Legal
Privacy Policy
Last updated: January 2025
The short version
We collect what we need to run the service. Your emails are processed and forwarded to your webhooks—we don't sell your data. EU-hosted, GDPR compliant.
Data controller
myMetra is the data controller. Contact: [email protected]
What we collect
Account data
Email, name, hashed password, billing info (via Polar.sh)
Email content
Messages received at your endpoints: sender, subject, body, attachments
Technical data
IP addresses, webhook logs, API usage, error logs
How we use your data
Service delivery
Parse and forward emails to your webhooks
Account management
Authentication, billing, support
Security
Fraud prevention and abuse detection
Legal compliance
Respond to lawful requests
Data retention
Your rights (GDPR)
Access
Get a copy of your data
Rectification
Correct inaccurate data
Erasure
Delete your data
Portability
Export in machine-readable format
Object
Stop certain processing
Restrict
Limit how we use your data
Exercise your rights by emailing [email protected]. We respond within 30 days.
Security & third parties
Security: TLS encryption, bcrypt password hashing, HMAC webhook signatures, EU-based infrastructure.
Third parties: Polar.sh (payments), Convex (database). All GDPR-compliant. We don't sell your data.
Cookies: Essential only (authentication). No tracking or third-party analytics.
Policy updates
We'll notify you of material changes via email. You can also lodge a complaint with your local data protection authority if we haven't addressed your concerns.