Privacy Policy

1. Introduction

This Privacy Policy describes how Metronoms collects, uses, discloses, and safeguards your information when you visit our website, contact us, subscribe to our communications, or use any of our services or applications, including those that connect to Meta platforms (Facebook and Instagram).

By using our website or services, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use our website or services.

2. Who We Are

Metronoms is a digital marketing agency that provides social media management, Google Business Profile management, local SEO, paid advertising, and website services for small and local businesses. For the purpose of data protection laws (including the EU GDPR and UK GDPR), Metronoms acts as a Data Controllerfor personal information collected directly from website visitors and prospects, and as a Data Processor when we manage social media accounts, advertising campaigns, or business profiles on behalf of our clients.

3. Information We Collect

3.1 Information You Provide Directly

• Contact information: name, email address, phone number, business name, and website.
• Communications: messages you send through our contact form, email, or scheduling tools.
• Account credentials: when you authorize us to manage your social media or advertising accounts, we receive access tokens issued by the relevant platform — we never see or store your passwords.
• Billing information: processed by our payment provider; we do not store full payment card data on our servers.

3.2 Information Collected Automatically

• Usage data: pages viewed, links clicked, time on page, referring URLs.
• Device data: IP address, browser type, operating system, device identifiers, screen size, and language preference.
• Cookies and similar technologies: see Section 14 below.

3.3 Information from Third Parties

• Information you authorize us to receive via OAuth from platforms such as Facebook, Instagram, Google Business Profile, and Google Ads.
• Publicly available business information used to verify and manage your listings.

4. Facebook & Meta Platform Data

When you connect a Facebook Page or Instagram Business account to our application, we request only the permissions strictly necessary to provide the service you have asked for. You can review, modify, or revoke these permissions at any time in your Facebook or Instagram settings.

4.1 Data We May Access

• Page and account metadata: Page ID, Page name, profile picture, category, follower count, and similar public information.
• Page access tokens: required to publish content and read insights on your behalf.
• Content you authorize us to manage: posts, stories, comments, scheduled content, media assets you upload through our service.
• Insights and analytics: aggregated reach, impressions, engagement, and demographic breakdowns provided by the Meta APIs to help us report on performance.
• Messages (only if explicitly authorized): if you enable inbox management features, we may access incoming messages and comments to assist with reply workflows.
• Ad account data (only if connected): campaigns, ad sets, ads, performance metrics, and billing summaries needed to manage advertising you have asked us to run.

4.2 What We Do Not Do

• We do not sell, rent, or trade your Facebook or Instagram data.
• We do not use your data, or your followers’ data, to build advertising profiles for unrelated third parties.
• We do not access data outside the scope of the permissions you grant.
• We do not use the data for any purpose other than providing the requested services and fulfilling our contract with you.
• We do not store user passwords; access is granted exclusively through OAuth tokens issued by Meta.

5. How We Use Your Information

We use the information we collect for the following purposes:

• Service delivery: create, schedule, and publish content; manage profiles and listings; run and optimize advertising campaigns.
• Reporting and analytics: generate performance reports for clients and improve our services.
• Customer support: respond to inquiries, troubleshoot issues, and communicate about your account.
• Billing and account management.
• Legal compliance: meet our legal, tax, and regulatory obligations.
• Security and fraud prevention: detect, prevent, and respond to abuse, fraud, or security incidents.
• Marketing communications (only with your consent or where permitted by law) about our own products and services. You can unsubscribe at any time.

6. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases:

• Performance of a contract — to provide the services you have engaged us for.
• Legitimate interests — to operate, secure, and improve our services, provided these interests are not overridden by your rights.
• Consent — for non-essential cookies and electronic marketing communications, and when you authorize access to your social media accounts.
• Legal obligation — to comply with applicable laws and respond to lawful requests.

7. How We Share Information

We do not sell your personal information. We share data only in the limited circumstances described below:

• Service providers (sub-processors): trusted vendors that help us operate our business, such as hosting, analytics, email delivery, scheduling, and payment processing. They are contractually required to protect your data and use it only to provide services to us.
• Platforms you have connected: Meta (Facebook/Instagram), Google, and similar platforms receive content and instructions necessary to perform the actions you have authorized.
• Legal and safety: when required by law, subpoena, or court order, or to protect the rights, property, or safety of Metronoms, our clients, or the public.
• Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to standard confidentiality protections.
• With your consent: any other sharing not described above will be done only with your explicit permission.

8. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, including to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements.

• Account & service data: for the duration of our engagement with you, plus a reasonable period afterwards (typically up to 24 months) for record-keeping and legal compliance.
• Meta Platform data: deleted from our active systems within 30 days after you disconnect your account, terminate the service, or submit a deletion request — except where retention is required by law.
• Marketing data: retained until you unsubscribe or object, after which we keep only the minimum information needed to honor your opt-out.
• Backups: residual copies in encrypted backups may persist for a limited period before being securely overwritten.

9. Data Security

We implement administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption in transit (HTTPS/TLS) and at rest for sensitive data.
• Strict access controls based on the principle of least privilege.
• Multi-factor authentication for administrative access to internal systems.
• Secure storage of OAuth tokens and credentials in dedicated secret stores.
• Regular security reviews, dependency updates, and vulnerability monitoring.
• Logging and monitoring of access to platform data.
• Vendor due diligence and Data Processing Agreements with sub-processors.

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. If we become aware of a security incident affecting your personal data, we will notify you and the relevant authorities as required by applicable law.

10. Your Rights & Choices

Depending on your location, you may have the following rights regarding your personal information:

• Access — request a copy of the personal data we hold about you.
• Rectification — ask us to correct inaccurate or incomplete data.
• Erasure (“right to be forgotten”) — request deletion of your data.
• Restriction or objection — limit or object to certain processing.
• Portability — receive your data in a structured, machine-readable format.
• Withdraw consent — where processing is based on consent, you may withdraw it at any time.
• Lodge a complaint — with your local data protection authority.

To exercise any of these rights, contact us using the details in Section 17. We will respond within the timeframes required by law (typically 30 days under the GDPR).

11. Data Deletion Requests

You can request deletion of any personal information we hold about you, including data obtained through Facebook or Instagram, at any time.

11.1 How to Request Deletion

• Email us at privacy@metronoms.com with the subject line “Data Deletion Request.”
• Include the email address, Facebook/Instagram account, or business profile associated with the data.
• We will confirm receipt within 5 business days and complete the deletion within 30 days, unless we are required to retain certain information by law.

11.2 Removing the Facebook App

You can also revoke our access at any time directly from Facebook:

• Go to Facebook Settings → Apps and Websites.
• Find “Metronoms” in the list of active apps.
• Click “Remove.”

Removing the app revokes our future access. To also delete data we have already received, please send a deletion request as described above.

12. International Data Transfers

Metronoms operates internationally. Your information may be transferred to, stored in, and processed in countries other than the one in which you reside, including the United States and the European Union. When we transfer personal data outside the EEA, UK, or Switzerland, we use appropriate safeguards such as the European Commission’s Standard Contractual Clauses, equivalent UK transfer mechanisms, or transfers to countries recognized as providing an adequate level of data protection.

13. Children’s Privacy

Our services are not directed to children under the age of 16, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will take steps to delete it.

14. Cookies & Tracking Technologies

We use cookies and similar technologies to:

• Strictly necessary cookies — required for the website to function (e.g., session, security, language/region preferences).
• Analytics cookies — help us understand how visitors use the site, so we can improve it.
• Functional cookies — remember preferences such as the selected language or region.

You can control cookies through your browser settings. Disabling certain cookies may affect website functionality.

15. Third-Party Services

Our services integrate with third-party platforms whose own privacy policies govern your use of those services. We encourage you to review them:

• Meta (Facebook & Instagram) Privacy Policy
• Google Privacy Policy

We are not responsible for the privacy practices of third-party platforms.

16. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page indicates when the latest changes took effect. Material changes will be communicated through the website or by email where appropriate. Your continued use of our services after the effective date constitutes acceptance of the updated policy.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal data, please contact us:

If you are in the EEA, UK, or Switzerland and believe we have not addressed your concerns, you have the right to lodge a complaint with your local data protection authority.