MetricDuck is a financial analysis platform that provides SEC filing data, computed metrics, and analytical tools for investors. This privacy policy describes what data we collect when you use our website, API, or related services.
1. Data Collection
When you use MetricDuck, we collect the following information:
Account Information
When you create an account, we collect:
Email address
Password (encrypted and hashed)
Account creation date
Subscription tier and status
Authentication tokens and session data
Payment Information
For paid subscriptions, we collect:
Billing name and email
Payment card information (processed securely by Stripe - we do not store full card numbers)
Billing address
Transaction history and invoices
Product Usage Data
When you use MetricDuck's features, we collect:
Company searches and ticker lookups
Pages viewed and features accessed
Alert preferences and watchlist companies
Saved settings and dashboard configurations
API endpoint usage and response times
Website Analytics
We automatically collect:
IP address and approximate location (city/country level)
Browser type and version
Device type and operating system
Referral source (how you found MetricDuck)
Page views, session duration, and navigation patterns
Cookies and similar tracking technologies
2. How We Use Your Data
We use the collected data to:
Provide and maintain our services
Process payments and manage subscriptions
Send email alerts and notifications you've requested
Improve platform performance and reliability
Understand which features are most valuable to users
Detect and fix bugs or coverage gaps
Prevent abuse, fraud, and ensure fair usage
Provide customer support
Send product updates and newsletters (if you opted in)
Comply with legal obligations
3. Cookies and Tracking
We use cookies and similar technologies to:
Essential cookies: Keep you logged in and remember your preferences
Analytics cookies: Understand how you use the platform
Performance cookies: Improve loading times and user experience
You can control cookies through your browser settings, but disabling essential cookies may limit platform functionality.
4. Data Retention
Account data: Retained while your account is active, plus 30 days after account deletion
Usage logs: Retained for 90 days, then automatically deleted
Payment records: Retained for 7 years for tax and legal compliance
Aggregated analytics: Retained indefinitely (e.g., "Feature X was used Y times")
You can request deletion of your data at any time by contacting support@metricduck.com
5. Data Sharing
We do NOT sell or share your data with third parties for marketing purposes. We may share data:
With service providers: Supabase (database), Google Cloud (API hosting), Stripe (payments), email providers
To comply with legal requirements: Subpoena, court order, or legal process
To protect our rights: Enforce terms of service, investigate fraud, protect safety
With your consent: When you explicitly authorize sharing
Service providers are contractually required to protect your data and use it only for providing services to us.
6. Your Rights
You have the right to:
Access your data: Request a copy of your account and usage data
Correct your data: Update inaccurate account information
Delete your data: Request deletion of your account and associated data
Export your data: Download your usage data and alert settings
Opt out of marketing: Unsubscribe from newsletters and promotional emails
Cancel your subscription: Downgrade or cancel at any time
To exercise these rights, contact us at support@metricduck.com or use your account settings.
7. Security
We take reasonable measures to protect your data:
All website and API communication uses HTTPS/TLS encryption
Passwords are hashed using industry-standard algorithms
API keys and authentication tokens are stored securely
Payment information is processed by PCI-compliant providers (Stripe)
Access to databases is restricted to authorized personnel only
However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
8. Children's Privacy
MetricDuck is not intended for use by children under 13 years old (or 16 in the EU). We do not knowingly collect data from children. If you believe we have collected data from a child, contact us immediately at support@metricduck.com and we will delete it.
9. International Users
MetricDuck is based in the United States. Your data may be transferred to and processed in the United States or other countries where our service providers operate. By using MetricDuck, you consent to this transfer.
If you are in the European Union or California, you have additional rights under GDPR and CCPA respectively.
10. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of significant changes by:
Posting the new policy on this page
Updating the "Effective Date" at the top
Sending an email to your registered email address (for material changes)
Continued use of MetricDuck after changes constitutes acceptance of the updated policy.
Questions About This Policy?
If you have any questions or concerns about this Privacy Policy, please contact us: