Privacy Policy

1. Introduction

Welcome to MetricsUnleashed.com ("MetricsUnleashed," "we," "us," or "our"). MetricsUnleashed.com is a marketing analytics SaaS platform that connects to third-party data sources—including Google Analytics 4, Google Search Console, Google Ads, and Meta Ads—to aggregate your marketing data into custom dashboards with AI-powered analysis.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at metricsunleashed.com and use our services (collectively, the "Service"). It applies to all users of the Service, including individual users, team members, and administrators.

By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

2. Information We Collect

a. Information You Provide Directly

When you create an account, use our Service, or contact us, you may provide the following information:

• Account information: Your name, email address, and password. Passwords are stored only in hashed form using bcrypt and are never stored in plain text.
• Team and organization information: Team names, team member email addresses, and roles when you create or join a team.
• Payment information: When you subscribe to a paid plan, payment processing is handled by Stripe. We do not store your full credit card number, CVV, or other sensitive payment details on our servers. We may receive and store limited billing information from Stripe, such as the last four digits of your card, card brand, and billing address.
• Client and project information: Names, URLs, and other details of the websites or projects you add to the Service.
• Communications: Information you provide when you contact our support team, respond to surveys, or otherwise communicate with us.

b. Information Collected Automatically

When you access or use the Service, we may automatically collect certain information, including:

• Device and browser information: IP address, browser type and version, operating system, device type, and screen resolution.
• Usage data: Pages visited, features used, actions taken within the Service, timestamps, referring URLs, and session duration.
• Cookies and similar technologies: We use cookies and similar tracking technologies to maintain your session, remember your preferences, and understand how you interact with the Service. See Section 6 for more details.

c. Information from Third-Party Integrations

When you connect third-party platforms to the Service, we receive data from those platforms on your behalf. This may include:

• Google Analytics 4: Website traffic data, user behavior metrics, conversion events, audience demographics, and other analytics data associated with the properties you choose to connect.
• Google Search Console: Search performance data including queries, impressions, clicks, click-through rates, average position, and indexing status for the sites you connect.
• Google Ads: Campaign performance data, ad spend, impressions, clicks, conversions, and other advertising metrics for the accounts you connect.
• Meta Ads (Facebook/Instagram): Ad account performance data, campaign metrics, ad spend, reach, impressions, and other advertising data for the accounts you connect.

All third-party data is accessed through OAuth-based authorization. You explicitly grant permission for us to access specific data by approving the requested permission scopes during the connection process. We only access the data necessary to provide the features of the Service.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Providing the Service: To create and manage your account, connect to third-party platforms, aggregate and display your analytics data, power AI-assisted data analysis features, and deliver the core functionality of the Service.
• Processing payments: To process subscription payments, manage billing, and handle invoices through our payment processor, Stripe.
• Transactional communications: To send you essential emails related to your account, including email verification, password resets, team invitations, security alerts, and subscription-related notifications. These emails are sent via our email delivery provider.
• Customer support: To respond to your inquiries, troubleshoot issues, and provide technical assistance.
• Service improvement: To understand how users interact with the Service, identify trends, diagnose technical problems, and improve features, performance, and usability.
• Security and fraud prevention: To detect, investigate, and prevent unauthorized access, abuse, fraud, and other malicious activities. This includes monitoring login attempts, enforcing rate limits, and maintaining audit logs.
• Legal compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

4. Third-Party Platform Data

This section specifically addresses data we receive from third-party platforms you connect to the Service (Google Analytics 4, Google Search Console, Google Ads, and Meta Ads). We take our responsibilities regarding this data very seriously.

Data Access and Authorization

We access third-party platform data solely through OAuth-based authorization flows. When you connect a platform, you are redirected to that platform's authorization page where you explicitly grant permission for MetricsUnleashed.com to access specific data. We only request the permission scopes necessary to provide the Service's analytics and reporting features. We do not access data beyond what you have authorized.

Use of Integration Data

Data received from connected third-party platforms is used solely to provide the Service's analytics, reporting, and dashboard features to you and your authorized team members. Specifically:

• We do not sell data received from third-party integrations to any party, for any purpose.
• We do not license integration data to third parties.
• We do not use integration data for advertising, marketing to you, or building advertising profiles.
• We do not use integration data to train general-purpose AI or machine learning models.
• Integration data is accessible only to your account and authorized team members you have invited.

