Your privacy, our commitment.

Metizsoft Solutions Private Limited ("Metizsoft", "we", "our") is a software services company registered in Ahmedabad, India, with offices in the United States, United Kingdom, and Singapore. We design, build, and operate digital products for clients across 40+ countries.

This Privacy Policy applies to metizsoft.com, our sub-brand websites (eSolar CRM, PRIONDE, MSPL Store Locator, Prompt Collab), our Shopify and other marketplace apps, and any service we provide directly to clients. It does not cover third-party websites we link to.

• Depending on how you interact with Metizsoft, we may collect the following categories of data:

• Identity & contact data — name, email, phone, company, and job title you share via contact forms, demo requests, or sales conversations.

• Account data — credentials, role, and preferences for users of our SaaS products (eSolar CRM, PRIONDE, etc.).

• Usage data — pages visited, features used, click events, and approximate location (city-level) collected through our analytics tools.

• Technical data — IP address, browser type, operating system, device type, referring URL, and timestamps.

• Marketing data — communication preferences, newsletter subscriptions, and responses to surveys.

• Client project data — only when you engage us as a service provider, and processed strictly under a separate Master Services Agreement and Data Processing Addendum.

We process personal data on six lawful bases under GDPR — consent, contract, legal obligation, vital interests, public interest, and legitimate interests. Specifically, we use your data to:

• Respond to your enquiries, demo requests, and quotes.

• Deliver the services you signed up for and provide ongoing support.

• Improve our products through aggregated, de-identified usage analytics.

• Send you transactional emails (account confirmation, invoices, security alerts).

• Send marketing emails — only when you have opted in, and you can opt out anytime.

• Comply with legal obligations, prevent fraud, and protect the rights of Metizsoft and our users.

We use cookies and similar tracking technologies (pixels, local storage) to keep the site working, remember your preferences, and measure how our marketing performs. You can categorise them as follows:

• Essential — required for the site to function (session, security, load-balancing). Cannot be disabled.

• Functional — remember preferences such as region or language.

• Analytics — Google Analytics, Plausible, and Hotjar (de-identified). Help us understand site performance.

• Marketing — LinkedIn Insight, Meta Pixel, and Google Ads — only set after explicit consent.

You can manage cookie preferences any time via the cookie banner or your browser settings. Disabling some categories may affect parts of the site.

We share data only with parties who help us operate — never for them to market to you independently. Our key processor categories are:

• Cloud hosting — AWS (Mumbai, Frankfurt, Virginia), Cloudflare for CDN.

• Analytics & product telemetry — Google Analytics 4, Plausible, Hotjar.

• Communication — Postmark, SendGrid, Twilio for transactional and authenticated marketing emails / SMS.

• CRM & sales tooling — HubSpot, Pipedrive, Calendly.

• Payment processing — Stripe and Razorpay for invoicing.

• Legal & compliance — if required by law, court order, or to protect our rights.

All processors are GDPR-aligned and bound by a written Data Processing Agreement.

Security is built into our engineering culture, not bolted on. Specifically:

• ISO 27001:2022 certified Information Security Management System, audited annually.

• Encryption in transit (TLS 1.2+) and at rest (AES-256) across all systems.

• Role-based access, MFA mandatory for all employees, and quarterly access reviews.

• SOC 2-aligned controls for our SaaS products and client engagements.

• Documented incident response plan with a 72-hour breach-notification commitment.

We keep personal data only for as long as we need it for the purposes described in this policy, or as required by law. As a guide:

• Sales enquiries: 24 months after last meaningful contact.

• Active customer account data: for the duration of the contract + 7 years for tax / audit.

• Marketing subscribers: until you unsubscribe or after 36 months of inactivity.

• Website analytics: aggregated and de-identified after 14 months.

Under GDPR, CCPA, India’s DPDP Act and similar frameworks, you have the following rights. We honour these globally, regardless of where you live.

We are headquartered in India with infrastructure and team members in the US, UK, and Singapore. When personal data moves across borders, we rely on Standard Contractual Clauses (SCCs), Adequacy Decisions where available, and additional safeguards such as encryption and access controls to keep your data protected.

Our website and B2B services are not directed at children under the age of 16. We do not knowingly collect data from minors. If you believe we have collected data from a child, please contact us at privacy@metizsoft.com and we will remove it.

We may update this Privacy Policy from time to time to reflect new features, legal requirements, or operational changes. The "Last updated" date at the top of this page will always tell you when the policy was last revised. For material changes, we will notify registered users by email at least 14 days before the new policy takes effect.