Privacy Policy

1. Scope of this policy

This policy applies to:

• the Metraly marketing website;
• the public synthetic demo and demo-app surfaces;
• contact forms, emails, waitlists, early access and pilot inquiries;
• future commercial conversations, support and licensing workflows.

This policy does not automatically give Metraly access to data inside a self-hosted Metraly deployment. If you run Metraly on your own infrastructure, the engineering data inside that deployment is intended to remain under your control unless you explicitly choose to send information to Metraly, for example through a support request, future opt-in product telemetry, or a commercial support process.

2. Data we may collect on the website

When you visit the website, we may collect limited website data such as:

• pages viewed;
• referrer information;
• approximate region or country;
• device/browser type;
• basic operational logs needed to keep the website available and secure.

If analytics are used, they should be privacy-conscious and should avoid advertising pixels, retargeting, cross-site tracking and invasive fingerprinting.

Website analytics should not collect source code, repository data, commit messages, issue titles, engineering metrics, secrets or product data from a self-hosted Metraly deployment.

3. Data you provide to us

If you contact us, join early access, request a pilot, or ask about commercial terms, we may collect:

• name;
• email address;
• company or organization;
• role/title;
• message content;
• commercial interest, pilot requirements or support context;
• scheduling and communication history.

Do not send secrets, credentials, private repository data, customer data or sensitive production information through public website forms or demo surfaces.

4. Synthetic demo

The public demo is intended to use synthetic data only.

You should not enter:

• real company data;
• real credentials;
• source tokens;
• personal information;
• private repository names;
• customer data;
• production secrets;
• confidential incident details.

The demo may be reset, changed or removed at any time. It is not a production environment and should not be used to store or process real operational data.

5. Self-hosted Metraly deployments

Metraly is designed for customer-controlled deployments. By default, a self-hosted deployment should not require sending customer engineering data to Metraly to function.

Customer engineering data may include:

• repository and pull request metadata;
• commit and review patterns;
• issue/project data;
• build and deployment events;
• incident and reliability data;
• team and workflow metrics;
• AI prompts or outputs derived from engineering data.

This data should remain under the customer's control unless the customer explicitly chooses otherwise.

6. Product telemetry

Metraly has a no-hidden-telemetry policy.

If outbound product telemetry is introduced, it must be:

• opt-in or default-off;
• visible to an administrator;
• documented;
• previewable where practical;
• disableable;
• limited to minimal aggregated diagnostics;
• forbidden from collecting sensitive engineering data.

Product telemetry must not collect:

• source code;
• repository names;
• organization names;
• commit messages;
• PR or issue titles/descriptions/comments;
• personal data about developers;
• secrets, tokens or credentials;
• raw LLM prompts;
• raw customer logs;
• customer hostnames or internal system names unless explicitly approved.

If telemetry is not implemented in the app, the website should not claim that telemetry controls are implemented. It may say that telemetry policy is defined.

7. AI and model providers

Metraly may support different AI modes in the future, such as local models, bring-your-own provider keys or external model providers. The privacy impact depends on the mode selected by the customer.

Metraly should clearly distinguish between:

• local AI execution;
• customer-provided AI provider credentials;
• any external model provider path;
• AI disabled mode.

Public AI examples should use synthetic data unless a customer explicitly approves otherwise.

8. Billing, licensing and commercial data

If Metraly offers paid pilots, Pro or Enterprise plans, we may process commercial information such as billing contact, plan or subscription details, invoice/payment status, license entitlement records, support entitlement records, and contract or procurement communications.

Payment card data should be handled by a payment processor or billing provider. Metraly should not store raw payment card numbers in the product or website. License data should contain entitlement information, not customer engineering data.

9. Support bundles and diagnostics

If a customer asks for support, they may choose to send diagnostics or support bundles. Support bundles should be customer-initiated, reviewable before sending where practical, limited to what is needed for support, redacted for secrets and sensitive data where possible, and retained only as long as needed for support or legal obligations.

10. How we use information

We may use collected information to:

• operate and secure the website;
• respond to inquiries;
• manage early access or pilot conversations;
• provide support;
• improve documentation and onboarding;
• understand aggregate website interest;
• manage billing, licensing and commercial communications;
• comply with legal obligations.

We should not sell personal data to advertisers.

11. Sharing information

We may share information with service providers that help us operate the website, communications, hosting, billing, analytics, support or security processes. Provider use should be limited to the purpose for which the provider is used.

12. Retention

Recommended retention policy:

• contact and early access inquiries: up to 24 months unless deletion is requested or a longer business/legal need exists;
• website analytics: aggregated where possible, raw logs retained for a short operational/security period;
• support communications: as long as needed for support and business records;
• billing/licensing records: as required for accounting, tax, contract and legal obligations;
• support bundles: delete when no longer needed for the support case, subject to legal/commercial obligations.

Final retention windows should be confirmed before production publication.

13. Your rights

Depending on your location, you may have rights to access, correct or delete personal data, object to or restrict processing, request portability, or withdraw consent where processing is based on consent. To make a request, contact privacy@metraly.io.

14. Security

We use reasonable technical and organizational measures to protect website, communication and commercial data. No website or service can be guaranteed completely secure. Do not send secrets, credentials or sensitive production data through public forms or demo surfaces.

15. International users

Metraly may be accessed by users in different countries. Personal data may be processed in locations where Metraly or its providers operate. If Metraly targets EU/UK users or customers, appropriate privacy and data transfer measures should be reviewed before commercial launch.

16. Children's privacy

Metraly is not intended for children. We do not knowingly collect personal data from children.

17. Changes to this policy

We may update this Privacy Policy as the product, website, demo, telemetry, billing or support processes evolve. When we make material changes, we will update the date at the top of the page.

18. Contact

Privacy questions: privacy@metraly.io
General inquiries: hello@metraly.io