1. Introduction
Metis One provides software-as-a-service for business proposal preparation and management. This Privacy Policy describes how we collect, use, and protect your personal information in accordance with applicable U.S. federal and state laws, including the California Consumer Privacy Act (CCPA).
We are committed to protecting your privacy and ensuring transparency in our data practices.
By using our platform, you acknowledge and agree to the data practices described in this policy.
2. Information We Collect
Identifiers: Name, email address, phone number, business address
Commercial Information: Subscription details, billing information, transaction history
Internet Activity: IP address, browser type, device information, usage logs
Professional Information: Job title, company name, business tax ID
Account Credentials: Username and encrypted password
Customer Support Data: Support tickets, correspondence, and feedback
Payment Information: Processed by third-party payment processors (we do not store credit card numbers)
3. How We Use Your Information
Service Provision: To provide access to and operation of the software platform
Business Operations: Account management, billing, and customer support
Security: To maintain platform security and prevent fraud
Communications: Service updates, technical notices, and (with opt-in consent) marketing
Legal Obligations: To comply with applicable laws and regulations
Analytics: To improve platform performance and user experience
4. Data Sharing and Disclosure
We do not sell your personal information. We may share data with: Service Providers (CRM, analytics, hosting), Legal Authorities (when required by law), Business Transfers (in case of merger or acquisition), and With Your Consent (for specific purposes).
Third-Party Services: We use Bitrix24 (CRM), Google Analytics, and Yandex Metrica. These services have their own privacy policies.
Data Processors: All third-party processors are contractually obligated to protect your data in accordance with GDPR standards.
Public Information: Information you choose to make public (e.g., testimonials) may be displayed on our website.
5. Data Storage and Retention
Retention Period: We retain personal data for the duration of your subscription plus 7 years for tax and business record compliance.
Data Location: Data is stored on secure U.S.-based servers with industry-standard encryption.
Security Measures: We implement administrative, technical, and physical safeguards to protect your data.
User Responsibility: Users are responsible for maintaining backups of their business proposals and calculations. We are not liable for data loss.
Account Deletion: Upon request, data will be deleted within 30 days, except where required by law or for legitimate business purposes.
6. Your Privacy Rights
California Residents (CCPA): Right to know what personal information is collected, right to delete personal information, right to opt-out of sale (we do not sell personal information), right to non-discrimination
Access: Request a copy of your personal information
Correction: Request correction of inaccurate data
Deletion: Request deletion of your data (subject to legal retention requirements)
Data Portability: Request your data in a portable format
Opt-Out: Opt-out of marketing communications at any time
To exercise these rights, contact us through your account settings or customer support
7. Compliance with Russian Data Protection Laws
For users in the Russian Federation: We comply with Federal Law No. 152-FZ 'On Personal Data'. Personal data of Russian citizens is collected, processed, and stored in accordance with Russian legislation.
Data Localization: Where required by law, personal data of Russian users may be stored on servers located in Russia or processed by entities registered with Roskomnadzor.
Cross-Border Transfers: Transfers of personal data outside Russia are conducted only to countries ensuring adequate protection or with your explicit consent.
Roskomnadzor Notification: We maintain necessary notifications and registrations with Russian data protection authorities as required.
8. International Data Transfers
Our services operate globally. Personal data may be transferred to and processed in countries outside your jurisdiction.
Safeguards: We use Standard Contractual Clauses (SCCs) approved by the European Commission and other legal mechanisms to ensure adequate protection.
Your Consent: By using our services, you consent to international transfers as described, subject to the safeguards outlined.
9. Data Security
We implement industry-standard security measures: encryption (SSL/TLS), access controls, regular security audits, and employee training.
No system is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
Breach Notification: In the event of a data breach affecting your personal data, we will notify you and relevant authorities as required by law.
Your Responsibility: You are responsible for maintaining the confidentiality of your account credentials.
10. Children's Privacy
Our services are not directed to individuals under 16 years of age. We do not knowingly collect data from children. If we become aware of such collection, we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated 'Last Updated' date.
For material changes, we will provide prominent notice or seek your consent as required by law.