Privacy Policy

This Privacy Policy describes how Metriklo ("we," "us," or "our") collects, uses, and protects the personal information you provide when using our business analytics platform and website at metriklo.com. By using our services, you agree to the practices described in this policy.

Information We Collect
How We Use Your Information
Legal Basis for Processing (GDPR)
How We Share Your Information
Third-Party Services
Cookies and Tracking Technologies
Data Retention
Data Security
Your Rights (GDPR & Privacy Rights)
International Data Transfers
Children's Privacy
Changes to This Policy
Contact Us

1. Information We Collect

1.1 Information You Provide Directly

When you register for an account, subscribe to a plan, or contact us, we collect:

Account Information: Full name, email address, company name, and job title.
Payment Information: Billing address, payment card details (processed securely by Stripe; we do not store full card numbers on our servers), and transaction history.
Profile Information: Profile photo, communication preferences, and account settings.
Communications: Messages you send us via email or support channels.

1.2 Information Collected Automatically

When you use our platform, we automatically collect:

Usage Analytics: Features accessed, dashboards created, report generation frequency, session duration, and in-app actions.
Device and Technical Data: IP address, browser type and version, operating system, device identifiers, and screen resolution.
Log Data: Access times, pages viewed, error logs, and referral URLs.
Performance Data: Query response times, API call frequency, and system performance metrics.

1.3 Data You Import into the Platform

When you connect data sources or upload data to Metriklo for analysis, that data is stored and processed on your behalf. You retain ownership of all data you import. We process this data solely to provide the analytics services you have subscribed to.

2. How We Use Your Information

Purpose	Types of Data Used
Providing and maintaining our services	Account data, usage data, imported data
Processing subscription payments	Payment information, billing address
Sending service notifications and account alerts	Email address, account data
Improving and developing new features	Usage analytics, technical data (anonymised)
Customer support and responding to inquiries	Account data, communications
Security monitoring and fraud prevention	IP address, log data, technical data
Legal compliance and enforcement of terms	Account data, transaction records
Sending marketing communications (with consent)	Email address, account data

We do not sell your personal data to third parties. We do not use your imported business data for any purpose other than providing the analytics services you have requested.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data under the following legal bases:

Contract Performance: Processing necessary to deliver the services you have subscribed to.
Legitimate Interests: Improving our platform, preventing fraud, and ensuring network and information security.
Legal Obligation: Compliance with applicable laws and regulations.
Consent: Marketing communications and optional analytics. You may withdraw consent at any time.

4. How We Share Your Information

We share personal data only in the following circumstances:

Service Providers: Trusted third-party vendors who help us operate the platform (payment processing, cloud hosting, email delivery, analytics). All processors are bound by data processing agreements.
Business Transfers: In the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction. We will notify you before your data is subject to a different privacy policy.
Legal Requirements: When required by law, court order, or governmental authority.
Protection of Rights: When necessary to protect the rights, property, or safety of Metriklo, our users, or the public.
With Your Consent: In any other circumstances, only with your explicit consent.

5. Third-Party Services

5.1 Stripe (Payment Processing)

We use Stripe, Inc. to process all subscription payments, including credit/debit cards and Apple Pay. When you make a payment, your payment information is transmitted directly to Stripe using encrypted connections. Stripe is PCI DSS Level 1 certified. We do not store full payment card numbers on our servers.

Stripe's Privacy Policy: stripe.com/privacy

5.2 Cloud Infrastructure

Our platform is hosted on major cloud infrastructure providers with data centers in the European Union and United States. All providers are certified under ISO 27001 and SOC 2 Type II standards.

5.3 Analytics and Monitoring

We use internal tools and select third-party services to monitor platform performance and usage patterns. Any usage analytics collected about our platform (not your imported business data) may be shared with these providers in aggregated, anonymized form.

5.4 Email Communications

Transactional and marketing emails are delivered through trusted email service providers. These providers receive your email address and the content of communications sent to you.

6. Cookies and Tracking Technologies

6.1 Types of Cookies We Use

Cookie Type	Purpose	Duration
Essential	Authentication, session management, security tokens	Session / 30 days
Functional	Remembering your preferences and settings	1 year
Analytics	Understanding how you use the platform to improve it	90 days
Marketing	Relevant advertising (with consent only)	90 days

6.2 Cookie Control

You can control cookies through your browser settings. Disabling essential cookies may affect your ability to use certain features of our platform. For analytics and marketing cookies, you may opt out using the cookie preference center accessible from the footer of our website.

7. Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations:

Active Accounts: Data is retained for the duration of your subscription.
Closed Accounts: Account data is retained for up to 90 days after account closure to allow for reactivation, then deleted or anonymized.
Financial Records: Transaction records are retained for 7 years to comply with accounting and tax regulations.
Imported Business Data: Deleted within 30 days of account closure upon your request.
Log Data: Retained for up to 12 months for security and debugging purposes.

8. Data Security

We implement industry-standard technical and organizational measures to protect your personal data, including:

Encryption in transit (TLS 1.2+) and at rest (AES-256)
Regular security audits and penetration testing
Role-based access controls and least-privilege principles
Multi-factor authentication for administrative access
Automated vulnerability scanning and monitoring
Incident response procedures with 72-hour breach notification protocols

Despite these measures, no method of internet transmission is 100% secure. We cannot guarantee absolute security of your data.

9. Your Rights (GDPR & Privacy Rights)

Depending on your location, you may have the following rights regarding your personal data:

Right of Access: Request a copy of the personal data we hold about you.
Right to Rectification: Request correction of inaccurate or incomplete data.
Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data, subject to legal retention obligations.
Right to Restriction of Processing: Request that we limit how we use your data.
Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format.
Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
Right to Withdraw Consent: Withdraw consent for processing at any time, without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at privacy@metriklo.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

10. International Data Transfers

Metriklo operates globally. If you are located in the EEA or UK, your data may be transferred to and processed in countries outside your jurisdiction, including the United States. Such transfers are safeguarded by Standard Contractual Clauses (SCCs) approved by the European Commission, or other appropriate transfer mechanisms.

11. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a minor, we will delete it promptly. If you believe we have collected data from a child, please contact us at privacy@metriklo.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes by email and by posting a notice on our platform at least 14 days before the changes take effect. Your continued use of our services after the effective date constitutes acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Privacy team:

Email: privacy@metriklo.com
General Support: support@metriklo.com

We aim to respond to all privacy-related inquiries within 5 business days.

Table of Contents