Last updated: 7 May 2026
This privacy notice for Trendstorm Pte. Ltd. (doing business as MetricsMonster) (“we,” “us,” or “our”) describes how and why we may collect, store, use, and/or share (“process”) your information when you use our services (“Services”), such as when you:
Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at hello@metricsmonster.com.
This summary provides key points from our privacy notice. You can find more detail on each topic in the full notice below.
What information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us, the choices you make, and the products and features you use.
Do we process sensitive information? No. We do not process sensitive personal information.
Do we collect information from third parties? We may receive limited information from authentication providers (such as Google) and payment processors (such as Stripe) when you sign up or pay.
How do we process your information? To provide, improve, and administer our Services, communicate with you, deliver paid features and API access, prevent fraud, and comply with law. We process your information only when we have a valid legal reason to do so.
When and with whom do we share personal information? We share information with a limited set of vendors that operate our Services, including our payment processor, hosting provider, analytics provider, error-monitoring provider, email platform, and authentication provider.
How do we keep your information safe? We use organisational and technical measures to protect your data, but no system is 100% secure.
What are your rights? Depending on where you live, you may have rights under GDPR, UK GDPR, Singapore's PDPA, US state privacy laws, and others. See the full notice for details.
How do you exercise your rights? Email us at hello@metricsmonster.com. We will respond in accordance with applicable data protection laws.
In short: We collect personal information that you provide to us.
We collect personal information that you voluntarily provide when you register for the Services, subscribe to a paid plan, request information, contact us, or otherwise use our Services. This may include:
Sensitive information. We do not process sensitive information.
Payment data. We collect data necessary to process your payment if you make a purchase, such as your payment instrument number and the security code associated with your payment instrument. All payment data is handled and stored by Stripe. You may find their privacy notice here: https://stripe.com/privacy.
Social media login data. We offer the option to register and log in using your Google account. If you do, we will collect the information described in Section 7 below.
All personal information you provide must be true, complete, and accurate, and you must notify us of any changes.
In short: Some information — such as your IP address and browser characteristics — is collected automatically when you visit our Services.
We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity but may include:
In short: We process your information to provide, improve, and administer our Services, communicate with you, prevent fraud, and comply with law.
We process your personal information for the following reasons:
In short: We only process your personal information when we believe it is necessary and we have a valid legal reason under applicable law.
The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on. We may rely on the following:
We process your personal data in accordance with the Personal Data Protection Act 2012 (PDPA). We will only collect, use, and disclose your personal data for purposes that a reasonable person would consider appropriate in the circumstances, and we will obtain consent (or rely on a lawful exception) before doing so.
We process your information where you have given us express or implied consent, or where applicable law otherwise permits.
In short: We share information with a limited set of trusted vendors that help us operate the Services.
We share personal information with the following categories of third parties:
| Provider | Purpose | Data shared |
|---|---|---|
| Stripe | Payment processing and subscription management | Name, email, billing address, payment information |
| Google Cloud Platform (GCP) | Hosting and infrastructure | All data processed by the Services |
| Cloudflare | CDN, DDoS protection, and edge security | IP address, request metadata |
| Sentry | Error monitoring and diagnostics | Error logs, which may include IP address, user ID, and contextual data |
| Google Analytics (GA4) | Website analytics | Pseudonymous usage data, IP address (truncated), device data |
| Google (Sign-In) | Authentication via Google OAuth | Profile data described in Section 7 |
| Kit (formerly ConvertKit) | Email marketing and transactional emails | Email address, name, subscription status |
| MailerLite | Email marketing and transactional emails | Email address, name, subscription status |
We require all vendors to provide appropriate safeguards for your personal information and to process it only as instructed by us.
We may also share information in the following situations:
We do not sell your personal information.
In short: We are not responsible for the safety of information you share with third parties.
The Services may contain links to third-party websites, services, or applications that are not affiliated with us. We do not endorse or guarantee the practices of any third parties and are not responsible for any data they collect. You should review their privacy policies directly.
In short: We may use cookies and similar technologies to operate the Services and analyse usage.
We use cookies and similar technologies (such as web beacons and pixels) to:
We are in the process of deploying a cookie consent banner that will allow EU, UK, and other applicable users to accept or reject non-essential cookies before they are set. Until that banner is live, EU/UK visitors should assume non-essential cookies may be set on page load and can opt out via browser controls.
You can control cookies through your browser settings. To opt out of Google Analytics specifically, you can install the Google Analytics Opt-Out Browser Add-on at https://tools.google.com/dlpage/gaoptout.
In short: If you sign in with Google, we receive a limited profile from Google and use it to create or access your account.
If you choose to register or sign in using your Google account, Google will share with us your name, email address, profile picture, and Google account ID. We use this information solely to create and authenticate your MetricsMonster account.
