Who We Are
Metadologie India Private Limited is a Salesforce consulting firm and software vendor registered in India. We build tools and applications for business productivity, including apps on the Salesforce AppExchange and Zoho Marketplace.
This Privacy Policy applies to all users of our website (metadologie.com), our proprietary software platforms - MetaShip, M-Pay, M-Quote, DocsBag, and MetaTax - and our marketplace applications (collectively, the “Services”).
We comply with the Digital Personal Data Protection Act, 2023 (DPDP Act), the IT Act 2000 and SPDI Rules 2011, and - where applicable - the GDPR.
At Metadologie, we are committed to protecting your privacy and ensuring transparency in how your personal information is collected, used, and safeguarded.
1. What Information Do We Collect?
We only collect what we actually need (data minimisation). Here’s what that looks like in practice:
| Category | Examples |
|---|
Identity & Contact | Name, business email, phone, job title, company name |
Transaction | Invoice details, purchase history, GST number (no full card numbers stored) |
Technical / Usage | IP address (pseudonymised), browser, pages visited, session data, server logs |
Communications | Support tickets, emails, survey responses |
Job Applications | CV, qualifications, work history (only if you apply) |
We do not collect sensitive personal data (health, biometric, financial account credentials, religious or caste information) — unless strictly required and only with your explicit written consent.
2. How Do We Process Your Information?
We process your information to:
- •Provide, operate, and maintain our products and services.
- •Process transactions, generate shipping labels, payment links, quotes, and tax workflows.
- •Automate business processes and improve operational efficiency.
- •Enhance user experience and platform performance.
- •Communicate updates, alerts, and support responses.
- •Ensure security, prevent fraud, and comply with legal obligations.
3. What Legal Bases Do We Rely On?
We process your data on the following legal bases, mapped to specific purposes:
| Purpose | Legal Basis |
|---|
Delivering our services, billing, support | Contract performance |
Fraud prevention and security monitoring | Legitimate interests |
Product improvement and analytics | Legitimate interests (anonymised) |
Marketing emails and newsletters | Your consent - unsubscribe anytime |
Legal and regulatory compliance | Legal obligation |
We will ask for fresh consent before using your data for any purpose not listed here.
4. When and With Whom Do We Share Your Information?
We never sell your personal data. We may share it only with:
- •Service providers - e.g. Salesforce, Zoho, Google Cloud. All are bound by a Data Processing Agreement and may only use your data on our instructions.
- •Payment gateways and financial institutions - for M-Pay transactions.
- •Shipping carriers and logistics providers - for MetaShip operations.
- •Cloud storage providers - for DocsBag (OneDrive, Google Drive, Dropbox, Box, SharePoint, AWS S3, Azure).
- •Tax authorities or compliance systems - for MetaTax, where required by law.
- •Technology and infrastructure partners - hosting, analytics, support.
- •Professional advisors - lawyers and auditors, under strict confidentiality obligations.
- •Authorities - only when required by law or court order. We will notify you where legally permitted.
- •Business successors - if Metadologie is acquired or merges, you will be notified in advance and can exercise your rights before any transfer.
Cross-border transfers: Data transferred outside India is protected by Standard Contractual Clauses and TLS 1.2+ encryption.
5. Do We Use Cookies and Tracking Technologies?
Yes. We use three categories of cookies:
- •Strictly necessary - the site won’t work without these. No consent needed.
- •Analytics (Google Analytics / Zoho) - anonymised traffic data. You can decline these.
- •Marketing - retargeting and campaign tracking. Only activated with your explicit consent.
You can change your cookie preferences at any time via the Cookie Consent Manager on our site, or through your browser settings.
6. Product-Specific Data Usage
MetaShip (Logistics & Shipping)
- •We process shipment-related information, including sender and recipient details, addresses, and tracking data, to facilitate shipping and delivery services.
- •This data may be shared with third-party carriers (FedEx, UPS, DHL) for shipment execution and tracking.
- •We use this information to provide real-time visibility, optimize delivery workflows, and ensure successful fulfillment.
- •All shipment data is handled securely and retained only as necessary for operational and legal purposes.
M-Pay (Payments)
- •Sensitive financial information (such as card details) is handled by authorized payment gateways and is not stored by us where applicable.
- •We may share relevant data with payment processors and financial institutions to complete transactions and prevent fraud.
- •All payment data is processed in compliance with applicable financial regulations and security standards.
M-Quote (Quoting)
- •We process quotation data, including pricing, customer details, and transaction-related information, to generate and manage business quotes.
- •This information is used to streamline the sales process and improve accuracy in pricing and communication.
- •Data may be shared internally or with integrated systems to support workflow automation.
- •All quotation data is securely stored and retained only for business and contractual purposes.
DocsBag (Document Management)
- •We facilitate the storage, access, and management of documents through integrations with third-party cloud storage providers (OneDrive, Google Drive, Dropbox, Box, SharePoint, AWS S3, Azure).
- •Documents and files are processed to enable organization, sharing, and retrieval within the platform.
- •We do not control or own data stored on external platforms but enable secure access and management.
- •All document-related data is handled in accordance with applicable security and data protection standards.
