Privacy Policy

Last updated: January 2026

Overview

Metricly ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our service, in compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

Data Controller

Metricly is the data controller for personal data collected through our website and service. For questions about this policy or to exercise your privacy rights, contact us at privacy@metricly.xyz.

Information We Collect

Account Information

When you create an account, we collect your name, email address, and organization name. If you sign up through a third-party service (like Google), we receive basic profile information from that service.

Usage Data

We collect information about how you use Metricly, including queries you run, dashboards you create, and features you use. This helps us improve our service and provide support.

Your Business Data

Metricly does not permanently store your business data. We connect to your data warehouse at query time and execute queries directly against your infrastructure. Query results may be temporarily cached (up to 15 minutes) to improve performance, but are not permanently stored on our servers.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract: Processing necessary to provide our service to you (account management, query execution, dashboard features)
  • Legitimate Interest: Processing for service improvement, security, and fraud prevention
  • Consent: Marketing communications (you can withdraw consent at any time)
  • Legal Obligation: Where required by applicable law

How We Use Your Information

  • To provide and maintain our service
  • To authenticate you and manage your account
  • To communicate with you about your account and service updates
  • To send marketing communications (with your consent)
  • To improve and develop new features
  • To ensure security and prevent fraud
  • To comply with legal obligations

Data Security

We implement appropriate technical and organizational measures to protect your information:

  • All data in transit is encrypted with TLS 1.2+
  • Data at rest is encrypted using AES-256
  • Access controls and authentication required for all systems
  • Regular security assessments and monitoring
  • Employee confidentiality obligations

Data Retention

We retain your account information for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal purposes (such as tax records or dispute resolution).

Temporary query caches are automatically deleted after 15 minutes.

Your Rights

Under GDPR, you have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Correct inaccurate or incomplete information
  • Erasure: Request deletion of your personal data ("right to be forgotten")
  • Portability: Receive your data in a structured, machine-readable format
  • Restriction: Request that we limit how we use your data
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Where processing is based on consent, withdraw it at any time

To exercise these rights, contact us at privacy@metricly.xyz. We will respond within 30 days.

Cookies and Local Storage

We use minimal browser storage for essential functionality:

  • Authentication tokens: Stored in IndexedDB to keep you logged in (essential)
  • Session data: Temporary data in sessionStorage for features like invitation flows (essential)

We do not use tracking cookies or third-party analytics that require consent. Our analytics (if enabled) use privacy-friendly, cookieless methods.

Third-Party Services

We use third-party service providers to help deliver our service. These "sub-processors" are bound by data protection agreements and process data only as instructed by us.

View our complete list of sub-processors at metricly.xyz/sub-processors.

International Data Transfers

Our primary infrastructure is located in the European Union (Google Cloud europe-west1, Belgium). Where data is transferred outside the EU/EEA, we ensure appropriate safeguards through:

  • EU Standard Contractual Clauses
  • Adequacy decisions where applicable

Business Customers

If you use Metricly through your employer or organization, that organization is the data controller for data processed through their account. Please refer to your organization's privacy policy for information about how they handle your data.

For business customers, we offer a Data Processing Agreement (DPA) that governs how we process data on your behalf.

Children's Privacy

Metricly is not intended for use by children under 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page, updating the "Last updated" date, and (for registered users) sending an email notification.

Complaints

If you have concerns about how we handle your data, please contact us first at privacy@metricly.xyz. We will work to resolve your concerns.

You also have the right to lodge a complaint with a supervisory authority. If you are in the EU, you can find your local authority at edpb.europa.eu.

Contact Us

For questions about this Privacy Policy or to exercise your privacy rights: