1. Who We Are
Myst Metrics is an e-commerce analytics platform operated by Kind Community Ltd, registered in England and Wales (Company No. 13548269), with registered offices at 4th Floor, Silverstream House, 45 Fitzroy Street, Fitzrovia, London, W1T 6EB, United Kingdom. We are the data controller for all personal data processed through the Myst Metrics platform.
Contact us regarding privacy matters at: caner@kind.community
2. Data We Collect
We collect and process the following categories of data:
- Account data: Name, email address, and password (hashed) when you create an account.
- Advertising and commerce data: CSV exports and API-synced data from connected platforms (Meta Ads, Google Ads, TikTok Ads, Shopify, Amazon). This data is scoped to your account and used solely to power your analytics dashboard.
- Usage data: Pages visited, features used, and session metadata to improve the product.
- Payment data: Billing is handled by Stripe. We do not store card numbers or payment credentials.
- TikTok Shop integration data: Where applicable, we access TikTok Shop Affiliate API data (creator profiles, collaboration status, campaign performance) on behalf of connected sellers. This data is processed in accordance with TikTok Shop Partner Centre terms.
3. How We Use Your Data
- To provide and improve the Myst Metrics analytics dashboard
- To power AI-assisted analysis of your advertising and commerce data
- To sync data from connected third-party platforms on your behalf
- To send transactional emails (account verification, billing receipts, critical alerts)
- To comply with legal obligations
We do not sell your data. We do not use your data for advertising targeting. We do not share your data with third parties except as described in Section 5.
4. Legal Basis for Processing (UK GDPR)
- Contract: Processing necessary to deliver the service you have subscribed to.
- Legitimate interests: Product analytics and security monitoring.
- Consent: Marketing communications (opt-in only).
- Legal obligation: Compliance with applicable law.
5. Third-Party Processors
We share data only with the following sub-processors, each bound by data processing agreements:
| Processor | Purpose | Location |
|---|---|---|
| Neon | Database hosting (PostgreSQL) | US / EU |
| Vercel | Application hosting | Global CDN |
| Clerk | Authentication | US |
| Stripe | Payment processing | US / EU |
| Anthropic (Claude) | AI-powered data analysis | US |
| TikTok Shop | Affiliate API integration | Global |
6. Data Security
We implement the following security measures:
- All data in transit is encrypted using TLS 1.2 or higher
- All data at rest is encrypted using AES-256 via Neon's managed PostgreSQL
- Authentication is managed by Clerk with support for multi-factor authentication
- Passwords are never stored in plain text
- API credentials for connected platforms are stored encrypted and scoped per user
- Access to production systems is restricted to authorised personnel only
- We conduct regular security reviews and dependency audits
- Platform API access tokens are stored with AES-256-GCM encryption
7. TikTok Shop Data Handling
As a registered TikTok Shop Partner Centre app developer, Myst Metrics accesses TikTok Shop APIs strictly in accordance with TikTok's developer terms. Specifically:
- We only access data scopes explicitly authorised by the connected seller
- TikTok Shop data is used exclusively to populate the seller's own analytics dashboard
- We do not aggregate or transfer TikTok Shop data to third parties
- Seller authorisation tokens are stored encrypted and can be revoked at any time
- We comply with TikTok's data localisation and retention requirements
8. Data Retention
We retain your account data for as long as your account is active. Analytics data synced from connected platforms is retained for the duration of your subscription tier (30 days on Free, 6 months on Starter, 12 months on Pro, unlimited on Advanced). On account deletion, all personal data is removed within 30 days. Anonymised aggregate data may be retained for product improvement purposes.
9. Your Rights (UK GDPR)
You have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request erasure of your data
- Object to or restrict processing
- Data portability
- Lodge a complaint with the ICO (ico.org.uk)
To exercise any of these rights, email caner@kind.community. We will respond within 30 days.
10. Cookies
We use essential cookies for authentication session management (via Clerk). We do not use advertising or tracking cookies. No consent banner is required for essential cookies under UK law.
11. International Transfers
Some of our sub-processors (Neon, Clerk, Stripe, Anthropic) are based in the United States. Data transfers to the US are covered by Standard Contractual Clauses (SCCs) or equivalent mechanisms approved under UK GDPR.
12. Changes to This Policy
We may update this policy from time to time. We will notify users of material changes via email or in-app notification. Continued use of the platform after changes constitutes acceptance of the updated policy.
Contact
For privacy and security enquiries, contact:
Kind Community Ltd, 4th Floor, Silverstream House, 45 Fitzroy Street, London, W1T 6EB
caner@kind.community