MetaTax (Tax & Compliance)
- •We process tax-related information, including financial data, transaction records, and filing details, to enable accurate tax calculations and compliance management.
- •This may include data required for generating returns, reports, and audit documentation.
- •We may share relevant data with authorized regulatory bodies or compliance systems where required by law.
- •All tax data is handled securely and retained only as necessary to fulfill legal, regulatory, and contractual obligations.
7. How Long Do We Keep Your Information?
We retain your data only for as long as necessary, with the following maximum retention periods:
| Data Type | Retention Period |
|---|
Account and identity data | Duration of relationship + 3 years |
Financial records | 7 years (Indian tax law requirement) |
Server and security logs | Up to 12 months (CERT-In direction) |
Support correspondence | 3 years from last contact |
Unsuccessful job applications | 6 months, then securely deleted |
When the retention period ends, data is cryptographically erased (digital) or cross-cut shredded (physical).
8. Data Security
We implement enterprise-grade security controls to protect your data:
- ✓AES-256 encryption at rest
- ✓TLS 1.2 / 1.3 in transit
- ✓Multi-factor authentication
- ✓Role-based access control
- ✓Annual penetration testing
- ✓72-hour patch SLA for critical vulnerabilities
- ✓Tamper-evident audit logs
- ✓Endpoint encryption (EDR)
All staff with access to personal data receive mandatory annual security training. We conduct background checks for roles handling sensitive data.
Data Breach Response
If a breach occurs, we:
- •Contain it within 1 hour
- •Report to CERT-In within 6 hours (as required by Indian law)
- •Notify GDPR supervisory authorities within 72 hours where applicable
- •Inform affected users promptly if their data is at risk
Security Vulnerability Disclosure
Found a security vulnerability? Email support@metadologie.com with subject “Security Disclosure” - we respond within 48 hours.
While we strive to protect your data, no system is completely secure.
9. Do We Collect Information From Minors?
Our Services are intended for business use and are for users aged 18 and over. We do not knowingly collect data from minors.
If you believe a child’s data has been shared with us, contact us immediately - we will delete it within 72 hours of verification.
10. What Are Your Privacy Rights?
You have the following rights regarding your personal data:
- •Access - Get a copy of the data we hold about you.
- •Rectification - Ask us to correct inaccurate data.
- •Erasure - Request deletion of your data.
- •Restriction - Ask us to pause processing while a dispute is resolved.
- •Portability - Receive your data in CSV or JSON format.
- •Object - Opt out of marketing or profiling at any time.
- •No automated decisions - Not to be subject to fully automated decisions that significantly affect you.
- •Nominate - Designate someone to act on your behalf (DPDP Act provision).
- •Withdraw consent - At any time, where processing is based on consent.
To exercise any right, email support@metadologie.com. We respond within 30 days.
11. Controls for Do-Not-Track Features
Some browsers offer Do-Not-Track (DNT) features. Currently, our systems may not respond to DNT signals due to lack of industry-wide standardization.
12. Social Media Platform Plugin (Facebook & Instagram)
- •We process information received via the Meta Graph API, including Instagram User IDs, usernames, and message content, solely to facilitate customer support and communication within our Salesforce environment.
- •This data is used to create and manage support cases and is not shared with unauthorized third parties.
- •We may access limited data from your connected Meta accounts to enable features such as viewing Instagram messages directly within Facebook or connected systems. All access is strictly with your authorization and in accordance with Meta’s platform policies.
- •We comply with all Meta Platform Terms and Developer Policies regarding the handling of user data.
- •All data retrieved through Meta integrations is handled securely and retained only as necessary to provide the service.
Users can manage or revoke access to their Meta accounts at any time through their account settings.
13. Do United States Residents Have Specific Privacy Rights?
U.S. residents (such as California users) may have rights under laws like CCPA, including:
- •Right to know what data is collected.
- •Right to request deletion.
- •Right to opt out of certain data sharing.
- •Right to non-discrimination for exercising privacy rights.
14. Do Other Regions Have Specific Privacy Rights?
Users in regions such as the EEA, UK, and India may have additional rights under GDPR and the India DPDP Act, including:
- •Right to access and correct personal data.
- •Right to withdraw consent.
- •Right to request erasure of data.
- •Right to lodge a complaint with a supervisory authority (e.g., the Data Protection Board of India).
15. SMS Opt-In
By providing your phone number, you consent to receive SMS notifications related to:
- •Transactions and alerts.
- •Service updates.
- •Customer support.
You may opt out at any time by replying STOP or contacting support@metadologie.com.
16. Do We Make Updates to This Notice?
If we make material changes to this policy, we will:
- •Email registered users at least 15 days before the new policy takes effect.
- •Display a notice on our website.
Continued use of our Services after the effective date constitutes acceptance of the updated policy.
17. Contact Our Data Protection Officer
Have a question or want to exercise a right? Reach us here:
Response time: Acknowledgement within 48 hours · Full response within 30 days.
18. How Can You Review, Update, or Delete Your Data?
You may request access, correction, or deletion of your personal data by emailing support@metadologie.com. We will respond in accordance with applicable laws and within the timelines specified in Section 17.
