← Back to Login
Metisa AI LogoMetisa AI

Privacy Policy

Last updated: February 12, 2026

1. Introduction

Metisa AI ("we", "our", or "us") is a document compliance scanning platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. Please read this policy carefully. By using Metisa AI, you agree to the collection and use of information in accordance with this policy.

Important: file contents are never uploaded to any Metisa AI server.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, organization name, and password (stored in hashed form).

Integration Data

When you connect third-party services (e.g., Google Drive), we access file metadata such as file names, sizes, modification dates, and ownership information through read-only OAuth scopes. We do not read or store the contents of your files, and file contents are never uploaded to any Metisa AI server.

Scan & Finding Data

We store scan results, compliance findings, and generated reports. These are derived from file metadata only and never from file contents.

3. How We Use Your Information

  • To provide and maintain the Metisa AI service
  • To run compliance scans on your connected document sources
  • To generate findings and compliance reports
  • To notify you of scan results and account-related updates
  • To improve and develop new features
  • To respond to support inquiries

4. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We may share information only in the following circumstances:

  • With your consent or at your direction
  • To comply with legal obligations or valid legal processes
  • To protect the rights, property, or safety of Metisa AI, our users, or the public
  • With service providers who assist in operating our platform (subject to confidentiality obligations)

5. Data Security

We implement industry-standard security measures including encryption in transit (TLS/HTTPS), encrypted OAuth tokens at rest, CSRF protection, and secure session management. While we strive to protect your data, no method of electronic transmission or storage is 100% secure.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide services. You can delete all scan data at any time from your Privacy & Data settings. Upon account deletion, all associated data is permanently removed within 30 days.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the data we hold about you
  • Rectification: Request correction of inaccurate data
  • Deletion: Request deletion of your data
  • Portability: Request your data in a machine-readable format
  • Objection: Object to our processing of your data
  • Revoke consent: Disconnect integrations and revoke OAuth access at any time

8. Third-Party Services

Metisa AI integrates with third-party services like Google Drive via OAuth 2.0. These services have their own privacy policies. We only request the minimum scopes necessary (read-only file metadata access) and you can revoke access at any time through your Metisa AI settings or directly in the third-party service.

9. Cookies

We use essential cookies and local storage for authentication and session management. We do not use tracking cookies or third-party analytics cookies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy, please contact us at our contact page or email us at info@metisa.ai.