Privacy Policy

Introduction

At Metristack, we are committed to protecting your privacy and handling your data responsibly. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our unified retail API platform and related services.

Information We Collect

Information You Provide

• Account Information: Name, email address, company details when you register
• Authentication Data: Login credentials and authentication tokens
• Payment Information: Billing details and payment method information
• Communication Data: Messages, support requests, and feedback you send us
• Profile Information: Developer profile details and preferences

Information We Collect Automatically

• Usage Data: API calls, endpoint usage, response times, and performance metrics
• Device Information: IP address, browser type, operating system, device identifiers
• Log Data: Server logs, error reports, and system activity
• Analytics Data: Website usage patterns and user behavior

Information from Third Parties

• Platform Data: Data retrieved from connected retail platforms (with authorization)
• OAuth Tokens: Access tokens from retail platforms you connect
• Integration Data: Metadata from third-party services you integrate

How We Use Your Information

Service Provision

• Provide access to our API and developer tools
• Process and normalize retail data from connected platforms
• Maintain and improve our services
• Provide customer support and technical assistance

Business Operations

• Process payments and manage billing
• Detect, prevent, and address fraud or security issues
• Comply with legal obligations and enforce our terms
• Conduct analytics to improve our platform

Communications

• Send service-related notifications and updates
• Respond to your inquiries and support requests
• Share product updates and new features (with consent)
• Send marketing communications (where permitted)

Legal Basis for Processing

We process your personal data based on:

• Contract Performance: To provide our services as agreed
• Legitimate Interests: To operate, improve, and secure our platform
• Legal Compliance: To meet regulatory and legal requirements
• Consent: Where you have given explicit consent

Information Sharing and Disclosure

We May Share Information With:

• Service Providers: Cloud hosting, payment processing, analytics providers
• Business Partners: Platform integrations and authorized third parties
• Legal Requirements: When required by law, court order, or legal process
• Business Transfers: In connection with mergers, acquisitions, or asset sales
• Safety and Security: To protect rights, property, or safety

We Do Not:

• Sell your personal information to third parties
• Share your data for advertising purposes
• Use your retail data for our own business purposes
• Provide access to unauthorized parties

Data Security

Security Measures

• Encryption: AES-256 encryption for data at rest, TLS 1.3 for data in transit
• Access Controls: Role-based access with multi-factor authentication
• Infrastructure: SOC 2 Type II certified cloud infrastructure
• Monitoring: 24/7 security monitoring and incident response
• Compliance: ISO 27001, GDPR, and industry security standards

Data Breach Response

In the event of a data breach, we will:

• Assess and contain the incident within 24 hours
• Notify affected users within 72 hours
• Report to relevant authorities as required
• Take immediate steps to prevent future incidents

Data Retention

Retention Periods

• Account Data: Retained while your account is active
• Usage Data: Retained for 24 months for analytics
• Log Data: Retained for 90 days for security purposes
• Financial Data: Retained for 7 years for tax/legal compliance
• Communication Data: Retained for 3 years

Data Deletion

Upon account closure, we will delete your personal data within 30 days, except where retention is required by law or for legitimate business purposes.

Your Rights and Choices

Data Subject Rights (GDPR/CCPA)

• Access: Request copies of your personal data
• Rectification: Correct inaccurate or incomplete information
• Deletion: Request deletion of your personal data
• Portability: Receive your data in a machine-readable format
• Objection: Object to certain types of processing
• Restriction: Limit how we process your data

How to Exercise Your Rights

• Log into your account dashboard to manage preferences
• Email us at privacy@metristack.com
• Use our data request form (available in account settings)

Cookies and Tracking

Types of Cookies We Use

• Essential Cookies: Required for basic site functionality
• Performance Cookies: Help us analyze site usage and performance
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand user behavior

Cookie Management

You can control cookies through your browser settings. Note that disabling essential cookies may affect site functionality.

International Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure adequate protection through:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions by relevant authorities
• Additional security measures for international transfers

Children's Privacy

Metristack is not intended for children under 16. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated through email or prominent notices on our platform. Your continued use constitutes acceptance of the updated policy.

Contact Us

For privacy-related questions or requests:

• Email: privacy@metristack.com
• Address: Metristack Data Protection Officer
  [Company Address]
  [City, Country]
• Phone: [Phone Number]