Privacy Policy

Version 2.0 — 12.04.2026
Replaces v1.0 dated 09.09.2024

Metriks ApS (“Metriks”, “we”, “us”) operates the https://metriks.dk website and platform (the “Service”). This Privacy Policy explains how we collect, use, and protect personal data when you use the Service.

For the purposes of the General Data Protection Regulation (GDPR), Metriks acts in two capacities depending on the type of data:

As a controller for your account data — the information you provide when you sign up and use the Service.
As a processor for the data we retrieve from your connected systems (such as your accounting software) on your instruction. The processing of that data is governed by our Data Processing Agreement (DPA) at https://metriks.dk/dpa.

This Privacy Policy covers Metriks’ role as controller. If you are a Metriks customer, please also refer to the DPA for details on how we handle data retrieved from your connected systems.

1. What Data We Collect

Account Data

When you create an account, we collect the following:

Name (personalisation and account identification)
Email address (account access, communication, and notifications)
Phone number (contact and support)
Company name and registration number (billing and identification)
Postal address (billing)

If multiple team members access your organisation’s account, we collect the name and email address of each team member.

Log Data

When you use the Service, we automatically collect technical data sent by your browser, including your IP address, browser type and version, pages visited, time and date of access, time spent on pages, and other usage statistics.

Cookies

The Service uses first-party cookies to maintain your session and improve the Service. We do not use third-party tracking cookies. You can configure your browser to refuse cookies, though this may affect your ability to use parts of the Service. If you are not prompted to accept cookies, it means we are only using strictly necessary first-party cookies.

2. Why We Process Your Data and Our Legal Basis

We process your personal data for the following purposes:

Purpose	Legal Basis (GDPR)
Providing and maintaining your account	Art. 6(1)(b) — performance of contract
Billing and invoicing	Art. 6(1)(b) — performance of contract
Communicating with you about the Service (e.g. updates, support)	Art. 6(1)(b) — performance of contract
Improving the Service and fixing issues	Art. 6(1)(f) — legitimate interest
Ensuring security and preventing misuse	Art. 6(1)(f) — legitimate interest
Complying with legal obligations (e.g. accounting, tax)	Art. 6(1)(c) — legal obligation

We do not use your account data for marketing purposes without your explicit consent.

3. Data Retrieved from Your Connected Systems

The Service allows you to connect your own third-party systems (such as accounting software or CRM tools) so that we can retrieve, analyse, and visualise your data. This data may contain personal data of your End Customers or individuals associated with them (such as names, email addresses, and invoice details).

For this data, you are the controller and Metriks is the processor. We process it solely on your instruction to provide the Service. The terms of this processing are set out in our Data Processing Agreement (DPA).

We do not use data retrieved from your connected systems for our own purposes, and we do not contact your End Customers.

We do not sell your personal data. We share data only with the following categories of third parties, and only to the extent necessary:

Processors

We use third-party services to process data on our behalf. A current list of all processors is maintained at https://metriks.dk/processors, including both processors of account data (used by Metriks as controller) and sub-processors of data from your connected systems (used by Metriks as processor under the DPA).

All processors are located within the European Economic Area (EEA) and are bound by written data processing agreements.

Your Connected Systems

When you connect your own third-party systems to the Service, data flows between those systems and Metriks on your instruction. These are your own services and not our processors. You are responsible for your agreements with those providers.

5. International Data Transfers

All data processing takes place within the EEA. We do not transfer personal data outside the EEA.

If this changes in the future, we will update this Privacy Policy and ensure appropriate safeguards are in place in accordance with GDPR Chapter V.

6. How Long We Keep Your Data

Data Type	Retention Period
Account data	For as long as your account is active; deleted within 30 days of account termination, unless retention is required by law
Data from connected systems	For as long as your account is active; deleted within 30 days of account termination (see DPA for details)
Backups	May contain personal data for up to 90 days after account termination, after which permanently deleted
Log data	Up to 12 months
Billing records	As required by Danish bookkeeping law (currently 5 years)

You may delete your data at any time through the self-service deletion functionality in the Service, or by contacting us.

7. Your Rights

Under the GDPR, you have the following rights regarding your account data:

Access — request a copy of the personal data we hold about you.
Rectification — request correction of inaccurate data.
Erasure — request deletion of your data, subject to legal retention requirements.
Restriction — request that we limit how we process your data.
Portability — request your data in a structured, machine-readable format.
Objection — object to processing based on legitimate interest.

To exercise any of these rights, contact us at support@metriks.dk. We will respond within 30 days.

If your request relates to data from your connected systems (your End Customers’ data), please note that you are the controller of that data. You can access, export, and delete it through the Service, or contact us for assistance as described in the DPA.

If you are unsatisfied with how we handle your request, you have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet) at www.datatilsynet.dk.

8. Security

We take the security of your personal data seriously. We use encryption in transit (TLS 1.2+) and at rest (AES-256), role-based access controls, multi-factor authentication on production systems, and regular security reviews. For a full description of our security measures, see Appendix 2 of the DPA.

In the event of a personal data breach affecting your account data, we will notify the Danish Data Protection Agency (Datatilsynet) within 72 hours of becoming aware of the breach, unless the breach is unlikely to result in a risk to your rights and freedoms. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay.

No method of transmission over the internet or electronic storage is completely secure. While we strive to protect your data, we cannot guarantee absolute security. We recommend enabling two-factor authentication and using a strong password on your account.

9. Links to Other Sites

The Service may contain links to external websites not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of third-party sites.

10. Children

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The current version is always available at https://metriks.dk/privacy. Changes are effective immediately upon posting.

12. Contact

For questions about this Privacy Policy or to exercise your data rights:

Metriks ApS
Ryvangs Allé 81, 2.
2900 Hellerup
Denmark
Company registration no.: DK42805807

Email: support@metriks.dk

The Data Processing Agreement (DPA) is available at https://metriks.dk/dpa.