Skip to content

Compliance

Privacy Policy & GDPR

Last updated: May 2026

Metadot Corporation (“Metadot,” “we,” “us”) builds hardware and software products including Das Keyboard, Mojo Helpdesk, Bamzooka, Montastic, and TyprX. This policy explains what information we collect, how we use it, and the safeguards we put in place to protect it.

SOC 2 Type II

Our SaaS products are operated under a SOC 2 Type II program. An independent auditor evaluates our security controls on an ongoing basis to confirm they are not only well designed but consistently operated.

AI Features and Customer Data

When our products use AI to assist users, customer data stays scoped to the account it originated in. We do not use customer content to train third-party foundation models, and we contractually require the model providers we work with to behave the same way.

Information We Collect

We only collect information you knowingly provide — for example, when you create an account, contact support, subscribe to a newsletter, place an order, or upload content into one of our products. We use that information for the purpose it was provided, and we do not repurpose it without your consent.

  • Account identifiers (name, email, organization)
  • Billing information needed to process a purchase
  • Content you create inside a product (tickets, lists, configurations)
  • Operational logs needed to run and secure the service

How We Protect Your Data

Access to customer data is restricted to a small group of engineers and product staff who require it to operate the service. All staff sign confidentiality agreements and complete security training. Internal actions on production systems are logged and reviewed.

  • Passwords are stored using one-way cryptographic hashing.
  • Payment details are tokenized by our payment processor; full card numbers never reach our servers.
  • Customer data is encrypted in transit (TLS) and at rest.
  • Production data is backed up daily and the backups are encrypted.
  • Infrastructure is monitored continuously; on-call engineers respond to alerts around the clock.

Hosting

Our SaaS products are hosted on Amazon Web Services in ISO 27001 certified facilities. We rely on AWS's physical security, environmental controls, and network defenses, on top of which we operate our own application-level controls.

HIPAA and Business Associate Agreements

Metadot has executed a Business Associate Agreement (BAA) with Amazon Web Services. For products designed to handle protected health information (PHI), we will execute a BAA with eligible customers on request. See our HIPAA page for details.

Cookies and Tracking

We use session cookies to keep you signed in and to make the site work, and a small number of analytics cookies to understand how the site is used in aggregate. You can disable non-essential cookies in your browser; some features will not work without session cookies.

Analytics

We use Google Analytics with pseudonymous identifiers to understand traffic patterns and to improve the site. You can opt out using Google's browser add-on or by disabling cookies.

Third-Party Services

We integrate with a limited set of third-party services to operate the business — for example, an email delivery provider, a payments processor, and productivity tools used by our staff. We choose vendors that meet our security and privacy standards and that are willing to commit to a GDPR-compliant data processing arrangement.

Google User Data

Data Accessed

When a user connects their Google account, Metadot products may access:

  • Google account email address
  • Google Calendar list
  • Calendar free/busy availability
  • Calendar events created by the application
  • Google Meet conference information (when enabled)

Data Usage

This data is used solely to provide scheduling and calendar integration features, including:

  • Identifying the connected Google account
  • Allowing users to select a calendar for bookings
  • Determining available meeting times through free/busy queries
  • Creating, updating, and deleting booking events
  • Inviting attendees to scheduled meetings
  • Generating Google Meet links when requested

Metadot does not use Google user data for advertising, profiling, or marketing purposes.

Data Sharing

Metadot does not sell Google user data.

Google user data is shared only:

  • With Google services as required to perform requested calendar operations
  • With meeting attendees through calendar invitations created by the user
  • With subprocessors required to host and operate the service

Data Storage & Protection

  • Data is transmitted using TLS encryption.
  • OAuth tokens are encrypted at rest.
  • Access is restricted to authorized systems and personnel.
  • Security controls are used to protect against unauthorized access.

Data Retention & Deletion

  • Google OAuth credentials are retained only while the integration remains connected.
  • Users may disconnect their Google account at any time.
  • Upon disconnection, stored OAuth credentials are deleted.
  • Users may request deletion of related data by contacting support@metadot.com.

Payment Processing

Payments are handled by a PCI-compliant payment processor. We receive a token and the last four digits of the card; we do not store the full card number, expiration, or CVV.

When We Share Information

We do not sell personal information. We share information only when:

  • You direct us to (for example, by enabling an integration).
  • A vendor needs it to provide a service on our behalf under a contract that restricts how they use it.
  • We are legally required to, or to investigate fraud, abuse, or threats to the safety of our users.

Your Rights

Subject to applicable law (including the GDPR and CCPA), you may request access to, correction of, export of, or deletion of personal information we hold about you. Send requests to privacy@metadot.com.

Data Processing Agreement

Customers subject to the GDPR can request a signed Data Processing Agreement at privacy@metadot.com.

Changes to This Policy

We will post material changes to this page and update the “Last updated” date above. For questions, contact privacy@metadot.com.