Privacy Policy

Last updated: 2 June 2026

This Privacy Policy explains how Metricade collects, uses, shares, and protects your personal data when you visit metricade.com or use the Metricade mobile applications (together, the “Services”). It also sets out the rights you have over your data and how to exercise them.

Please read this policy carefully. By using the Services, you agree to the practices described here. If you do not agree, please do not use the Services.

1. Who We Are

Metricade is operated by Market Catalyst Enterprises, a sole proprietorship registered in Pakistan and based at E-1/2-BD2, Street #6, Mohalla Zaman Colony, Sheraz Villas Road, Lahore Cantt, 54810, Lahore, Punjab, Pakistan (“Metricade”, “we”, “us”, or “our”). For the purposes of applicable data protection law, Market Catalyst Enterprises is the data controller of your personal data.

For all privacy-related enquiries, contact [email protected] or call +92 311 4162776.

2. Scope of This Policy

This policy applies to personal data we collect through:

• The metricade.com website and any subdomains
• The Metricade mobile applications on iOS and Android
• Communications you send to us by email, phone, WhatsApp, or through the Services

It does not cover the privacy practices of third parties we link to from the Services. We encourage you to read the privacy policies of any third-party sites or services you visit.

3. Personal Data We Collect

We collect only the data we need to deliver the Services and meet our legal obligations. The categories below describe what we collect and when.

3.1 Information you give us

• Account and order information: name, email address, order history (products, amounts, dates). If your order includes physical goods, we also collect a delivery address and phone number.
• Communications: the content of emails, support tickets, WhatsApp messages, phone interactions, and any messages you send us, together with any attachments.

3.2 Information collected automatically

• Device and technical information: IP address, browser type and version, operating system, device identifiers, and timestamps of your activity on the Services.
• Usage information: pages viewed, links clicked, products viewed, time spent on pages, referring URL, and similar analytics data.
• Approximate location: general geographic region (typically country and city) inferred from your IP address. We do not collect precise GPS location.
• Delivery logs: for digital products, we retain a record of which product was delivered, to which email address, and when.

3.3 Information from third parties

If you sign in or interact with the Services through a third party (such as a social login provider, when available), we receive the data that party shares with us, subject to your settings on that platform.

3.4 Information we do not collect

• We do not collect government-issued identification numbers from buyers.
• We do not collect or store your full payment card number, CVV, or other sensitive payment credentials. Where payment processing is offered, that data is handled by the regulated payment processor (see Section 5).
• We do not collect biometric data, precise location data, or special-category data (such as health, religion, or political opinions).

4. How and Why We Use Your Data

We process your personal data only where we have a valid legal basis to do so. The table below sets out the main purposes and the legal basis for each.

Purpose	Data used	Legal basis
Fulfilling your order (sending digital codes, processing physical shipments)	Name, email, delivery address, order details	Performance of a contract
Confirming delivery and resolving disputes about non-delivery	Email delivery logs	Performance of a contract; legitimate interest in dispute resolution
Preventing fraud, chargebacks, and abuse of the Services	IP address, device information, order patterns	Legitimate interest in protecting the business and other customers
Identifying regional compatibility of digital products	IP-derived approximate location	Legitimate interest in helping you make an informed purchase
Responding to your enquiries and providing customer support	Name, email, phone number, message content	Performance of a contract; legitimate interest in supporting customers
Improving the Services (analytics, error monitoring)	Usage data, device information	Legitimate interest in improving and securing the Services
Sending you transactional emails (order confirmations, delivery notices, refund updates)	Name, email, order data	Performance of a contract
Complying with Pakistani tax, accounting, and consumer protection laws	Order records, invoice data	Legal obligation

We do not sell your personal data. We do not use your data for targeted advertising, profiling for advertising purposes, or any form of automated decision-making that produces legal or similarly significant effects on you.

5. Third Parties We Share Data With

We share personal data with the following categories of third parties, only to the extent necessary for the purposes described in Section 4.

