Privacy Policy

Metrikia SAS ("we", "our", "Metrikia") is committed to protecting the privacy of its users. This privacy policy explains how we collect, use, and protect your personal data.

We collect the following data:

• Identification data: first name, last name, email, company (names encrypted at rest)
• Connection data: IP address, login logs
• Usage data: interactions with the service
• Advertising data: campaign metrics (via your API connections)
• CRM data: leads, deals, appointments and tasks you manage
• Lead communications: messages and replies exchanged with your leads (encrypted at rest)

Your data is used to:

• Provide and improve our services
• Calculate your performance metrics (CPL, CPA, ROAS)
• Send you service-related communications
• Ensure platform security
• Comply with our legal obligations

We never sell your data. We may share data with:

• Technical subcontractors: hosting (Railway, Amsterdam EU), payment (Stripe), tag management (Google Tag Manager)
• Ad platforms (with consent): Meta (Pixel, conversion data), Google (Analytics, Ads, conversion data), TikTok (Pixel, conversion data). This data is shared only if you accept marketing cookies and is used to measure the effectiveness of our acquisition campaigns.
• Authorities: if required by law

Metrikia uses artificial intelligence to provide analysis and assistance features. In accordance with EU Regulation 2024/1689 (EU AI Act, Article 50) and the GDPR, we inform you of how they work.

5.1 Diana Insights (dashboard analysis)

• How it works: Diana analyzes your aggregated KPIs (spend, leads, ROAS, CPL) to generate 3 to 5 actionable insights on your dashboards
• Data processed: only aggregated metrics from your campaigns. No personally identifiable information (PII) is sent to the AI provider
• Retention: insight requests are not stored server-side. Insights are generated in real-time and not persisted
• Disable: you can disable Diana Insights at any time in Settings > Integrations
• AI classification: limited risk system under Article 50 of EU Regulation 2024/1689

5.2 Diana Support (chatbot)

• How it works: support chatbot that answers your questions from a knowledge base. It does not access your advertising or CRM data
• Data processed: your text messages and conversation history. Stored in database (isolated per organization)
• GDPR rights: the rights of access, rectification and erasure apply to support chat data

5.3 AI subcontractor providers

• Anthropic (Claude): text generation. Data is not used for model training (Anthropic policy)
• OpenAI (embeddings): semantic search in the knowledge base. Data is not used for training (OpenAI API policy)
• International transfers: these providers are based in the United States. Transfers are governed by the EU-US Data Privacy Framework

All AI-generated content is clearly identified with a visual indicator in the interface.

Your data is protected by:

• AES-256 encryption at rest (sensitive data: names, lead messages)
• TLS 1.3 in transit
• Hosting in the European Union (Railway Amsterdam)
• Application secrets encrypted via Symfony Vault
• Data isolation per organization (multi-tenant)
• Restricted access to authorized employees
• Regular security audits

Under the GDPR, you have the following rights:

• Access (Art. 15): obtain a copy of your data in JSON format
• Rectification (Art. 16): correct your data from your profile
• Erasure (Art. 17): request the anonymization of your personal data. Your data is anonymized (not deleted) to preserve the integrity of your organization's business data
• Portability (Art. 20): export all your data (profile, leads, interactions, appointments, deals, notifications) in JSON format
• Opposition (Art. 21): object to the processing of your data

Organization owners must transfer ownership before requesting account deletion.

To exercise these rights, contact us at: privacy@metrikia.io

Your data is retained for the duration of your subscription, then 3 years after the end of the business relationship (legal obligations). Login logs are retained for 12 months.

If your account is deleted, your personal data (name, email, preferences) is anonymized. Lead interaction messages are replaced with a "[DELETED]" marker. Appointment and deal notes are deleted. Your organization's business data (leads, campaigns) is retained in anonymized form.

Metrikia Companion is a Chrome extension that allows you to capture contact information from LinkedIn and Instagram into your Metrikia CRM account.

9.1 Data collected by the extension

• Profile names (first name, last name) from LinkedIn and Instagram
• Profile URLs on LinkedIn and Instagram
• Job titles (LinkedIn only, if available)

This data is collected only when you click the "Capture" button. The extension never collects data automatically or in the background.

9.2 Data not collected

• Browsing history
• Passwords or credentials
• Personal message content
• Photos, media or financial information
• Data from other websites

9.3 Local storage

• API Key: stored locally via chrome.storage.local (never synchronized)
• Settings: language and preferences via chrome.storage.sync
• Lead cache: captured profile URLs, expires after 7 days
• Offline queue: failed captures stored temporarily for automatic retry

9.4 Data transmission

Captured data is sent exclusively to the Metrikia API (api.metrikia.io) via HTTPS with TLS encryption. No data is sent to third parties. No analytics, tracking or advertising network is used.

9.5 Extension permissions

• storage: local storage of API key, settings and cache
• alarms: automatic retry of failed captures
• linkedin.com / instagram.com: reading profile information on Capture click
• api.metrikia.io: sending leads to your CRM account

9.6 User control

• Disconnect the API key at any time from the extension settings
• Individually disable LinkedIn or Instagram capture
• Uninstalling the extension deletes all locally stored data

For any questions regarding this policy:

Metrikia SAS
Email : privacy@metrikia.io
DPO : dpo@metrikia.io