About this policy
This Privacy Policy applies to the metawe website builder and hosting service (the “Service”) and to metawe’s own websites. It describes how we handle personal data of account holders and visitors. Using the Service is also subject to our Terms of Service.
Who we are
metawe (“metawe,” “we,” “us”) is the controller of personal data we process about our account holders. For personal data that account holders collect from visitors to the pages they build (for example, through contact forms), the account holder is the controller and metawe acts as a processor on their behalf — see Visitors to pages built on metawe below.
Information we collect
Information you give us
- Account data — your name (optional), email address, and password (stored only as a secure hash).
- Your content — the pages, text, images, files, and other material you create or upload.
- Payment data — when you subscribe, our payment provider collects your payment details. We receive a customer and subscription reference and limited billing metadata, but not your full card number.
- Support and contact — messages you send us and information you include in them.
Information we collect automatically
- Usage and analytics — aggregate stats about your pages (such as views and clicks) and how you use the dashboard.
- Device and log data — IP address, approximate location (country), browser and device type, and timestamps, used for security, abuse prevention, and to operate the Service.
- Cookies — see Cookies and similar technologies.
How we use your information
We use personal data to:
- provide, maintain, and improve the Service, and host and serve your pages;
- process payments, manage subscriptions, and send billing and service messages;
- secure the Service, prevent fraud and abuse, and enforce our Terms;
- respond to your requests and provide support; and
- comply with legal obligations.
We do not sell your personal data, and we don’t use the content you host to build advertising profiles.
Legal bases
Where data-protection law such as the EU/UK GDPR or Thailand’s Personal Data Protection Act (PDPA) applies, we rely on these legal bases:
- Contract — to provide the Service you sign up for and process your payments.
- Legitimate interests — to secure and improve the Service and prevent abuse, balanced against your rights.
- Consent — where we ask for it (for example, certain optional cookies or communications); you can withdraw it at any time.
- Legal obligation — to meet accounting, tax, and other legal requirements.
Visitors to pages built on metawe
When someone visits a page built by an account holder, we process limited data to serve the page and produce aggregate analytics for the page owner (such as views, clicks, and country-level location). If a page includes a contact or sign-up form, the information a visitor submits is collected on behalf of the page owner, who is the controller of that data; metawe processes it on their instructions.
If you’re a visitor and want your form submission accessed or deleted, please contact the owner of the page you interacted with. You can also reach us and we’ll help route your request.
Data retention
We keep personal data for as long as your account is active and as needed to provide the Service. After you delete content or your account, we remove or anonymize your data within a reasonable period, except where we must keep certain records (for example, transaction records for tax and accounting) or where limited copies remain in routine backups for a short time.
Security
We use technical and organizational measures to protect personal data, including encryption in transit, hashed passwords, access controls, and bot protection. No system is perfectly secure, so we can’t guarantee absolute security, but we work to protect your data and will notify you of a significant breach where required by law.
International transfers
We and our providers may process data in countries other than yours. Where required, we rely on appropriate safeguards (such as standard contractual clauses) to protect personal data transferred across borders.
Your rights
Depending on where you live, you may have the right to:
- access the personal data we hold about you and receive a copy;
- correct inaccurate data or complete incomplete data;
- delete your data, or restrict or object to certain processing;
- receive your data in a portable format; and
- withdraw consent where processing is based on consent.
You can exercise many of these directly in your account settings, or by contacting us. We’ll respond within the time the law requires. You also have the right to complain to your local data-protection authority.
Children's privacy
The Service is not directed to children, and we don’t knowingly collect personal data from children under 16 (or the age of digital consent in your country). If you believe a child has provided us data, contact us and we’ll delete it.
Changes to this policy
We may update this policy from time to time. If we make material changes, we’ll post the updated policy here with a new “last updated” date and, where appropriate, notify you in the app.
Contact us
To exercise your rights or ask a privacy question, reach us through our contact page and we’ll be glad to help.