Metrifyr

Privacy Policy

Last updated: December 15, 2025

1. Introduction

Metrifyr ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our service in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

Tomáš Grasl
Email: support@tomasgrasl.cz

3. Information We Collect

We collect the following types of information:

  • Account Information: Email address and name from your GitHub or Google account when you sign up.
  • Google API Data: When you connect your Google account, we access Google Analytics, AdSense, and Search Console data on your behalf.
  • OAuth Tokens: We securely store encrypted OAuth tokens to maintain your Google API connection.
  • Usage Data: We track API usage metrics to provide you with usage statistics.

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

  • Contract Performance (Art. 6(1)(b)): Processing necessary to provide you with our services as agreed when you create an account.
  • Consent (Art. 6(1)(a)): When you explicitly authorize access to your Google APIs data.
  • Legitimate Interest (Art. 6(1)(f)): For service improvement, security, and fraud prevention.

5. How We Use Your Information

We use your information to:

  • Provide and maintain our service
  • Authenticate your identity and manage your account
  • Access Google APIs on your behalf to retrieve marketing data
  • Display usage metrics and analytics in your dashboard
  • Communicate with you about service updates

6. Data Security

We take data security seriously. All OAuth tokens and sensitive credentials are encrypted using AES-256 encryption before storage. We never store your raw Google credentials. Our infrastructure is hosted on secure servers with regular security audits.

7. Data Sharing and Third Parties

We do not sell, trade, or rent your personal information to third parties. Your Google API data is only accessed to provide you with the service and is never shared with other users or external parties.

We use the following service providers:

  • Cloudflare: For DNS, CDN, and DDoS protection (USA, EU Standard Contractual Clauses apply)
  • Database hosting: For storing encrypted user data (EU region)

8. Google API Services - Limited Use Disclosure

Metrifyr's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, we:

  • Only use Google API data to provide and improve user-facing features
  • Never transfer data to third parties except as necessary to provide the service
  • Never use data for advertising or to build user profiles
  • Never allow humans to read user data except with explicit consent or for security purposes

9. Cookies and Tracking

We use essential cookies necessary for the service to function, including session cookies for authentication. We do not use third-party tracking or advertising cookies. For more information, see our Cookie Policy.

10. Your Rights Under GDPR

Under EU law, you have the following rights regarding your personal data:

  • Right of Access (Art. 15): Request a copy of your personal data
  • Right to Rectification (Art. 16): Correct inaccurate personal data
  • Right to Erasure (Art. 17): Delete your account and all associated data
  • Right to Restrict Processing (Art. 18): Limit how we use your data
  • Right to Data Portability (Art. 20): Export your data in a machine-readable format
  • Right to Object (Art. 21): Object to processing based on legitimate interests
  • Right to Withdraw Consent: Revoke Google API access at any time from your dashboard

To exercise any of these rights, contact us at support@tomasgrasl.cz. We will respond within 30 days.

11. Data Retention

We retain your data for as long as your account is active. When you delete your account, all associated data including API keys, OAuth tokens, and usage metrics are permanently deleted within 30 days. Backup copies may be retained for up to 90 days for disaster recovery purposes.

12. International Data Transfers

Your data is primarily processed within the European Union. When data is transferred outside the EU (e.g., to service providers in the USA), we ensure appropriate safeguards are in place, including EU Standard Contractual Clauses.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a notice on our website. Your continued use of the service after changes constitutes acceptance of the updated policy.

14. Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. In the Czech Republic, this is the Office for Personal Data Protection (ÚOOÚ): www.uoou.cz

15. Contact Us

If you have any questions about this Privacy Policy, please contact us at support@tomasgrasl.cz

Privacy Policy - Metrifyr | Metrifyr