Last updated: March 23, 2026
Data Processing Agreement (DPA)
1. Parties and Scope
This Data Processing Agreement ("DPA") supplements the Terms of Service and Privacy Policy of metrico.studio, operated by:
ZARIA s.c.
Powstańców Wielkopolskich 16, 63-460 Skalmierzyce, Poland
VAT ID: PL6222782905
Contact: metrico@metrico.studio
This DPA applies when a user ("you") uses metrico.studio to process personal data of third parties — for example, when entering body measurements of a client on whose behalf you create sewing patterns. In this scenario, you act as the Controller and ZARIA s.c. acts as the Processor.
When you use the service for your own personal measurements, ZARIA s.c. processes your data as a Controller in its own right under the Privacy Policy. This DPA does not govern that relationship.
2. Subject Matter and Purpose
The purpose of processing is the provision of the metrico.studio digital service in a client-use scenario: generating made-to-measure PDF sewing patterns based on body measurements and related client information provided by the Controller.
Data processed under this DPA may include:
- Client measurement data entered by the Controller.
- Client identifiers or reference names entered by the Controller, where used.
- Pattern-generation records linked to that client order or profile.
- Limited technical and service data strictly necessary to provide the service in that client-use context.
For clarity, ZARIA s.c. may separately process certain account, billing, compliance, security, and transaction data relating to the user account as an independent controller under the Privacy Policy. Such controller-side processing is not governed by this DPA.
3. Types of Personal Data
| Category | Description |
|---|---|
| Client measurement data | Body measurements (waist, chest, hips, etc.) entered by the Controller — not biometric data under GDPR Art. 9 |
| Client identifiers | Names, reference codes, or labels assigned by the Controller to identify their clients |
| Pattern-generation records | Records linking a generated pattern to a specific client order or profile |
| Technical data (limited) | IP addresses, session data, and error logs strictly necessary to provide the service in the client-use context |
4. Sub-processors
| Sub-processor | Purpose | Location |
|---|---|---|
| Supabase Inc. | Database, authentication | USA (EU data residency available) |
| Stripe Inc. | Payment processing | USA |
| Vercel Inc. | Hosting, CDN, edge functions | USA |
| Resend Inc. | Transactional email | USA |
| Sentry (Functional Software Inc.) | Error monitoring | USA |
We will notify users of any changes to sub-processors with at least 14 days' notice.
5. Data Subject Rights
Where a data subject request concerns personal data processed under this DPA, the Controller remains primarily responsible for responding to that request. If ZARIA s.c. receives such a request directly, it will, where legally appropriate, notify and assist the Controller to the extent required by applicable law.
Data subjects' rights under the GDPR include: access, rectification, erasure ("right to be forgotten"), data portability, restriction of processing, and objection to processing.
For requests relating to data where ZARIA s.c. acts as a controller (e.g. your own account data), contact metrico@metrico.studio. We will respond within 30 days (extendable to 90 days for complex requests, with notice).
6. Security Measures
- Data encryption at rest (AES-256) and in transit (TLS 1.2+)
- Row-level security (RLS) policies restricting data access per user
- Hashed passwords (bcrypt)
- API rate limiting
- Access logging and anomaly monitoring
7. Data Transfers Outside the EEA
Some sub-processors are located in the United States. Transfers are covered by Standard Contractual Clauses (SCCs) as adopted by the European Commission, and adequacy decisions where applicable (e.g. EU-US Data Privacy Framework).
8. Governing Law
This DPA is governed by Polish law and EU data protection law (GDPR — Regulation (EU) 2016/679).
9. Custom DPA Arrangements
For bespoke DPA terms (e.g. enterprise clients, B2B integrations), contact us at metrico@metrico.studio.