We do not request access to any other Google services (such as Gmail, Drive, Calendar, or Contacts) and we do not store your Google credentials. You can revoke our access at any time from your Google account security settings at https://myaccount.google.com/permissions.
In short: When you use our data API, we log technical details of each request for billing, rate limiting, and security.
If you use the MetricsMonster API, we log:
We use this data to:
API logs are retained for as long as you have an active account, plus a reasonable period afterwards for billing reconciliation and security investigations. Aggregated, non-identifiable usage statistics may be retained indefinitely.
API keys are sensitive credentials. You are responsible for keeping your API keys secure and not sharing them. If you believe a key has been compromised, you can rotate it from your account dashboard.
In short: Yes. Our infrastructure is hosted in the United States, and our vendors operate in multiple jurisdictions.
We are based in Singapore, our primary infrastructure runs on Google Cloud Platform in the United States, and our vendors (Stripe, Cloudflare, Sentry, Google, Kit, MailerLite) operate from various jurisdictions including the United States and Europe.
If you access the Services from outside the United States, your information may be transferred to, stored, and processed in countries other than your own.
For transfers from the European Economic Area (EEA), United Kingdom, or Switzerland to jurisdictions without an adequacy decision, we rely on the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum where applicable) executed with our processors. Copies of these safeguards are available on request.
For transfers from Singapore, we take reasonable steps to ensure that recipients provide a standard of protection comparable to the PDPA.
In short: We keep your information for as long as necessary to provide the Services and meet our legal obligations.
We retain personal information for as long as you have an active account. After you close your account, we will delete or anonymise your information unless we are required to retain it for:
Backup copies may persist for a limited additional period before being overwritten.
In short: We use technical and organisational measures to protect your information, but no system is 100% secure.
We implement reasonable security measures including:
However, no method of transmission over the Internet or electronic storage is completely secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security. You access the Services at your own risk and are responsible for keeping your account credentials confidential.
In short: We do not knowingly collect data from children under 18.
The Services are not directed to children under 18, and we do not knowingly collect personal information from anyone under 18. If we learn that we have collected personal information from a minor, we will deactivate the account and delete the data. If you believe we may have collected such data, please contact us at hello@metricsmonster.com.
In short: Depending on where you live, you may have rights to access, correct, delete, restrict, or object to the processing of your personal information.
In jurisdictions including the EEA, UK, Switzerland, Singapore, and Canada, you may have the following rights:
To exercise any of these rights, email us at hello@metricsmonster.com. We will respond within the timeframes required by applicable law.
If you are in the EEA or UK and believe we are processing your data unlawfully, you have the right to complain to your local data protection authority. In Singapore, you may complain to the Personal Data Protection Commission at https://www.pdpc.gov.sg.
Withdrawing consent. If we are relying on your consent, you can withdraw it at any time by emailing us. This will not affect the lawfulness of processing before your withdrawal.
Opting out of marketing. You can unsubscribe from marketing emails at any time by clicking the unsubscribe link in any email we send. We may still send you service-related messages necessary for the operation of your account.
Most web browsers include a Do-Not-Track (“DNT”) feature. No uniform technology standard for recognising and implementing DNT signals has been finalised. We do not currently respond to DNT browser signals. If a standard is adopted in the future, we will inform you in a revised version of this notice.
In short: If you are a resident of certain US states, you may have additional rights under state privacy laws.
Residents of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Montana, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, or Virginia (and other states with privacy laws as they come into effect) may have specific rights, including:
To exercise these rights, email us at hello@metricsmonster.com. We may need to verify your identity before processing your request.
California “Shine the Light” Law. California Civil Code Section 1798.83 permits California residents to request information about the disclosure of personal information to third parties for direct marketing purposes. We do not share personal information for third-party direct marketing purposes.
We process your personal information in accordance with Australia's Privacy Act 1988 and New Zealand's Privacy Act 2020. You have the right to access and correct your personal information by contacting us at hello@metricsmonster.com.
You have the right to access and correct your personal information. If you are unsatisfied with how we handle a complaint, you may contact the Information Regulator (South Africa) at https://inforegulator.org.za.
In short: Yes, we will update this notice as necessary to stay compliant with relevant laws.
We may update this privacy notice from time to time. The updated version will be indicated by an updated “Last updated” date at the top. If we make material changes, we may notify you by prominently posting a notice or by sending you a direct notification. We encourage you to review this notice frequently.
If you have questions or comments about this notice, you may email us at:
Or by post at:
Trendstorm Pte. Ltd.
Singapore
You have the right to request access to the personal information we hold about you, to correct inaccuracies, or to request deletion. To make such a request, please email hello@metricsmonster.com. We will respond in accordance with applicable law.