Google API Services Limited Use Disclosure

MetricsUnleashed.com's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. This means that our use of data received from Google APIs is limited to providing and improving user-facing features that are visible and prominent in our Service's user interface. We do not use Google data for serving advertisements, and we do not allow humans to read this data unless it is necessary for security purposes, to comply with applicable law, or with your affirmative consent.

Disconnecting Integrations

You may disconnect any third-party integration at any time through your account settings. When you disconnect an integration, we will stop fetching new data from that platform. Previously fetched data associated with the disconnected integration will be deleted in accordance with our data retention practices described in Section 7. You may also revoke MetricsUnleashed.com's access directly from the third-party platform's settings (e.g., Google Account permissions page, Meta Business settings).

5. How We Share Your Information

We do not sell your personal data. We may share your information only in the following limited circumstances:

Service Providers and Subprocessors

We engage trusted third-party companies and individuals to perform services on our behalf. These service providers have access to your information only to the extent necessary to perform their functions and are contractually obligated to protect your data. Our subprocessors include:

• Cloud hosting providers for infrastructure and data storage.
• Stripe for payment processing.
• Resend for transactional email delivery (e.g., email verification, password resets, team invitations).
• Redis-based caching services for performance optimization.

Legal Requirements

We may disclose your information if required to do so by law or in the good-faith belief that such action is necessary to: (a) comply with a legal obligation, court order, or legal process; (b) protect and defend our rights or property; (c) prevent or investigate possible wrongdoing in connection with the Service; (d) protect the personal safety of users of the Service or the public; or (e) protect against legal liability.

Business Transfers

If MetricsUnleashed.com is involved in a merger, acquisition, asset sale, bankruptcy, or other business transition, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Service of any change in ownership or uses of your personal information, as well as any choices you may have regarding your information.

6. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve the Service. The types of cookies we use include:

• Strictly necessary cookies: These cookies are essential for the Service to function. They include session cookies that maintain your authenticated session and CSRF protection tokens. Without these cookies, the Service cannot operate properly. These cookies cannot be disabled.
• Preference cookies: These cookies remember your settings and preferences (such as display preferences and dashboard configurations) to provide a more personalized experience.

We do not use third-party advertising or behavioral tracking cookies. We do not participate in ad networks or allow third-party advertisers to place cookies on our Service.

Managing cookies: You can control and manage cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or alert you when a cookie is being set. Please note that disabling strictly necessary cookies may prevent you from using certain features of the Service, such as staying logged in.

7. Data Retention

We retain your information in accordance with the following practices:

• Account data: Your account information (name, email, profile settings) is retained for as long as your account remains active. If you delete your account, your personal data will be deleted within 30 days of account termination.
• Integration data: Data received from connected third-party platforms is retained for as long as the connection is active. When you disconnect an integration or delete your account, the associated integration data will be deleted within 30 days.
• Usage and log data: Server logs and usage analytics data may be retained for up to 12 months for security, debugging, and service improvement purposes.
• Backups: Encrypted backups may retain copies of your data for up to 90 days after deletion from our primary systems. Backup data is automatically purged after this retention period.
• Legal obligations: We may retain certain information for longer periods where required by law (e.g., tax records, transaction history) or to resolve disputes.

8. Data Security

We implement a variety of technical and organizational security measures to protect your information:

• Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security).
• Encryption at rest: Sensitive data stored in our databases is encrypted using AES-256 encryption.
• Password security: User passwords are hashed using bcrypt with appropriate salt rounds. We never store passwords in plain text and have no ability to retrieve your original password.
• Access controls: Access to user data is restricted to authorized personnel on a need-to-know basis. Team-based access controls ensure users can only access data belonging to their own teams and clients.
• OAuth token security: Third-party platform tokens are stored securely and are never exposed to client-side code. Tokens are scoped to the minimum permissions required.
• Regular security reviews: We conduct regular reviews of our security practices, infrastructure, and codebase to identify and address potential vulnerabilities.

While we strive to use commercially reasonable means to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of your data. If we become aware of a security breach that affects your personal information, we will notify you in accordance with applicable law.

9. International Data Transfers

MetricsUnleashed.com is based in and primarily processes data in the United States. If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where our servers are located and our central database is operated.

If you are located in the European Economic Area (EEA), the United Kingdom (UK), or Switzerland, we ensure that transfers of personal data to the United States are protected by appropriate safeguards, including:

• Standard Contractual Clauses (SCCs): We use European Commission-approved Standard Contractual Clauses as the legal mechanism for transfers of personal data from the EEA/UK to the United States.
• Supplementary measures: Where necessary, we implement additional technical and organizational measures to ensure that your data is protected to the standards required by applicable data protection laws.

