Privacy Policy — Pondmetric

The short version. Pondmetric collects two kinds of data: your account information (so you can log in) and the metrics we pull from sources you connect (Stripe, Google Analytics, Search Console, etc.). We don't sell your data. We don't share it with advertisers. We use it to do exactly one thing: run the service you pay us for.

Section 01What we collect

When you use Pondmetric, we collect the following categories of information:

Account information

Your email address, used to sign in and to send you alerts and digests.
Your organization or site name, as you provide it.
Billing details, processed by our payment provider Stripe. We never store full card numbers on our servers.

Connected source credentials

When you connect a data source (Stripe, Google Analytics, Search Console, Shopify, WordPress, etc.) we store the OAuth token or API key required to read from that source. These credentials are encrypted at rest and are only used to fetch metrics on your behalf.

Metrics and events

We retrieve aggregated metrics from your connected sources — revenue figures, session counts, ranking positions, performance data, and similar — and store them so you can view trends and receive alerts. This data belongs to you; we are processing it on your behalf.

Usage data

To operate the service we log standard application data: IP address, browser type, the dashboards and reports you view, and timestamps of your interactions. We retain these logs for 90 days for security and debugging purposes.

Section 02How we use it

We use the data we collect to:

Provide the Pondmetric service — display dashboards, send alerts, run the API.
Send transactional emails: account notices, billing receipts, alert notifications, and weekly digests you have enabled.
Respond to your support inquiries.
Detect, prevent, and investigate fraud, abuse, and security incidents.
Comply with applicable legal obligations.
Improve the service in aggregate — for example, identifying which alerts are most useful to users overall.

We do not use your data to train machine learning models, sell it to data brokers, or share it with advertisers.

Section 03Sharing & disclosure

We share your data only with:

Service providers operating under contract with us — for example, Stripe (payment processing), Cloudflare (hosting and CDN), and AWS (data storage). These providers are bound by data processing agreements and may use your data only to provide services to Pondmetric.
Legal authorities, when we receive a valid subpoena, court order, or other legal demand. Where lawful, we will notify you before disclosing your data in response to such a demand.
A successor entity, in the event Pondmetric is acquired or merged. Your data continues to be governed by this policy or one substantially similar, and we will notify you of any material change.

Section 04Data security

We take reasonable and appropriate technical and organizational measures to protect your data:

All data is encrypted in transit using TLS 1.2 or higher.
OAuth tokens, API keys, and other credentials are encrypted at rest using AES-256.
Access to production data is restricted to a small number of authorized personnel and audited.
We maintain incident response and breach notification procedures consistent with applicable law.

No security system is impenetrable. If we discover a breach affecting your data, we will notify you within 72 hours of confirmation.

Section 05Your rights

Depending on your jurisdiction, you may have the right to:

Access the personal data we hold about you.
Correct inaccurate or incomplete data.
Delete your account and the associated data. When you cancel, all account data is purged within 30 days; backups are rotated out within 90 days.
Export your data in a machine-readable format.
Object to or restrict certain processing.
Withdraw consent for any processing you previously authorized.

To exercise any of these rights, email hello@pondmetric.com. We respond within 30 days.

If you are a California resident, you have additional rights under the CCPA, including the right to know what categories of personal information we sell (none) and the right to opt out of sale (already the default). If you are in the EU/EEA or UK, you have additional rights under the GDPR; the legal basis for our processing is the contract between us (to provide the service you've signed up for) and our legitimate interest in operating a secure and useful service.

Section 06Cookies & tracking

We use a small number of cookies to operate the service. See our Cookie Policy for the full list and your options.

We do not use third-party advertising cookies. We do not embed Google Analytics or similar tracking on our own marketing pages. Web analytics on pondmetric.com are gathered using privacy-respecting, self-hosted tooling.

Section 07Children's privacy

Pondmetric is a business-to-business product and is not directed at children under 16. We do not knowingly collect personal information from children. If we learn we have inadvertently collected such information, we will delete it promptly.

Section 08International users

Pondmetric is operated from the United States. If you access the service from outside the United States, you understand that your information will be processed in the United States, which may have different data protection laws than your jurisdiction. By using the service, you consent to this transfer.

For users in the EU/EEA and UK, we rely on Standard Contractual Clauses to transfer data lawfully where required.

Section 09Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced by email to the account address on file and posted in your dashboard at least 30 days before they take effect. Continued use of the service after the effective date constitutes acceptance of the revised policy.

Section 10Contact

Questions about this policy? Reach us at hello@pondmetric.com. We respond within one business day.