5.1 Payment processing

Metricade has onboarded with Swich (operated by Numbers Private Limited), a Payment Service Provider licensed by the State Bank of Pakistan and operating on PCI-DSS-compliant infrastructure. Online payment processing through Swich is being integrated and not yet live; a go-live date has not been confirmed. Until then, the checkout uses interim arrangements (such as direct bank transfer or mobile wallet) which we confirm in writing at the time of your order.

Once the Swich integration is live, your card and wallet data will be transmitted directly to and stored by Swich, not by Metricade. Swich’s handling of your data is governed by its own privacy policy, available at swichnow.io. We will update this Privacy Policy to reflect the actual data flows when the integration goes live.

5.2 Delivery partners

For physical goods (currently not available — planned for future), courier and logistics partners will receive your name, delivery address, phone number, and order details strictly to deliver your order. We will name the active partners in this policy when physical-goods orders begin.

5.3 Analytics and service providers

• Google Analytics 4 (GA4) — collects pseudonymous data about page views, sessions, traffic sources, and high-level interactions to help us understand site usage. Hosted by Google LLC.
• Meta Pixel — collects pseudonymous data about page views and conversion events for ad attribution. Operated by Meta Platforms, Inc.
• Google Ads — conversion-tracking pixel used to measure the effectiveness of Google Ads campaigns. Operated by Google LLC.
• Email and hosting providers — Google Workspace for business email, and our hosting provider for the website. These providers process data on our behalf under contractual confidentiality and security obligations.

5.4 Legal and regulatory

We may disclose personal data where we are required by law to do so, including in response to a valid order from a Pakistani court, the Federal Board of Revenue, the State Bank of Pakistan, the Federal Investigation Agency, or another competent authority. We will only disclose what is legally required.

5.5 Successors

If Metricade is involved in a sale, merger, restructuring, or acquisition of the business, personal data may be transferred to the successor entity. We will notify you of any such transfer and any change to your rights at that time.

We do not share your personal data with advertisers, data brokers, or any third party for commercial marketing purposes.

6. International Data Transfers

Some of our service providers (notably GA4, Meta Pixel, and Google Ads) are based outside Pakistan and may process your data in the United States, the European Union, or other jurisdictions. Where data leaves Pakistan, we rely on contractual safeguards, the provider’s certifications, and, where applicable, standard contractual clauses or equivalent mechanisms recognised by international privacy frameworks.

7. Cookies and Similar Technologies

We use cookies and similar technologies (such as local storage and pixels) to operate the Services and to understand how they are used.

• Strictly necessary cookies — required for the Services to function (session management, security, shopping cart). These cannot be disabled without breaking the Services.
• Analytics cookies — used by GA4, Meta Pixel, and Google Ads to understand usage patterns and measure ad performance.
• Functional cookies — remember your preferences (such as language or currency display).

Pakistani law does not currently require a cookie consent banner. We disclose our cookie use here for transparency. You can disable non-essential cookies at any time through your browser settings; doing so may affect site functionality. We do not use cookies for behavioural advertising beyond the conversion-measurement use described above.

8. Digital Products and Regional Compatibility

Digital products sold on Metricade (game keys, gift cards, in-game currency vouchers) are region-specific. Each product page displays a region label (Global, Pakistan, MENA, or otherwise). It is your responsibility to verify that the product’s region matches your account before purchasing. We use approximate location data only as a hint to help you choose the right product, not as a binding determination.

Once a digital product code has been revealed or delivered to you, it is considered delivered. Delivery logs are retained for up to 12 months to resolve any disputes.

9. Data Retention

We keep personal data only as long as we need it for the purpose for which it was collected, or as required by law.

Category	Retention period
Order and invoice records	At least 6 years from the end of the financial year (Pakistani tax and accounting requirements)
Digital delivery logs	12 months from delivery
Device and IP data for fraud prevention	12 months
Customer support communications	24 months from the last interaction
Analytics data (GA4, Meta Pixel, Google Ads)	14 months in pseudonymous form (configurable per provider)
Account data (when an account is closed)	Deleted within 90 days, except where retention is required by law

After the applicable retention period, data is either deleted or irreversibly anonymised so that it can no longer be linked to you.

