End-User Policy

Overview

This End-User Policy explains how Metristack handles data when end-users interact with applications built by developers using our API infrastructure. This policy applies to all applications that integrate with Metristack's unified retail data API.

Data Flow and Responsibilities

What We Collect

When end-users interact with applications using Metristack:

• Authentication Data: OAuth tokens and session information for platform connections
• Usage Analytics: API call metrics and performance data
• System Logs: Technical logs for security and debugging purposes
• Connection Metadata: Information about connected platforms and data sources

What We Don't Collect

• Personal information about end-users (names, addresses, phone numbers)
• Financial data or payment information
• Business-specific content or customer data
• Any data outside the scope of our API services

Developer Responsibilities

Data Handling Requirements

Developers using Metristack must:

• Implement their own privacy policies for their applications
• Obtain necessary consents from end-users for data processing
• Ensure secure handling of data retrieved through our API
• Comply with applicable data protection regulations (GDPR, CCPA, etc.)
• Implement appropriate data retention and deletion policies

User Consent

Developers must clearly inform end-users about:

• What data will be accessed through platform connections
• How the data will be used within the application
• Data sharing practices and third-party integrations
• Users' rights regarding their data

Data Security

Our Security Measures

• Encryption: All data in transit and at rest is encrypted
• Access Controls: Strict authentication and authorization protocols
• Monitoring: 24/7 security monitoring and incident response
• Compliance: SOC 2 Type II and ISO 27001 certified infrastructure

Developer Security Requirements

Applications using Metristack must:

• Securely store and transmit API keys and tokens
• Implement proper authentication and session management
• Regularly update dependencies and security patches
• Report security incidents to Metristack within 24 hours

Data Subject Rights

End-User Rights

End-users have the right to:

• Access: Request information about data processed by Metristack
• Rectification: Correct inaccurate or incomplete data
• Deletion: Request deletion of their data from our systems
• Portability: Receive their data in a machine-readable format
• Objection: Object to certain types of data processing

Exercising Rights

End-users can exercise their rights by:

• Contacting the developer of the application directly
• Reaching out to Metristack at privacy@metristack.com
• Disconnecting their accounts from integrated platforms

Data Retention

Our Retention Policy

• Authentication Data: Retained for the duration of the connection
• Usage Analytics: Aggregated and anonymized after 24 months
• System Logs: Retained for 90 days for security purposes
• Connection Metadata: Deleted within 30 days of disconnection

International Transfers

Metristack operates primarily within secure cloud infrastructure. When data is transferred internationally, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) for EU transfers
• Adequate jurisdiction determinations where applicable
• Additional security measures for high-risk transfers

Changes to This Policy

We may update this End-User Policy from time to time. Material changes will be communicated to developers through our developer portal and documentation. Continued use of Metristack services after policy updates constitutes acceptance of the changes.

Contact Information

For questions about this End-User Policy or data handling practices:

• Email: privacy@metristack.com
• Developer Support: support@metristack.com
• Security Issues: security@metristack.com