Privacy Policy
OneMetric
Last Updated: June 2026
Growtomation Marketing Solutions Pvt. Ltd. (incorporated in India) and Growtomation Marketing LLC (registered in the State of Delaware, USA), both operating under the trade name “OneMetric” (“OneMetric,” “we,” “us,” or “our”) operates as a data-driven marketing solutions, revenue operations, and automation infrastructure agency. We are committed to processing your data transparently and securely. This Privacy Policy describes how we collect, use, disclose, and protect personal information across all OneMetric websites, platforms, and managed applications that link to it (collectively, the “Services”).
By using our Services or interacting with our brand assets, you acknowledge that you understand and agree to the practices described here. If you do not agree, please discontinue use of our platforms.
1. Changes to This Privacy Policy
We update this Privacy Policy periodically to reflect changes in data-protection law, technology, and operations. The “Last Updated” date reflects the latest version. For material changes affecting how your personal data is handled, we will provide a prominent notice on our website or a direct email before the change takes effect.
2. Our Legal Role (Controller vs. Processor)
2.1 Controller. We act as a Data Controller when we determine the purpose of processing for our own business development for example, when you browse our website, submit an inquiry, subscribe to our newsletter, or enter a billing contract.
2.2 Processor. We act as a Data Processor when we configure or execute marketing campaigns inside your systems (such as HubSpot, Salesforce, or Google Ads). In these cases you are the Controller, and we process the underlying data strictly under your instruction and a dedicated Data Processing Addendum (DPA).
3. Information We Collect
3.1 Information You Provide. Account and profile records (name, corporate email, business phone, job title, company name); transactional and billing data (billing contacts, business addresses, tax identifiers such as VAT/GST, and partial payment details); and direct communications you send us. All payments are processed through verified third-party payment gateways (such as Stripe) and, where applicable, contracting platforms. OneMetric never directly stores or accesses complete card numbers or raw banking credentials.
3.2 Information Collected Automatically. Technical server logs (IP address, browser, OS metadata, ISP, entry/exit URLs, timestamps); marketing tracking via pixels, scripts, and cookies (including Google Analytics); and crash/performance diagnostic logs used to maintain platform stability and security.
3.3 Information From Third Parties. We may source public business directories, professional networking platforms, and commercial B2B data providers to verify or enrich company profiles for business-development activities.
4. How We Use Your Information (Legal Bases)
We process personal data under the following legal bases:
|
Purpose |
Data Categories |
Legal Basis |
|---|---|---|
|
Executing client agreements; onboarding; payments |
Account info, payment records, SOWs |
Performance of a contract |
|
B2B marketing and outreach |
Contact info, company data |
Legitimate interests (opt-out available) |
|
Analytics and tracking |
Cookie IDs, device metadata, IP |
Consent (via cookie banner) |
|
Platform security and fraud prevention |
Server logs, diagnostic records |
Legitimate interests |
|
Tax and regulatory compliance |
Invoicing details, tax IDs, billing logs |
Legal obligation |
5. How We Share Your Information
We do not sell, trade, or rent your personal data to external brokers. We share information only as follows:
5.1 Authorized Service Providers. We share data with sub-processors performing operational tasks on our behalf such as cloud hosting and productivity infrastructure (for example, Google Cloud / Google Workspace), project-management tools, CRM software, and email-delivery networks. All such vendors are bound by data-confidentiality and data-protection obligations.
5.2 Legal Disclosures. We may share records where required by a valid subpoena, court order, or enforcement law, or to protect the safety and property of OneMetric and our clients.
5.3 Corporate Transitions. In a merger, acquisition, asset sale, or similar transition, your data may transfer to the succeeding entity under the same privacy commitments.
5.4 Sub-processors. A current list of our sub-processors is available on request, and where required by the applicable DPA we will give notice of material changes so controllers may exercise any objection rights they hold.
6. Data Retention
We retain information only as long as needed to fulfill active agreements, satisfy tax audits, or resolve legal claims. Financial, invoice, and billing records: minimum seven (7) years. Marketing leads and inquiries: twelve (12) months from last contact if no contract is signed, after which they are deleted or anonymized. Platform logs and tracking metrics: erased or anonymized within fourteen (14) months of capture.
7. Data Privacy for Minors
Our Services are built for corporate entities and business professionals. We do not knowingly collect or process personal data from individuals under the age of eighteen (18). If we learn that such data has been submitted, we will promptly delete it.
8. International Transfers & Safeguards
OneMetric operates global teams and cross-border infrastructure, and your data may be processed in locations outside your home country (including the EU/UK, the United States, and India). For transfers originating in the European Economic Area, we rely on the European Commission's Standard Contractual Clauses (SCCs). For transfers originating in the United Kingdom, we rely on the UK International Data Transfer Addendum to the SCCs. Where required, we apply supplementary technical and organizational measures and assess onward transfers to ensure your information retains an essentially equivalent level of protection.
9. Physical and Digital Data Protection
We maintain technical and administrative security measures to protect your data from accidental loss, unauthorized alteration, disclosure, or misuse.
These include encryption of data in transit (TLS) and at rest, web application firewalls, least-privilege (role-based) access controls, multi-factor authentication on key systems, and regular vulnerability and patch management. Our information security program is aligned with the ISO/IEC 27001 framework and is subject to ongoing review and improvement.
Because no system or transmission method is entirely secure, we cannot guarantee absolute security. You remain responsible for keeping your account passwords and access credentials confidential. (“Aligned with ISO/IEC 27001” is stated deliberately; we do not claim to hold ISO/IEC 27001 certification.)
9A. Personal Data Breach Notification
In the event of a personal data breach affecting your personal data: where we act as Controller, we will notify the relevant supervisory authority and affected individuals without undue delay and in accordance with applicable law; where we act as Processor on a client's behalf, we will notify the relevant Controller without undue delay after becoming aware of the breach and cooperate with their notification obligations. These actions follow our documented incident response procedures.
10. Your Data Rights
Depending on your location (including the EU under GDPR, the UK, and applicable US state frameworks), you have rights of access, rectification, deletion, restriction or objection, withdrawal of consent, and to lodge a complaint with your supervisory authority. We respond to all requests within the timelines required by your jurisdiction.
To exercise any right, or to raise a security or data-protection concern, contact our information security and privacy team at
infosecurity@growtomation.in or infosecurity@onemetric.io.