Privacy Policy
Effective for all visitors and clients of Metlink · Last Updated: May 2026
Metlink is an AI automation, software development, and creative design agency. We respect your privacy and are committed to protecting your personal and business information in accordance with the Digital Personal Data Protection Act, 2023 (DPDP Act) and the Information Technology Act, 2000.
This Privacy Policy explains how we collect, use, store, share, and protect data through our website, services, and AI-driven systems. By visiting metlinkai.com or engaging our services, you acknowledge and agree to the terms of this Privacy Policy.
1. Legal Entity & Introduction
Metlink (MSME Registered) is an AI automation, software development, and creative design agency headquartered in Indore, Madhya Pradesh, India — 452001, operating through the domain metlinkai.com.
We respect your privacy and are committed to protecting your personal and business information in accordance with the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000 (IT Act), and applicable Indian data protection rules.
2. Information We Collect
We collect only the information necessary to deliver our services effectively and securely.
a. Information You Provide
- Contact details: name, company name, email address, phone number
- Account and project data: workflow parameters, business process descriptions, configuration files
- Payment details: processed securely via authorised third-party payment gateways (e.g., Razorpay, Stripe)
- Communications: inquiries, support requests, feedback, and onboarding forms
- Integration credentials: API keys or access tokens when connecting third-party platforms to our systems
b. Information Collected Automatically
- Technical data: browser type, IP address, device identifiers, operating system, cookies
- Usage data: pages visited, time on site, and interaction and navigation logs
- Automation logs: workflow run status, performance metrics, and timestamps used for diagnostics and service improvement
c. Information from Third-Party Integrations
When you connect third-party services (e.g., Google Workspace, Notion, Klaviyo, OpenAI, Make, Pinecone) to our automation systems, we may access limited data strictly necessary to perform the authorised automations. We do not collect passwords or unrelated personal content from those systems.
3. How We Use Your Information
- Build, deploy, and manage AI-powered automations and workflows on your behalf
- Provide technical support and client success services
- Analyse system performance and improve reliability
- Ensure security, detect fraud, and prevent misuse
- Communicate updates, service changes, and relevant offerings
- Comply with legal obligations under Indian law and enforce client agreements
We do not sell, rent, or trade your personal information to any third parties under any circumstances.
4. AI, Automation & Decision-Making Transparency
Metlink builds and operates AI systems using frontier models (GPT-4o, Claude, Gemini), LangChain, Pinecone, and related MLOps tooling. Clients expressly acknowledge the following:
- AI systems operate only on data you provide or explicitly authorise.
- Outputs generated through LLM-based systems are probabilistic and may contain hallucinations, factual errors, or unexpected results. Metlink does not warrant the accuracy or fitness of any AI-generated output for any specific purpose.
- Third-party LLM providers (OpenAI, Anthropic, Google DeepMind) may modify or deprecate their models at any time. Metlink shall not be liable for service degradation resulting from such upstream changes.
- Token consumption, API costs, and rate limits imposed by AI providers are the responsibility of the Client where such costs are pass-through in nature, as specified in the applicable SOW.
- All outputs with meaningful business impact are reviewed or monitored by qualified human personnel.
- Automated decision-making is never used for legal, financial, or employment decisions without human oversight.
- You may request a human review of any automated output that affects your business operations.
5. Data Retention
We retain your data only as long as necessary for the purposes described in this policy or as required by applicable Indian law:
| Data Type | Retention Period |
|---|---|
| Project Data | Retained while active and for 90 days after completion or termination, unless a longer period is requested in writing. |
| Account Info | Retained until you request deletion or deactivate your account. |
| API Keys / Credentials | Encrypted and deleted immediately upon revocation or project completion. |
| Communication Logs | Retained for up to 1 year for support and dispute resolution purposes. |
After applicable retention periods, data is securely deleted or irreversibly anonymised.
6. Data Security
- Encryption of all data in transit (TLS 1.2+) and at rest
- Least-privilege access controls for all team members and systems
- Secure storage of API keys and credentials using strong encryption
- Periodic internal security reviews and access audits
- Internal data provenance, integrity, and deletion policies
Note: Metlink is a growing agency; security practices are implemented commensurate with operational scale. Enterprise clients requiring certified standards (SOC 2, ISO 27001) should contact legal@metlink.in before engagement.
7. Your Rights Under the DPDP Act, 2023
- Right to Access: Obtain confirmation of whether your personal data is being processed and access a summary of such data.
- Right to Correction & Erasure: Request correction, completion, or erasure of your personal data.
- Right to Grievance Redressal: Lodge a complaint with our designated grievance officer.
- Right to Nominate: Nominate another individual to exercise your rights in the event of your death or incapacity.
- Right to Withdraw Consent: Withdraw consent for data processing at any time (subject to legal obligations).
To exercise any of these rights, contact us at: privacy@metlink.in
8. Third-Party Services & Data Transfers
Our services rely on third-party integrations including cloud providers (AWS, GCP, Azure), AI platforms (OpenAI, Anthropic), automation tools (Make, LangChain), and database services (Supabase, Pinecone). Each provider maintains its own privacy and security standards.
Where data is transferred outside India, we ensure equivalent safeguards through contractual, technical, or organisational measures consistent with the DPDP Act, 2023. A list of key subprocessors is available on request at legal@metlink.in.
9. Data Processing Agreement (DPA)
Where Metlink processes personal data on behalf of a Client as a data processor, the parties may enter into a separate Data Processing Agreement. Clients requiring a formal DPA should request one at legal@metlink.in.
10. Intellectual Property in AI Outputs
- Custom deliverables created specifically for a Client under a signed SOW are assigned to the Client upon full payment.
- Generic AI-generated code, prompt templates, reusable agent frameworks, and automation logic forming part of Metlink's standard tooling remain the intellectual property of Metlink.
- Outputs generated by third-party AI models are subject to the respective provider's terms of service. Metlink makes no warranty as to the intellectual property status of such outputs.
- Clients are responsible for ensuring that their use of AI-generated outputs complies with applicable copyright law.
11. Data Minimisation & Purpose Limitation
We collect only the information necessary to perform our services. We do not use collected data to train proprietary AI models for commercial resale, sell datasets, or perform analytics unrelated to your project.
12. Children's Privacy
Our website and services are not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal information, contact us immediately at privacy@metlink.in for deletion.
13. Cookies
Our website uses cookies and similar technologies. Please refer to our Cookie Policy for full details on the types of cookies we use, their purpose, and how to manage your preferences.
14. International Clients
- Metlink's services are provided from India and governed exclusively by Indian law.
- Clients in GDPR-regulated jurisdictions (EU/EEA/UK) may request a DPA as described in Section 9 above.
- Metlink does not engage in activities prohibited under US export control laws (ITAR, EAR) or applicable international sanctions regimes.
- Payment disputes involving international clients are subject to arbitration as specified in the Terms of Service.
15. Grievance Officer
| Name | Grievance Officer, Metlink |
| privacy@metlink.in | |
| Address | Metlink, Indore, Madhya Pradesh, India — 452001 |
| Response Time | Within 30 days of receipt of complaint |
16. Contact Us
| Company | Metlink (MSME Registered) |
| Website | metlinkai.com |
| Privacy Enquiries | privacy@metlink.in |
| Legal / DPA | legal@metlink.in |
| General | hello@metlink.in |
| Mobile | +91 8602333400 |
| Location | Indore, Madhya Pradesh, India — 452001 |
