MetricFly Back home

Legal

Privacy Policy

Last updated June 17, 2026

This Privacy Policy explains how MetricFly (“MetricFly”, “we”, “us”) collects, uses and protects personal data when you use our website at metricfly.app and our analytics service (the “Service”). We act as a data controller for our own account data, and as a data processor for the analytics data our customers collect from their visitors.

MetricFly is built privacy-first: we measure websites without selling personal data, without cross-site tracking, and with an EU-hosted, cookieless option.

01. Who we are

MetricFly provides website analytics with revenue attribution. For any privacy matter you can reach us at privacy@metricfly.app.

02. Data we collect

  • Account data — your name, email, hashed password (or OAuth identifier) and workspace settings, so you can sign in and manage websites.
  • Billing data — handled by Stripe. We store your plan, subscription status and a Stripe customer reference, never your full card number.
  • Analytics data (on behalf of customers) — pageviews, events, referrer/UTM source, country (derived from IP, which is not stored), device, browser and OS, plus a first-party visitor identifier and any revenue or identity you choose to send us through our API.
  • Diagnostic data — basic logs needed to keep the Service secure and reliable.

03. How we use data

  • To provide, maintain and secure the Service.
  • To process payments, trials and subscriptions.
  • To show you analytics and attribution for your own websites.
  • To send essential service messages (we do not sell your data or send spam).
  • To comply with legal obligations and prevent abuse.

04. Legal bases (GDPR)

  • Contract — to deliver the Service you signed up for.
  • Legitimate interests — to secure, improve and operate the Service.
  • Legal obligation — for tax, accounting and compliance.
  • Consent — where required, e.g. non-essential cookies on a customer’s site (collected by the customer).

05. Sub-processors

We rely on a small set of trusted providers to run MetricFly:

  • Supabase — database, authentication and storage (EU region).
  • Stripe — payments and subscription billing.
  • Vercel — application hosting and edge delivery (EU region, fra1).

Each provider processes data under its own DPA and appropriate safeguards.

06. Data retention

Account data is kept while your account is active. Analytics data is retained per your plan (3 years on Starter, 5+ years on Growth) and deleted when you delete a website or close your account. Backups are rotated on a rolling basis.

07. International transfers

We host data in the EU by default. Where data is transferred outside the EEA, we rely on Standard Contractual Clauses or equivalent safeguards.

08. Your rights

Subject to applicable law, you may access, correct, export, restrict or delete your personal data, and object to certain processing. To exercise these rights, email privacy@metricfly.app. You also have the right to lodge a complaint with your local data protection authority.

09. Security

We use encryption in transit (TLS), row-level security on our database, hashed passwords and least-privilege access. No system is perfectly secure, but we work hard to protect your data and will notify you of any breach as required by law.

10. Children

The Service is not directed to children under 16, and we do not knowingly collect their personal data.

11. Changes to this policy

We may update this policy from time to time. Material changes will be announced in-app or by email. The “last updated” date above always reflects the current version.

Questions about this policy? Email us at privacy@metricfly.app.