Privacy Policy

Last updated: 9 May 2026

1. Introduction

This Privacy Policy explains how Metiflow (operated by Metiflow Group) collects, uses, stores, and protects personal data when you use our platform.

2. UK-Only Service Scope

Metiflow is currently provided for customers operating in the United Kingdom. We process personal data in line with UK data protection law.

3. Data Protection Roles

In most cases, your organisation is the data controller for customer and operational data you input into Metiflow, and we act as your data processor for that data.

We act as a data controller for our own business administration data, such as account creation, billing, support communications, and platform security logs.

4. Personal Data We Collect

  • Account and profile data, such as names, email addresses, phone numbers, and organisation details.
  • Operational data entered into the platform, such as customer details, job records, quotes, invoices, and notes.
  • Authentication and security data, such as login activity and technical event logs.
  • Billing and subscription data needed to manage paid plans and outstanding balances.
  • Support data you share when contacting us.

5. How We Collect Data

  • Directly from you when you register, log in, contact support, or use platform features.
  • From authorised users under your organisation account.
  • Automatically from platform usage and device/browser interactions needed for security and service performance.

6. Legal Bases for Processing

We process personal data under one or more of the following UK GDPR legal bases:

  • Performance of a contract.
  • Legitimate interests, including service security, fraud prevention, and platform improvement.
  • Compliance with legal obligations.
  • Consent, where consent is specifically required by law.

7. How We Use Personal Data

  • To provide, maintain, and improve Metiflow.
  • To authenticate users and keep accounts secure.
  • To provide support and communicate service updates.
  • To manage subscriptions, payments, and account status.
  • To meet legal, regulatory, and compliance requirements.

8. Processors and Sharing

We currently use Supabase as our primary data hosting and database provider to deliver the platform. We share personal data only where necessary to operate the service, comply with legal obligations, or protect rights, safety, and security.

Our Data Processing Addendum is available here: Data Processing Addendum (DPA).

We do not sell personal data to third parties.

9. International Transfers

Where personal data is transferred outside the UK, we use appropriate safeguards required under UK data protection law, such as approved contractual transfer mechanisms.

10. Retention

We keep personal data only for as long as necessary for the purposes described in this policy, including legal, tax, accounting, and security requirements.

After account termination, we may retain data for up to 90 days before deletion unless longer retention is required by law.

11. Security

We apply reasonable technical and organisational security measures designed to protect personal data, including access controls, encryption in transit, and monitoring for suspicious activity.

12. Your Rights

Subject to applicable law, you may have rights to:

  • Access personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of personal data.
  • Object to or restrict certain processing.
  • Request transfer of your data where applicable.
  • Withdraw consent where processing is based on consent.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO).

13. Cookies and Tracking

We use essential technical measures required for platform operation and security. We do not currently use third-party advertising or conversion tracking integrations.

14. Children

Metiflow is a business platform and is not intended for use by children.

15. Changes to This Policy

We may update this Privacy Policy from time to time. Where changes are material, we will notify you by email or through a notice on the platform.

16. Contact

If you have any privacy questions or want to exercise your data rights, please contact us at:

Metiflow Group
Email: admin@metiflow.com
Back to login·Terms and Conditions·DPA