Last updated: March 23, 2026
Privacy Policy
1. Who We Are
metrico.studio ("we", "our", "us") operates the website and application available at metrico.studio. We provide an online tool for generating professional sewing patterns based on body measurements you provide.
The data controller responsible for your personal data is:
ZARIA s.c.
Powstańców Wielkopolskich 16, 63-460 Skalmierzyce, Poland
VAT ID: PL6222782905
For questions about this policy or your personal data, contact us at metrico@metrico.studio.
2. Data We Collect
We collect the following categories of personal data:
- Account data — email address, password hash (managed by Supabase Auth).
- Body measurements — bust, waist, hip, and other measurements you enter to generate patterns. These are stored in named profiles at your request.
- Payment data — billing details are processed and stored exclusively by Stripe. We receive only a Stripe customer ID and subscription status — we never store card numbers or CVV codes.
- Usage data — garment type, pattern generation requests, and credit consumption events, logged for fraud prevention and service improvement.
- Technical data — IP address, browser type, and request timestamps collected automatically by our infrastructure (Vercel).
3. How We Use Your Data
- To provide, maintain, and improve the pattern generation service.
- To process payments and manage your credit balance.
- To send transactional emails (account confirmation, password reset) via our email provider.
- To detect and prevent abuse, fraud, and security incidents.
- To comply with legal obligations.
We do not sell your personal data to third parties.
4. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area, we process your data under the following legal bases:
- Contract performance — processing necessary to provide the service you signed up for (account, pattern generation, payment).
- Legitimate interests — fraud prevention, security monitoring, and service improvement.
- Consent — analytics and marketing technologies (Google Analytics, Meta Pixel) are activated only where the user has given consent via our cookie banner, where required by applicable law. You may withdraw consent at any time — see our Cookie Policy for details.
5. Data Sharing
All processors are contractually bound to process data only on our instructions and to maintain appropriate security measures. Our current processors include:
- Supabase — database and authentication services (EU region available).
- Stripe — payment processing and subscription management.
- Vercel — hosting, delivery, and serverless infrastructure.
- Resend — transactional email delivery.
- Sentry — error monitoring and stability diagnostics.
For the most up-to-date information about our processors, contact us at metrico@metrico.studio.
5a. International Transfers
Some of our processors are located outside the European Economic Area, including in the United States. Where required by applicable law, transfers are based on the European Commission's Standard Contractual Clauses and/or an applicable adequacy mechanism such as the EU-U.S. Data Privacy Framework where available.
You may request more information about international transfers by contacting us at metrico@metrico.studio.
6. Data Retention
We retain data for no longer than necessary for each purpose:
| Data category | Retention period | Basis |
|---|---|---|
| Account data (email, password hash) | Duration of account + 30 days after deletion request | Contract performance |
| Body measurement profiles | Duration of account + 30 days after deletion request | Contract performance |
| Generated PDF patterns (archive) | Duration of account + 30 days after deletion request | Contract performance |
| Payment / transaction records | 7 years | Legal obligation (accounting law) |
| Pre-purchase consent records | 10 years | Legal obligation (consumer protection law) |
| Server logs (technical / Vercel) | 90 days | Legitimate interest (security) |
| Error monitoring data (Sentry) | 90 days | Legitimate interest (stability) |
| Credit usage event logs | 3 years | Legitimate interest (fraud prevention) |
To request early deletion of your data, email metrico@metrico.studio. We will process requests within 30 days.
7. Your Rights
Depending on your location, you may have the right to: access your data, correct inaccuracies, request deletion ("right to be forgotten"), restrict or object to processing, and receive a copy of your data in a portable format.
To exercise any of these rights, email us at metrico@metrico.studio. We will respond within 30 days.
8. Cookies
We use strictly necessary cookies (authentication session, locale preference, country detection) that do not require consent. Analytics cookies (Google Analytics 4) and marketing cookies (Meta Pixel) are loaded only after the user grants consent via our cookie consent banner, where required by applicable law. Certain privacy-friendly, cookieless performance measurements (Vercel Analytics and Vercel Speed Insights) may be processed on the basis of our legitimate interest, where they do not set cookies or require consent under applicable law.
For full details of every cookie we set, its purpose, duration, and how to manage or opt out, see our Cookie Policy.
9. Security
All data in transit is encrypted with TLS. Database access is restricted to authenticated services. Passwords are never stored in plaintext. We apply the principle of least privilege to all internal systems.
10. Children's Privacy
Our service is not directed to children under 16. We do not knowingly collect personal data from minors. If you believe a child has provided us with data, contact us immediately.
11. Changes to This Policy
We may update this policy from time to time. We will notify registered users of material changes by email. The date at the top of this page reflects the most recent revision.