Generative Metrics logo

Generative Metrics

AI Readiness Audit

Private BetaRequest Access
Why GMUse CasesMetricsFAQPricing

Product Narrative

Privacy Policy

How we handle data in the private beta and production service.

Privacy Policy

Last Updated: February 2026

1. Introduction

Infiquik FZC ("we", "us", "our", or "Infiquik"), operating as Generative Metrics, respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our Service.

Data Controller: Infiquik FZC Sharjah Publishing City Free Zone United Arab Emirates

If you have any questions about this Privacy Policy or our data practices, please contact us at contact@generativemetrics.com.

2. Information We Collect

2.1 Information You Provide to Us

Account Information:

  • Email address
  • Password (hashed and encrypted — we cannot access plaintext passwords)
  • Name (as provided during registration)
  • Organization/Company name

Payment Information:

  • We do not collect or store credit card information
  • Payment processing is handled by Stripe, Inc.
  • We store your Stripe customer ID for subscription management

Communication:

  • Any information you provide when contacting our support team

2.2 Information We Collect Automatically

Usage Data:

  • Website URLs you submit for analysis
  • Scan results and analysis outputs
  • Timestamps of account activity and scan executions
  • First-party product analytics events (for example page interactions, scan lifecycle events, feedback and survey submissions)
  • Anonymous session identifiers stored in browser `sessionStorage` for event reliability (no analytics cookies)
  • Country code derived from request headers (when available); IP addresses are not stored in analytics tables

Technical Data:

  • Browser and device metadata may be processed through application and infrastructure logs
  • Application and service logs used for debugging and security monitoring
  • Session cookies (strictly necessary for authentication only)
  • Network-level metadata (such as IP address) may be processed by infrastructure providers as part of operating and securing the Service

2.3 What We Do NOT Collect

We explicitly do NOT collect:

  • Raw HTML content from scanned websites (extracted text is processed in memory only)
  • Credit card or billing address information (handled by Stripe)
  • IP addresses in our core application data tables
  • Analytics or tracking cookies
  • Third-party advertising identifiers

2.4 Important: User PII and Third-Party Processing

Your personal information (email, name, account data) is NEVER sent to third-party analysis services.

Only public website content (URLs, page text) may be processed by our service providers for analysis purposes. This public content is already available on the internet and does not contain your personal information.

3. How We Use Your Information

We use your personal data for the following purposes:

PurposeLegal Basis (GDPR)
Providing and maintaining the ServicePerformance of contract
Authenticating your AccountPerformance of contract
Processing scan requests and generating reportsPerformance of contract
Managing your Subscription and billingPerformance of contract
Communicating service updates or security alertsLegitimate interest
Debugging and maintaining Service securityLegitimate interest
Complying with legal obligationsLegal obligation

We do not use your data for:

  • Selling to third parties
  • Targeted advertising
  • Any purpose beyond providing the Service

4. Data Storage and Security

4.1 Storage Location

Your data is stored with trusted third-party service providers. While we do not disclose specific provider names publicly, all providers are contractually obligated to maintain appropriate security measures and process data only on our behalf.

4.2 Security Measures

We implement appropriate technical and organizational measures to protect your data:

  • Encryption: All data transmitted between you and our Service is encrypted using TLS/SSL
  • Access Control: Strict access controls limit who can access production data
  • Authentication: Industry-standard authentication controls
  • Regular Review: Security practices are reviewed regularly
  • No Raw Storage: We do not persist raw website HTML, only processed analysis results

4.3 Data Retention

  • Account Data: Retained for 12 months from your last account activity
  • Scan History: Retained for 12 months from your last account activity
  • Product Analytics Events (`user_events`): Retained for 12 months on a rolling basis
  • Client Error Logs (`client_errors`): Retained for 6 months on a rolling basis
  • Feedback, Surveys, and User Problem Reports: Retained to support product quality and support workflows unless deletion is requested
  • Analytics Intelligence Records (`daily_insights`, `algorithm_proposals`): Retained for product governance history unless deletion is required by law
  • Deleted Data: Permanently removed within 30 days of account deletion request
  • Backups: Some data may remain in encrypted backups for a limited period based on infrastructure provider retention schedules and is not routinely restored or accessed

5. Cookies and Tracking

5.1 What Are Cookies

Cookies are small text files stored on your device when you visit websites.

