Privacy Policy

Quirky Swirl B.V. (trading as Metric Provenance), registered in The Hague, Netherlands (KVK: 94504474), is the data controller for personal data processed through this platform.

Contact: privacy@metricprovenance.com (or partner@metricprovenance.com)

• Account data: Name, email address, company name — provided when you purchase a plan via Stripe.
• Payment data: Processed entirely by Stripe. We do not store credit card numbers. See Stripe's Privacy Policy.
• Usage data: API call timestamps and endpoints accessed — for service monitoring and reliability. We do not meter or restrict usage.
• Technical data: IP address, browser type, device information — for security and abuse prevention.

• Contract performance (Art. 6(1)(b) GDPR): Processing account and API usage data to deliver the service you purchased.
• Legitimate interest (Art. 6(1)(f) GDPR): Security monitoring, fraud prevention, and service improvement.
• Consent (Art. 6(1)(a) GDPR): Marketing communications — only with your explicit opt-in.

The ODGS interceptor API processes data contexts you submit (e.g., compliance checks), but we do not store the content of your data contexts. Interceptor requests are processed in memory and discarded immediately. No customer business data is persisted on our servers.

• Stripe: Payment processing (PCI DSS compliant)
• Google Cloud Platform: Infrastructure hosting (EU region: europe-west4, Netherlands)

We do not sell personal data. We do not share data with third parties for marketing purposes.

• Account data: Retained for the duration of your subscription + 12 months for legal obligations.
• Usage telemetry: Aggregated after 90 days, raw data deleted after 12 months.
• Payment records: Retained for 7 years (Dutch tax law / Belastingdienst requirement).

You have the right to:

• Access your personal data (Art. 15)
• Rectify inaccurate data (Art. 16)
• Erase your data (Art. 17) — subject to legal retention obligations
• Restrict processing (Art. 18)
• Data portability (Art. 20)
• Object to processing (Art. 21)

To exercise any of these rights, email privacy@metricprovenance.com (or partner@metricprovenance.com). We will respond within 30 days.

• We collect only what we need — no tracking pixels, no advertising cookies, no third-party analytics.
• Interceptor API requests are processed in memory and never persisted.
• All processing stays in the EU (Netherlands).
• We will never sell your data.

This platform uses only essential cookies required for session management and security. We do not use advertising or tracking cookies. No cookie consent banner is required for essential-only cookies under the ePrivacy Directive.

All data processing occurs within the EU (Netherlands, europe-west4 region). No data is transferred outside the EU.

You have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens): autoriteitpersoonsgegevens.nl