Legal

Privacy Policy

Last updated: 10 June 2026

Plain-language summary
  • The offline app collects nothing — your data never leaves the device.
  • With a cloud account, we store your email and encrypted data we cannot read.
  • No ads, no analytics trackers, no selling or sharing your data. Ever.

Who we are

Metricky is built and operated by Grön IT AB, a company registered in Sweden, which is the data controller for any personal data described in this policy. Questions and requests: gronitab@gmail.com.

The offline app: no data collected

On iOS and Android, Metricky works fully offline without an account. In that mode every metric, entry, attachment and preference is stored only on your device. Nothing is transmitted to us — there is no account, no telemetry and no analytics. Data leaves the device only if you explicitly use the export feature, and then it goes where you send it, not to us.

The cloud tier: what we store

If you create an account for multi-device sync, we store:

  • Your email address and a password hash — used to sign you in and, rarely, to contact you about your account.
  • End-to-end encrypted data. Your metrics, entries, notes and preferences are encrypted on your device before upload. Our servers store ciphertext plus a per-row code (an HMAC) used only to scope rows to your account.
  • Operational metadata — row timestamps, row counts and approximate payload sizes, which the sync protocol needs to function.
  • Transient server logs including IP addresses, kept briefly for security and debugging, then discarded.

Your encryption passphrase generates a key that never leaves your devices. We cannot read your metric names, entry values, notes or preferences — and because the passphrase is never transmitted, we could not decrypt your data even if compelled to try. The flip side is real: if you lose the passphrase, we cannot recover your data either.

What we never do

  • No advertising, and no ad networks in the app or on this site.
  • No third-party analytics or tracking pixels.
  • No selling, renting or sharing of your data with anyone.

Cookies

The web app uses a single session cookie to keep you signed in. There are no marketing or analytics cookies, which is why you don't see a cookie banner.

Data retention and deletion

Cloud data is kept for as long as your account exists. If you cancel the cloud tier, a full export is produced first, your account is deleted and the ciphertext on our servers is purged. Devices that were paired keep their local copies and continue working as standalone offline installs. We also keep routine database backups (which contain your data only in its end-to-end encrypted form) for up to 30 days, after which deleted data ages out of them automatically.

Your rights

Under the GDPR (and equivalent laws elsewhere) you have the right to access, correct, export and erase your personal data, and to lodge a complaint with a supervisory authority — in Sweden, the Integritetsskyddsmyndigheten (IMY). Most of these rights are built into the product: export and account deletion are self-service in Settings. For anything else, email gronitab@gmail.com.

Changes to this policy

If this policy changes in a way that matters, we will update this page and the "last updated" date above, and notify cloud-account holders by email before the change takes effect.