5.2 Our Cookie Usage

We use only strictly necessary cookies required for the Service to function:

CookiePurposeDuration
Session cookieMaintains your authenticated sessionSession only

5.3 What We Do NOT Use

We do not use:

  • Analytics cookies (Google Analytics, Plausible, Mixpanel, etc.)
  • Advertising cookies
  • Third-party tracking cookies
  • Marketing or retargeting cookies

We may use first-party, no-cookie product analytics events under legitimate interest to improve service quality and reliability.

No cookie consent banner is required because we only use strictly necessary authentication cookies and no analytics/advertising tracking cookies, which are exempt from consent requirements under the GDPR ePrivacy Directive.

If we introduce non-essential cookies in the future (for example analytics or marketing cookies), we will update this Privacy Policy and implement consent controls where required by law.

6. Third-Party Services

6.1 Service Providers

We use trusted third-party service providers to operate our Service. These providers process data on our behalf under contractual obligations to protect your information.

Categories of providers:

  • Infrastructure hosting and database services
  • Authentication services
  • Queue and caching services
  • Email delivery services
  • Content analysis and classification services
  • Payment processing services

Named Provider:

  • Stripe, Inc. — Processes payment information directly during checkout

6.2 No Sale of Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

6.3 DPA Requests

For business customers that require additional contractual assurances, a Data Processing Addendum (DPA) may be provided on request.

6.4 Legal Compliance

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas).

7. Your Data Protection Rights

Depending on your location, you may have the following rights:

7.1 GDPR Rights (EU/EEA Users)

If you are in the European Union or European Economic Area, you have the right to:

RightDescriptionHow to Exercise
AccessRequest a copy of your personal dataEmail us with "Subject Access Request"
RectificationCorrect inaccurate or incomplete dataUpdate in Account settings or email us
ErasureRequest deletion of your dataEmail us with "Right to Erasure"
Restrict ProcessingLimit how we use your dataEmail us with your specific request
Data PortabilityReceive your data in a portable formatEmail us with "Data Portability Request"
ObjectObject to processing based on legitimate interestsEmail us with your objection
Withdraw ConsentWithdraw consent where processing is based on consentNot applicable — we rely on contract/legitimate interest

We will respond to all requests within 30 days. For complex requests, this may be extended to 60 days with notification.

Where technically feasible, analytics records linked to your account can be erased through our backend erasure workflow (`deleteUserAnalyticsData`) as part of your deletion request.

7.2 CCPA Rights (California Residents)

If you are a California resident, you have the right to:

  • Know what personal information we collect about you
  • Delete your personal information (with certain exceptions)
  • Opt-out of the sale of personal information (we do not sell data)
  • Non-discrimination for exercising your privacy rights

To exercise your CCPA rights, email us at contact@generativemetrics.com with "CCPA Request" in the subject line.

7.3 Other Jurisdictions

Users in other jurisdictions may have similar rights under applicable privacy laws. Contact us to inquire about your specific rights.

8. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.

When we transfer data internationally, we ensure appropriate safeguards are in place:

  • Standard contractual clauses with service providers
  • Adequacy decisions where applicable
  • Contractual obligations requiring equivalent data protection

Where applicable law requires additional transfer protections, we rely on lawful transfer mechanisms and supplementary contractual safeguards.

9. Children's Privacy

Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from anyone under 18. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

10. Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will:

  1. Notify affected users within 72 hours of discovery where required by law
  2. Provide details about the breach and steps taken
  3. Offer guidance on protective measures you can take
  4. Report to relevant supervisory authorities as required

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last Updated" date
  • Sending an email notification for material changes

We encourage you to review this Privacy Policy periodically for any changes.

12. Contact Us

If you have any questions about this Privacy Policy, your data rights, or our data practices, please contact us:

Infiquik FZC Operating as Generative Metrics Sharjah Publishing City Free Zone United Arab Emirates

Email: contact@generativemetrics.com

For GDPR-related inquiries, you may also contact the relevant supervisory authority in your country of residence.

13. Supervisory Authority

If you are in the EU/EEA and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local supervisory authority.

*Privacy Policy Version 1.0*