Metapher

Security & Compliance

Security & Compliance
At Metapher Media Labs, security, privacy, and compliance are fundamental to how we design and operate our software platforms and services. We are committed to protecting customer data and maintaining a secure infrastructure for all products, including Magpiie and other SaaS platforms developed by Metapher.

This page outlines the security practices, compliance measures, and operational safeguards implemented to protect our systems and customer data.

Our practices are aligned with widely recognized industry frameworks and regulatory standards including:
  • General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA)
  • California Privacy Rights Act (CPRA)
  • Industry-standard SaaS security practices inspired by SOC 2 Trust Service Principles

Last Updated: March 13, 2026

  • Our Security Philosophy

    Security at Metapher Media Labs is based on the following principles:
    • Data Protection by Design – Security and privacy protections are built into the architecture of our platforms from the earliest stages of development.
    • Least Privilege Access – System access is restricted only to personnel who require it for operational purposes.
    • Continuous Monitoring – Infrastructure and systems are continuously monitored to detect potential security threats.
    • Transparency and Accountability – We maintain transparent security practices and provide clear documentation to customers regarding how their data is protected.

  • Infrastructure Security

    Metapher SaaS platforms operate on secure cloud infrastructure designed to ensure high availability, reliability, and security. Infrastructure protections include:
    • Secure cloud hosting environments
    • Network segmentation and firewall protections
    • System monitoring and alerting
    • Redundancy and high availability configurations
    • Controlled access to infrastructure resources
    Production environments are isolated from development and testing environments to reduce risk.

  • Data Encryption

    To protect sensitive information, Metapher implements encryption mechanisms across its systems.
    Encryption in Transit
    All data transmitted between users and Metapher platforms is encrypted using secure protocols such as TLS (Transport Layer Security). This prevents unauthorized interception of data during transmission.
    Encryption at Rest
    Sensitive data stored within platform infrastructure may be encrypted at rest using modern encryption standards where applicable.

  • Access Control

    Strict access control policies are implemented across systems and infrastructure. Security measures include:
    • Role-based access control (RBAC)
    • Strong authentication practices
    • Secure credential management
    • Access logging and monitoring
    • Restricted administrative access
    Only authorized personnel are permitted to access systems necessary for service operation.

  • Application Security

    Our software development lifecycle incorporates security practices designed to minimize vulnerabilities. These practices include:
    • Secure coding guidelines
    • Regular code review processes
    • Dependency management
    • Vulnerability assessment
    • Security testing where applicable
    Security considerations are integrated into the development process for all software products, including Magpiie.

  • Data Privacy and Protection

    Metapher Media Labs is committed to protecting user privacy and personal data. Our privacy framework includes:
    • Transparent data collection practices
    • Purpose-limited data processing
    • Data minimization
    • Clearly defined retention policies
    Personal data is processed only for purposes necessary to provide services. Further details are available in our Privacy Policy and Data Processing Agreement (DPA).

  • Compliance with Global Privacy Laws

    GDPR Compliance (European Union)
    Our systems and processes are designed to support GDPR requirements including lawful processing of personal data, data subject rights support, breach notification procedures, data minimization practices, and secure data processing agreements. Customers operating in the European Economic Area may rely on our Data Processing Agreement (DPA) for GDPR compliance.
    CCPA / CPRA Compliance (California)
    Metapher Media Labs complies with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). We provide mechanisms for data access requests, deletion requests, correction requests, and opt-out of sale or sharing of personal data. Metapher Media Labs does not sell personal information.

  • Payment Security

    Payments made for Metapher services and subscriptions are processed through secure third-party payment providers including:
    • Razorpay
    • PayPal
    • Payoneer
    • Bank transfers
    Metapher Media Labs does not store full payment card information. Payment processors maintain their own security standards and compliance frameworks.

  • Sub-Processor Security

    Metapher may rely on trusted third-party providers to support service delivery. Examples include:
    • Cloud infrastructure providers
    • Email service providers
    • Payment processors
    • Analytics services
    All sub-processors are selected based on their ability to maintain strong security and privacy protections. Where applicable, contractual safeguards are implemented to ensure data protection obligations are upheld.

  • Data Retention

    Personal data is retained only for as long as necessary to provide services, comply with legal obligations, and maintain security and operational integrity. When data is no longer required, it is securely deleted or anonymized. Customers may request deletion of their data according to applicable policies.

  • Incident Response and Security Monitoring

    Metapher maintains procedures for identifying and responding to security incidents. These procedures include:
    • Monitoring system activity
    • Investigating potential security threats
    • Responding to security events
    • Notifying customers where legally required
    In the event of a confirmed data breach affecting personal data, Metapher will notify affected customers in accordance with applicable laws including GDPR.

  • Backup and Disaster Recovery

    To protect against data loss, Metapher implements operational safeguards including:
    • Data backup procedures
    • Infrastructure redundancy
    • Disaster recovery planning
    • System restoration processes
    These measures help ensure service continuity and data availability.

  • Responsible Disclosure

    We encourage responsible reporting of potential security vulnerabilities. Security researchers and users who discover potential vulnerabilities are encouraged to report them to: security@metapher.io

    Metapher Media Labs will review and address legitimate security reports promptly.

  • Employee Security Practices

    Employees and contractors working with Metapher systems follow strict operational guidelines including:
    • Confidentiality obligations
    • Secure access policies
    • Internal security procedures
    • Restricted system privileges
    Security awareness is an ongoing part of our operational culture.

  • Continuous Security Improvements

    Security practices are continuously evaluated and improved as technologies evolve. This includes:
    • Improving infrastructure protections
    • Enhancing monitoring systems
    • Adopting stronger security practices
    • Reviewing operational procedures

  • Contact Information

    For questions regarding security or compliance, contact:

    Metapher Media Labs
    Website: https://metapher.io
    Email: security@metapher.io

    For privacy inquiries:
    Email: privacy@metapher.io