By using the Service, you consent to the transfer of your information to the United States and other jurisdictions where we operate. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

10. Your Privacy Rights — EEA/UK (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom (UK), you have certain rights under the General Data Protection Regulation (GDPR) and the UK GDPR, respectively.

Legal Bases for Processing

We process your personal data on the following legal bases:

• Performance of a contract: Processing necessary to provide the Service you have requested (Article 6(1)(b) GDPR).
• Legitimate interests: Processing necessary for our legitimate interests, such as improving the Service, preventing fraud, and ensuring security, provided these interests are not overridden by your data protection rights (Article 6(1)(f) GDPR).
• Consent: Where you have given explicit consent for specific processing activities, such as connecting third-party platform integrations (Article 6(1)(a) GDPR).
• Legal obligation: Processing necessary to comply with legal obligations to which we are subject (Article 6(1)(c) GDPR).

Your Data Subject Rights

Under the GDPR, you have the following rights:

• Right of access: You have the right to request a copy of the personal data we hold about you.
• Right to rectification: You have the right to request correction of inaccurate or incomplete personal data.
• Right to erasure: You have the right to request deletion of your personal data, subject to certain legal exceptions.
• Right to restriction of processing: You have the right to request that we limit our processing of your personal data in certain circumstances.
• Right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
• Right to object: You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.
• Right to withdraw consent: Where processing is based on consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing carried out before the withdrawal.

To exercise any of these rights, please contact us at support@metricsunleashed.com. We will respond to your request within 30 days, or within the period required by applicable law.

Right to lodge a complaint: If you believe that our processing of your personal data violates applicable data protection law, you have the right to lodge a complaint with your local supervisory authority. A list of EU data protection authorities can be found at edpb.europa.eu.

11. Your Privacy Rights — California (CCPA/CPRA)

If you are a California resident, you have certain rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

Categories of Personal Information Collected

In the preceding 12 months, we may have collected the following categories of personal information:

• Identifiers: Name, email address, IP address, account ID.
• Commercial information: Subscription and transaction records.
• Internet or other electronic network activity information: Browsing history on the Service, usage data, interaction with features.
• Professional or employment-related information: If provided in account profile or team settings.
• Inferences: Derived from the above categories to create usage profiles for improving the Service.

Your California Privacy Rights

As a California resident, you have the following rights:

• Right to know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collecting the information, and the categories of third parties with whom we share the information.
• Right to delete: You have the right to request deletion of your personal information, subject to certain exceptions.
• Right to correct: You have the right to request correction of inaccurate personal information we maintain about you.
• Right to opt-out of sale or sharing: We do not sell your personal information and we do not share your personal information for cross-context behavioral advertising purposes.
• Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you the Service, charge you different prices, or provide a different level of service because you exercised your rights.

To exercise your California privacy rights, please contact us at support@metricsunleashed.com. We will verify your identity before fulfilling your request and will respond within 45 days, as required by law.

12. Children's Privacy

The Service is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected personal information from a child under 16, we will take steps to delete that information as promptly as possible. If you believe that we may have collected personal information from a child under 16, please contact us at support@metricsunleashed.com.

13. Do Not Track Signals

Some web browsers transmit "Do Not Track" (DNT) signals to websites. Because there is no universally accepted standard for how to interpret DNT signals, we do not currently respond to or alter our practices when we receive DNT signals from your browser. We will continue to monitor developments in DNT standards and may update this policy if a uniform standard is established.

14. Third-Party Links

The Service may contain links to third-party websites, services, or applications that are not operated by us (including the third-party platforms you connect, such as Google and Meta). This Privacy Policy does not apply to those third-party services. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services. We encourage you to review the privacy policies of any third-party services you access through or in connection with the Service.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will update the "Effective Date" at the top of this page.

For material changes that significantly affect how we collect, use, or share your personal information, we will provide at least 30 days' advance notice before the changes take effect. Notice will be provided by:

• Sending an email to the address associated with your account, or
• Displaying a prominent notice within the Service.

Your continued use of the Service after the updated Privacy Policy becomes effective constitutes your acceptance of the changes. If you do not agree with the revised Privacy Policy, you should discontinue your use of the Service and delete your account.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: