Privacy Policy

Last updated: June 18, 2026

Metraxis is operated by Interland Inc. ("we", "us", "our"). This Privacy Policy describes how we collect, use, and protect your information when you use the Metraxis platform and its data connectors.

1. Information We Collect

When you connect a third-party platform (such as Meta Ads, Google Ads, Google Analytics 4, or Shopify) to Metraxis, we collect:

Authentication tokens — OAuth access and refresh tokens that allow Metraxis to access data from your connected accounts on your behalf, and, where you have authorized it, to apply ad-management changes you confirm.
Account metadata — Your platform user ID, name, and the list of advertising accounts, analytics properties, or stores you have access to.
Advertising performance data — Campaign metrics including spend, impressions, clicks, conversions, and related breakdowns (geography, demographics, device, platform).
Website analytics data — From Google Analytics 4: sessions, conversions, and funnel-step metrics for properties you connect.
E-commerce data — From Shopify: order and product data used to compute revenue, ROI, and country-level performance. This includes order records that may contain your customers' personal information (see Section 3).
Account & contact information — The email address and basic profile you use to sign in to Metraxis.

We do not collect your platform login credentials (username/password). Authentication is handled entirely through each platform's official OAuth process.

2. How We Use Your Data

Display advertising, analytics, and e-commerce performance dashboards within the Metraxis platform.
Generate AI-powered insights and recommendations based on your connected data.
Compare performance across platforms (cross-channel analytics) and reconcile ad spend against real store orders.
Where you have authorized it, apply ad-management changes (such as budget adjustments or pausing campaigns) that you have explicitly confirmed (see Section 9).

We do not sell, rent, or share your data with third parties. Your data is used exclusively to provide Metraxis services to you, and is never used to serve advertising or to train AI models for unrelated purposes.

3. Your Customers' Personal Data (Our Role as Processor)

Order data from Shopify (and similar e-commerce connections) may include personal information about your customers — such as names, email addresses, and shipping locations.

For this end-customer personal data, you are the data controller and Metraxis acts as a data processor, processing it solely on your behalf and according to your instructions.
We use this data only to produce analytics and insights for you (for example, revenue, average order value, and country-level performance). We do not contact your customers, build cross-merchant profiles, or use your customers' data for our own purposes.
We do not combine one merchant's customer data with another's. Each merchant's data is logically isolated and accessible only to that merchant.
You are responsible for having a lawful basis and appropriate notices/consents in place with your own customers for the data you connect to Metraxis.

4. Data Storage and Security

OAuth tokens are encrypted at rest using AES-256-GCM encryption.
All data transmission uses HTTPS/TLS encryption.
Access tokens are stored on secure servers and are never exposed to client-side code.
We retain your data only for as long as your account is active and your platforms are connected. When you disconnect a platform we delete its stored tokens promptly; other associated data is deleted within 30 days of account deletion or a deletion request.

5. Where Your Data Is Processed (International Transfers)

Metraxis processes and stores connected-account data on secure cloud infrastructure located in the United States.
If you access Metraxis from outside the United States, your data will be transferred to and processed in the United States. Where required by applicable law (e.g., for EEA/UK users), such transfers are made under appropriate safeguards such as Standard Contractual Clauses.
We apply the same security and confidentiality standards regardless of where you or your customers are located.

6. Data Sharing

We do not share your data with third parties except:

Infrastructure and sub-processors (e.g., cloud hosting) that process data on our behalf under written confidentiality and data-protection terms, and only as needed to operate the service.
When required by law or valid legal process.

7. Your Rights — Disconnect and Deletion

Disconnect — You can disconnect any platform at any time from your Metraxis settings. This revokes our access and deletes the stored tokens for that platform.
Delete — You can request deletion of all your data by contacting us at support@metraxis.ai. We will remove all stored data within 30 days.
Access — You can request a copy of the data we hold about you.
Revoke from platform — You can also revoke Metraxis access directly from your Meta, Google, or Shopify account settings. We honor revocation automatically and cease all data access and any authorization to act.

8. Your Privacy Rights (GDPR & CCPA)

EEA / UK users (GDPR) — You have the right to access, correct, delete, restrict, or port your personal data, and to object to certain processing. Our legal bases for processing are performance of our contract with you, your consent (for connecting accounts and authorizing actions), and our legitimate interest in operating and securing the service.
California users (CCPA/CPRA) — You have the right to know what personal information we collect, to request its deletion, and to correct it. We do not sell or "share" personal information as those terms are defined under California law.
To exercise any of these rights, email support@metraxis.ai. We will respond within the timeframe required by applicable law. You also have the right to lodge a complaint with your local data protection authority.

9. Actions Taken on Your Behalf (Write Operations)

With your authorization, Metraxis can perform ad-management operations on connected advertising platforms — for example, adjusting campaign budgets, pausing ads, or editing ad sets — based on recommendations from our AI analyst.

Every such action is opt-in and is preceded by an explicit confirmation step in which you review exactly what will change.
No action is taken automatically or in the background without your confirmation.
You can withdraw Metraxis's permission to act at any time by disconnecting the platform, either from within Metraxis or from the platform's own settings.

10. Meta Platform Data

When you connect your Meta (Facebook) advertising account:

We request the permissions necessary to read your advertising data (ads_read, read_insights) and, where you authorize management, to apply confirmed changes (ads_management, business_management).
We access your data only to display it within the Metraxis platform and to apply changes you have confirmed.
We do not use your Meta data to serve advertisements or for any purpose other than providing Metraxis services to you, and our handling complies with the Meta Platform Terms and Developer Policies.
If you remove the Metraxis app from your Meta account, we automatically delete your stored tokens and cease all data access.

11. Google User Data (Google Ads & Google Analytics 4)

When you connect your Google Ads account or Google Analytics 4 property:

We request only the scopes necessary to provide our services: adwords (Google Ads performance and, where authorized, confirmed management changes) and analytics.readonly (read-only access to GA4 metrics).
Metraxis's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
We use Google user data only to display it within Metraxis and to power the analytics and AI features you use. We do not transfer or sell Google user data, do not use it for advertising, and do not use it to train generalized AI/ML models.
GA4 access is read-only — Metraxis never modifies your analytics data.
You can revoke Metraxis's access at any time via your Google Account permissions; we then delete the associated tokens.

12. Shopify Data

We request read access to your orders (read_orders) and products (read_products) to compute revenue, ROI, and country-level performance.
Order data may include your customers' personal information; we process it as your processor under the terms of Section 3.
We do not modify your store data through these connections.
We comply with Shopify's Protected Customer Data requirements, and respond to Shopify's mandatory privacy webhooks (customer data request, customer redaction, and shop redaction).
Disconnecting your store, or uninstalling Metraxis from Shopify, revokes our access and deletes the stored tokens.

13. Cookies

The Metraxis platform uses only essential cookies required for authentication and session management. We do not use advertising or tracking cookies.

14. Children's Privacy

Metraxis is a business tool intended for use by businesses and their authorized personnel. It is not directed to children, and we do not knowingly collect personal information from anyone under the age of 16. If you believe a child has provided us personal information, contact us and we will delete it.

15. Data Processing Agreement

If you are a business subject to GDPR or similar laws and require a Data Processing Agreement (DPA) governing our processing of personal data on your behalf, contact support@metraxis.ai and we will make one available.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on the Metraxis platform and updating the "Last updated" date above.

17. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights:

Email: support@metraxis.ai
Data controller: Interland Inc.