Back to Home

GDPR Compliance

Last updated: July 4, 2026

Our Commitment

MetricDash is fully committed to compliance with the General Data Protection Regulation (GDPR). We process personal data lawfully, fairly, and transparently, and we implement appropriate technical and organizational measures to protect your data.

Data Processing Activities

ActivityLegal BasisRetention
User authenticationContract (Art. 6(1)(b))Account lifetime + 30 days
Advertising data aggregationContract (Art. 6(1)(b))Subscription duration
OAuth token storageContract (Art. 6(1)(b))Until integration removed
Service improvement analyticsLegitimate Interest (Art. 6(1)(f))12 months max
Lead form submissionsConsent (Art. 6(1)(a))Until consent withdrawn

Sub-Processors

Supabase
Database & Authentication
EU (Frankfurt)
Self-hosted VPS
Application Hosting
EU (Germany)
Resend
Transactional Email
EU
Google APIs
Google Ads Data Fetching
Global
Meta APIs
Meta Ads Data Fetching
Global

Your Rights Under GDPR

Right of Access
Request a copy of your personal data.
Right to Rectification
Correct inaccurate personal data.
Right to Erasure
Request deletion of your data.
Right to Restrict
Limit how we process your data.
Right to Portability
Receive your data in a standard format.
Right to Object
Object to data processing activities.

Data Protection Measures

  • All data transmitted via HTTPS/TLS encryption.
  • OAuth tokens stored with encryption at rest in Supabase.
  • Regular security audits and vulnerability assessments.
  • Role-based access control (RBAC) with Row Level Security (RLS) policies.
  • Minimal data collection — we only store what is necessary for service delivery.

Responsible Entity

MJ Marketing

Mijo Jurisic

Olszańska 7, 31-513 Kraków

VAT ID: PL5130297952

Email: [email protected]

Phone: +48 574 751 177

For GDPR-related requests, data access, or questions about our data practices, contact us at [email protected].

You also have the right to lodge a complaint with a supervisory authority within the EU.