Privacy Policy

Last updated: May 15, 2026

This Privacy Policy describes our policies and procedures on the collection, use and disclosure of your information when you use Metapad and tells you about your privacy rights and how the law protects you.

We use your personal data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

  • Account means a unique account created for you to access our Service or parts of our Service.

  • Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to transentis labs GmbH, Geisbergstraße 9, 10777 Berlin.

  • Cookies are small files that are placed on your computer, mobile device or any other device by a website, containing the details of your browsing history on that website among its many uses.

  • Country refers to Germany.

  • Data Protection Officer refers to Dr. Oliver Grasl, transentis labs GmbH, Geisbergstraße 9, 10777 Berlin.

  • Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.

  • Personal Data is any information that relates to an identified or identifiable individual.

  • Service refers to the Metapad platform.

  • Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself.

  • You means the individual accessing or using the Service, or the company or other legal entity on behalf of which such individual is accessing or using the Service.

Cookies

  • For users who create and use a Metapad account, we use cookies to manage session information and preferences.
  • Our live chat widget (Crisp) uses essential cookies that are strictly necessary for the chat functionality to operate. These cookies are set only when you interact with the chat widget and do not require consent as they are essential for providing the requested service. No tracking or advertising cookies are used by Crisp.

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

When you create a Metapad account, you will be required to provide an email address. You can also provide additional information such as a name and profile details.

Usage Data

Usage Data is collected automatically when using the Service while signed in to your account. We collect data on the features you use, the models you create, and your interaction with the platform.

Hosting and Infrastructure

Metapad is hosted in DigitalOcean's Frankfurt, Germany data centre. Your account data, model data, and activity events are stored within the European Union. Data is encrypted in transit (TLS 1.2 or higher) and at rest (AES-256 at the storage layer). Database backups are also encrypted. For more detail on our infrastructure and security posture, see our Security page.

Authentication

Auth0

We use Auth0 (operated by Okta, Inc.) for user authentication and identity management. When you sign in, Auth0 processes your email address, your authentication credentials, and metadata about the sign-in (for example IP address, browser, timestamp). Auth0 also stores additional profile fields you provide via the profile page (given name, family name, initials).

This processing is based on Art. 6 (1) (b) GDPR (Processing for contract purposes — providing access to your account) and Art. 6 (1) (f) GDPR (Legitimate interest in operating secure authentication).

Auth0 is operated by Okta, Inc., based in the United States. Data transfers to the United States are subject to safeguards under applicable EU data transfer rules.

You can view Auth0's privacy policy.

Product Usage and Lifecycle Communication

Customer.io

We use Customer.io to understand how you use Metapad and to send service-related and lifecycle messages (for example, onboarding emails). When you are signed in, we send Customer.io your user ID and a limited set of activity events — sign-in, account identification, opening the gallery, opening a model, and using the AI assistant — together with the identifier of the affected resource where applicable. We do not send the content of your models.

This processing is based on Art. 6 (1) (b) GDPR (Processing for contract purposes) and Art. 6 (1) (f) GDPR (Legitimate interest in product improvement and lifecycle communication).

Customer.io is operated from the United States. Data transfers to the United States are subject to safeguards under applicable EU data transfer rules.

You can control this processing in your profile settings under "Privacy". You can either disable activity tracking entirely, or keep activity events on but disable the inclusion of model identifiers so we cannot tell which specific model you are working with. These settings affect future events only — events already recorded by Customer.io are not retroactively deleted.

You can view Customer.io's privacy policy.

AI Assistant

Anthropic (Claude)

Metapad's AI assistant is powered by Claude, operated by Anthropic, PBC. When the assistant is used, your chat messages and the parts of the model the assistant needs to read or change in order to fulfil your request (for example, the metamodel and the nodes and relationships referenced by the request) are sent to Anthropic for processing.

The AI assistant is disabled by default on every model. It is only activated when the model owner explicitly enables it in the model's settings. While the assistant is disabled, no model data is sent to Anthropic.

This processing is based on Art. 6 (1) (b) GDPR (Processing for contract purposes — providing the AI assistant feature you have requested by enabling it).

Anthropic retains your prompts and the assistant's responses for up to 30 days for service operation (for example, abuse monitoring and trust & safety review). Anthropic does not use your prompts, responses, or model data to train its models.

Anthropic is based in the United States. Data transfers to the United States are subject to safeguards under applicable EU data transfer rules.

You can view Anthropic's privacy policy.

Payment Service Providers

Stripe

Our platform accepts payments via Stripe. If you make a purchase, the payment data you provide will be supplied to Stripe based on Art. 6 (1) (a) (Consent) and Art. 6 (1) (b) GDPR (Processing for contract purposes). You can view Stripe's privacy policy.

Live Chat Support

Crisp

We use Crisp to provide live chat support on our platform. When you use the chat widget, Crisp processes the messages you send, your email address (if provided), and technical data such as your IP address and browser information. This processing is based on Art. 6 (1) (b) GDPR (Processing for contract purposes) and Art. 6 (1) (f) GDPR (Legitimate interest in providing customer support).

We have entered into a Data Processing Agreement (DPA) with Crisp to ensure your data is processed in accordance with GDPR requirements. Crisp stores data on servers within the European Union.

You can view Crisp's privacy policy.

Error Monitoring

Pydantic Logfire

We use Pydantic Logfire to collect error reports from our production environment. Only errors and warnings are logged in production — routine informational telemetry is filtered out. Error reports may include the user ID associated with a failing request, request paths, error messages, and stack traces, but do not include the content of your models.

This processing is based on Art. 6 (1) (f) GDPR (Legitimate interest in operating and maintaining a reliable, secure service).

We use the EU instance of Pydantic Logfire — error reports are stored on infrastructure located in the European Union. The service is operated by Pydantic Services, Inc.; while the operating company is based in the United States, your error report data does not leave the European Union.

Your Data Rights

Under GDPR, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Object to data processing
  • Export your data

To exercise these rights, contact us at support@transentis.com.

Links to Other Websites

Our Service may contain links to other websites that are not operated by us. We strongly advise you to review the Privacy Policy of every site you visit.

Changes to this Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

Contact Us

If you have any questions about this Privacy Policy, you can contact us by email at support@transentis.com.