Privacy Policy
Last updated: June 2026
This Privacy Policy explains how Metricly ("we", "us", or "our") collects, uses, and protects information when you use the Metricly error-tracking service at getmetricly.tech ("Service"). We are based in Sweden and process personal data in accordance with the General Data Protection Regulation (GDPR).
1. Who we are
Metricly is the data controller for personal data collected through the Service. If you have questions about this policy or about how we handle your data, contact us at privacy@getmetricly.tech.
2. Data we collect
Account data
When you sign up, we collect the information you provide through Clerk (our authentication provider):
- Email address
- Name (optional)
- Organisation name
- Profile picture URL (if provided via OAuth)
Event data (error reports)
Event data is sent by your application to our ingestion API. It may contain:
- Exception type, message, and stack trace
- Environment, release, and server name
- Request URLs and HTTP metadata
- Tags and extra fields you choose to include
- User identifiers you attach (e.g.
user.id,user.email)
Important: You are responsible for what you include in event payloads. Do not send unnecessary personal data. If you attach user emails or other identifiers, you must have a lawful basis for sharing that data with us (typically your own privacy policy and user consent).
Usage and billing data
- Credit balance and transaction history
- Monthly usage counters (event count, operation count, ingested bytes)
- Stripe customer ID and payment metadata (card type, last 4 digits) — full card details are handled exclusively by Stripe and never transmitted to us.
Technical data
- IP addresses (for authentication and abuse prevention — not stored long-term)
- Browser and device information collected by Clerk during authentication
- Server logs (retained for up to 30 days for security and debugging)
Hack Club verification data
If you verify your Hack Club student status, we store the identity and scope data returned by the Hack Club OIDC endpoint, including your Hack Club user ID, verification status, and YSWS eligibility flag.
3. How we use your data
| Purpose | Lawful basis |
|---|---|
| Providing the error-tracking Service | Contract performance |
| Billing and payment processing | Contract performance |
| Sending transactional emails (account, payment) | Contract performance |
| Abuse prevention and security | Legitimate interests |
| Improving the Service (aggregated, anonymised analytics) | Legitimate interests |
| Student credit verification (Hack Club) | Consent (you initiate the verification) |
| Complying with legal obligations | Legal obligation |
We do not use your data for advertising or sell it to third parties.
4. Third-party services
| Provider | Purpose | Privacy policy |
|---|---|---|
| Clerk | Authentication and user management | clerk.com/privacy |
| Stripe | Payment processing | stripe.com/privacy |
| Render | Cloud infrastructure (EU region where available) | render.com/privacy |
| Hack Club | Student verification (optional) | hackclub.com/privacy |
| Neon / Supabase / PostgreSQL provider | Database hosting | Per provider |
We require our processors to handle data only as instructed and to maintain appropriate security measures.
5. Data retention
| Data type | Retention period |
|---|---|
| Account and organisation data | Until you delete your account, then 30 days |
| Event data (issues, events) | Until you delete the project or account |
| Billing and credit records | 7 years (legal/tax requirement) |
| Server logs | 30 days |
| Hack Club identity data | Until you delete your account |
You can delete projects and their event data at any time from the dashboard. To delete your account, contact support@getmetricly.tech.
6. Your rights under GDPR
If you are in the European Economic Area or United Kingdom, you have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate data.
- Erasure — ask us to delete your data (subject to legal retention obligations).
- Restriction — ask us to pause processing while a dispute is resolved.
- Portability — receive your data in a structured, machine-readable format.
- Object — object to processing based on legitimate interests.
- Withdraw consent — where processing is based on consent (e.g. Hack Club verification), you can withdraw it at any time.
To exercise any of these rights, contact privacy@getmetricly.tech. We will respond within 30 days.
You also have the right to lodge a complaint with your national data protection authority. In Sweden, that is Integritetsskyddsmyndigheten (IMY).
7. Cookies
We use only essential cookies required for authentication (set by Clerk). We do not use tracking or advertising cookies.
8. Security
We protect your data using:
- TLS encryption in transit
- Encryption at rest for sensitive fields
- Access controls limiting who can see event data to members of your organisation
- Regular security reviews
No system is perfectly secure. If you believe there is a security issue, please report it responsibly to security@getmetricly.tech.
9. International transfers
Our infrastructure is primarily in the EU/EEA. If data is transferred outside the EEA (for example, by Clerk or Stripe), those providers rely on Standard Contractual Clauses or other appropriate transfer mechanisms approved by the European Commission.
10. Children
The Service is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected such data, contact us and we will delete it promptly.
11. Changes to this policy
We may update this policy from time to time. We will notify you of material changes by email or by posting a notice in the dashboard. The "Last updated" date at the top reflects the most recent revision.
12. Contact
Data controller: Metricly
Email: privacy@getmetricly.tech
Country: Sweden