Privacy Policy
Effective 9 July 2026
1. Who we are
This Privacy Policy explains how Content Metric ("Content Metric", "we", "us") collects, uses, discloses, and protects personal data when you use the ContentMetric platform and websites (the "Service"). We handle personal data in accordance with the Singapore Personal Data Protection Act (PDPA) and, where applicable, the EU General Data Protection Regulation (GDPR).
For personal data contained in content that you store on the Service ("Customer Content"), you are the data controller and we act as a data processor on your behalf. For account and billing data, we act as the controller.
2. Data we collect
We collect the following categories of data:
- Account data: name, email address, organization details, and authentication identifiers.
- Billing data: plan, subscription status, and payment references processed by our payment provider (we do not store full card numbers).
- Customer Content: the content, media, and data you upload or create in your projects.
- Usage and metrics data: project activity, feature usage, and resource consumption used for metering and product improvement.
- Technical data: IP address, device and browser information, and server logs collected for security and reliability.
- Cookies and similar technologies used to keep you signed in and to operate the Service.
3. How we use data
We use personal data to:
- Provide, operate, secure, and improve the Service.
- Authenticate users and manage accounts and permissions.
- Process subscriptions, meter usage, and handle billing.
- Communicate with you about your account, security, and service updates.
- Detect, prevent, and respond to fraud, abuse, and security incidents.
- Comply with legal obligations.
4. Legal bases
Where the GDPR applies, we process personal data on the bases of performance of a contract, our legitimate interests in operating and securing the Service, your consent (where required), and compliance with legal obligations. Where the PDPA applies, we collect, use, and disclose personal data with consent or as otherwise permitted by law.
5. Service providers and sub-processors
We share personal data with trusted service providers who help us operate the Service, under agreements that require them to protect it. These include our authentication provider, payment processor, cloud and network infrastructure providers, and content delivery and security providers.
We do not sell personal data.
6. International transfers
Our infrastructure and providers may process data in locations outside your country. Where we transfer personal data across borders, we take steps to ensure a comparable standard of protection consistent with the PDPA and, where applicable, use appropriate safeguards under the GDPR.
7. Data retention
We retain personal data for as long as needed to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. When data is no longer needed, we delete or anonymize it. Customer Content is retained according to your project settings and our standard deletion practices after account termination.
8. Security
We use tenant isolation, encryption, access controls, and audit logging to protect data. No system is perfectly secure, but we work to safeguard personal data using measures appropriate to the risk. You can read more on our Trust page.
9. Your rights
Subject to applicable law, you may request access to, correction of, or deletion of your personal data, and you may withdraw consent or object to certain processing. Where the GDPR applies, you may also request data portability and lodge a complaint with your supervisory authority.
To exercise your rights, contact us using the details below. We may need to verify your identity before acting on a request.
10. Cookies
We use cookies that are necessary to sign you in and operate the Service, and limited cookies to remember preferences. You can control cookies through your browser settings, though disabling necessary cookies may affect functionality.
11. Children
The Service is not directed to children and is not intended for use by anyone under the age at which they can provide valid consent in their jurisdiction. We do not knowingly collect personal data from children.
12. Changes to this policy
We may update this Privacy Policy from time to time. If we make material changes, we will take reasonable steps to notify you. The effective date at the top reflects the latest version.
13. Contact
For privacy questions or to exercise your rights, contact us at [email protected].