT_MESSAGE_CONTENT=true.
Why this matters
For users subject to GDPR, enabling this setting implies that customer PII will not leave the Help Scout environment and transit through third-party LLM infrastructure (e.g. Anthropic's servers). The current behavior makes the setting misleading from a compliance perspective, as it gives a false sense of privacy protection.
Environment
Installed via Claude.ai MCP extension
API Base URL: https://api.helpscout.net/v2/
Suggested fix
Extend redaction to cover at minimum: customer name, email address, and phone number in all tool responses. Ideally make redacted fields configurable.
First off — great project. The server is well-structured, easy to configure, and has genuinely improved how I work with Help Scout conversations in Claude. The inbox auto-discovery and conversation search tools in particular are excellent. Thank you for building and maintaining this.
Description
When REDACT_MESSAGE_CONTENT is enabled, the setting appears to only redact message body content. Customer PII such as full names and email addresses are still returned in API responses and surfaced in the MCP tool output.
Expected behavior
With redaction enabled, all personally identifiable information — including customer names and email addresses — should be masked or omitted from responses passed to the LLM context.
Actual behavior
Customer names and email addresses are visible in tool responses despite REDACT_MESSAGE_CONTENT=true.
Why this matters
For users subject to GDPR, enabling this setting implies that customer PII will not leave the Help Scout environment and transit through third-party LLM infrastructure (e.g. Anthropic's servers). The current behavior makes the setting misleading from a compliance perspective, as it gives a false sense of privacy protection.
Environment
Installed via Claude.ai MCP extension
API Base URL: https://api.helpscout.net/v2/
Suggested fix
Extend redaction to cover at minimum: customer name, email address, and phone number in all tool responses. Ideally make redacted fields configurable.