Privacy document
Privacy policy for ChatGPT, Custom GPT and public Metaf API integrations, covering data scope, processing purposes, recipients and user rights.
Updated:
This privacy policy applies to the use of Metaf integrations with ChatGPT, Custom GPT, GPT Actions and similar AI-based interfaces communicating with Metaf public APIs or forms.
It covers data transmitted to Metaf while using catalog functions, recommendation flows, lead forms and quote-request workflows supported by AI integrations.
The controller of data received by Metaf through these integrations is Metaf, VAT ID 9491042276, contact: kontakt@metaf.pl, phone +48 795 638 723, operational location: Krak贸w.
Questions regarding privacy, data security or data-subject rights can be sent to kontakt@metaf.pl.
Depending on the workflow, Metaf may receive the user's request content, product identifiers and parameters, category or application context and contact details voluntarily provided by the user.
When a lead form or quote request is submitted, this may include in particular name, email address, phone number, company name, message content, product identifier, product URL, request source and basic technical data needed to protect the interface against abuse.
Data is processed only to the extent necessary to handle the user's request, return catalog results, prepare product recommendations, service a commercial inquiry, maintain interface security and diagnose integration performance.
Metaf does not design this integration as a system for secondary training of its own AI models on user prompts. Data received by Metaf is used to handle the request, keep the interface secure and improve the integration within a reasonable operational scope.
The legal basis is primarily the performance of steps requested prior to entering into a contract or handling the user's request, and, for security logs, anti-abuse protection and defence of claims, the controller's legitimate interest.
If the user provides information beyond what is necessary for the request, this is done voluntarily.
If the integration is used through ChatGPT or Custom GPT, part of the data may also be processed by OpenAI or other providers operating the conversational layer of the selected AI interface. Processing performed on the OpenAI side is governed by OpenAI's own terms and policies.
Metaf is responsible for data that reaches its own APIs, forms, contact inbox and delivery infrastructure. Data may be disclosed to hosting, email, technical-service providers and authorised staff handling commercial or technical inquiries, strictly to the extent needed to fulfil the purpose.
Inquiry and lead data is retained for as long as necessary to handle the case, continue commercial or technical contact and secure potential claims. Technical and security data may be retained for a shorter period solely for abuse detection, anti-spam protection and audit purposes.
Where the law requires longer retention of specific data, Metaf stores it for the required period.
Data subjects may request access, rectification, erasure, restriction of processing, objection to processing and may lodge a complaint with the competent supervisory authority, in accordance with applicable law.
Requests concerning personal data can be sent to kontakt@metaf.pl.
Metaf applies data-minimisation principles and limits the scope of information collected by public endpoints to what is necessary for a specific action. Form interfaces are protected with anti-spam and anti-abuse mechanisms such as validation, rate limits, honeypots and optional Turnstile verification.
Users should not transmit special-category data, excessive information or any data not required to select a product or initiate commercial contact.
Metaf may update this policy if the way the integration works, the scope of processed data or the legal and contractual requirements applicable to the public API and AI integrations change.
The current version of the document is published at the same URL.