10. Data Security

We use industry-standard administrative, technical, and physical safeguards to protect your personal data, including encryption in transit (HTTPS/TLS), access controls, secure password storage, regular security updates, and logging. Payment card data is never stored on our servers — once Swich is live, that data flows directly to Swich, which operates on PCI-DSS-compliant infrastructure.

No system is perfectly secure. If we become aware of a data breach that materially affects your rights, we will notify you and, where required, the relevant authorities, in accordance with applicable law.

11. Your Rights

Subject to applicable law, you have the following rights over your personal data:

• Access — request a copy of the personal data we hold about you.
• Correction — ask us to correct data that is inaccurate or out of date.
• Deletion — ask us to delete your personal data. We will comply unless we are required to retain it by law (for example, for tax records).
• Account deletion (web + app): you can delete your Metricade account yourself at any time. In the mobile app, the path is Profile → Settings → Delete account. On the website, sign in and visit /account-deletion or use the Delete account option inside the WooCommerce My Account area. On deletion we remove your profile (display name, email, avatar), your sign-in link (Firebase, Apple, or Google credential), and your push-notification tokens. We retain your past order records and the delivered-code references on those orders for up to 6 years from the financial year-end as required by Pakistani tax and accounting law, and as permitted by Google Play and Apple data-deletion policies for fraud prevention and legal compliance — your identifying details (name, email, phone, billing and shipping addresses) on those orders are redacted to a sentinel on deletion; the order rows themselves stay until the retention period elapses. If you used Sign-in-with-Apple on the mobile app, we also revoke your Apple refresh token at appleid.apple.com so the Sign-in-with-Apple link is broken on Apple’s side too. If you cannot sign in to delete your account yourself, email [email protected] (subject DELETE) or WhatsApp +92 311 4162776 and we will process the deletion within 30 days.
• Restriction — ask us to limit how we process your data while a dispute is resolved.
• Objection — object to our processing of your data on the basis of legitimate interest. We will stop processing unless we have compelling legitimate grounds to continue.
• Portability — request a copy of the data you provided to us in a structured, commonly used, machine-readable format.
• Withdrawal of consent — where we rely on consent, withdraw that consent at any time.
• Complaint — lodge a complaint with the data protection authority in your country of residence, where one exists.

To exercise any of these rights, email [email protected] or call +92 311 4162776 with your request. We may need to verify your identity before we act on a request. We will respond within 30 days of receiving a verified request, and will tell you if we need additional time (we will not take more than 90 days in total).

There is no fee for a reasonable request. We may charge a reasonable administrative fee, or refuse to act, on requests that are manifestly unfounded, excessive, or repetitive.

12. Children’s Privacy

The Services are not directed at children under the age of 13, and we do not knowingly collect personal data from children under 13. Users between 13 and 17 may use the Services only with the consent and supervision of a parent or legal guardian. If you believe a child has provided personal data without parental consent, contact [email protected] and we will delete it promptly.

13. Automated Decision-Making and Profiling

We do not use automated decision-making (including profiling) that produces legal or similarly significant effects on you. Fraud prevention may use automated signals, but a human reviews any decision that results in an order being cancelled or held.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you by email. Continued use of the Services after a change takes effect constitutes acceptance of the updated policy.

15. Governing Law

This Privacy Policy is governed by the laws of the Islamic Republic of Pakistan, including the Prevention of Electronic Crimes Act, 2016 (PECA), the Punjab Consumer Protection Act, 2005, and any other applicable Pakistani data protection or consumer protection law. We also align our practices with the principles of internationally recognised data protection frameworks where they apply, including the EU General Data Protection Regulation.

16. Contact Us

For privacy questions, data rights requests, or any concerns about how we handle your data:

Privacy / data requests: [email protected]
Customer support phone / WhatsApp: +92 311 4162776
General enquiries: [email protected]
Operator: Market Catalyst Enterprises
Registered address: E-1/2-BD2, Street #6, Mohalla Zaman Colony, Sheraz Villas Road, Lahore Cantt, 54810, Lahore, Punjab, Pakistan