Data Privacy & Cookie Policy
DATA PRIVACY & COOKIE POLICY
mettaStartup Studio · mettaCofounder · mettaScale
mettastartupstudio.com · mettacofounder.com · mettascale.com
Last Updated: June 13, 2026
Policy Version: 1.0
Legal Entity: Mettacompany Unipessoal Lda
NIF / VAT: PT516915380
Jurisdiction: Portugal (EU)
Applicable Law: GDPR, ePrivacy, UK GDPR, CCPA/CPRA, LGPDThis policy governs the collection and use of personal data through the public websites operated by Mettacompany Unipessoal Lda. The self-serve software products mettaCofounder.ai and mettaScale.ai are governed by their own separate privacy policies.
INTRODUCTION
This Privacy & Cookie Policy ("Policy") explains how Mettacompany Unipessoal Lda ("we", "us", "our"), a company registered in Portugal (NIF PT516915380) with its registered office at Rua Filipe Folque 7, 3 Dto, 1050-110 Lisboa, Portugal, collects, uses, stores, and protects personal data when you visit or interact with our websites:
- mettastartupstudio.com, the corporate site of our venture studio (information, press, partnerships, hiring).
- mettacofounder.com, the marketing site for our mettaCofounder agency services.
- mettascale.com, the marketing site for our mettaScale services.
We refer to these together as the "Websites". This Policy applies to visitors globally, including in the European Economic Area (EEA), the United Kingdom, the United States (including California), Brazil, and elsewhere.
If you use our software products, please see the separate mettaCofounder.ai Privacy & Cookie Policy or mettaScale.ai Privacy & Cookie Policy, which cover the account-based processing those products involve.
Data Controller: Mettacompany Unipessoal Lda, Rua Filipe Folque 7, 3 Dto, 1050-110 Lisboa, Portugal.
Privacy Contact: info@mettastartupstudio.com
Primary Establishment: Lisbon, Portugal (EU).
1. INFORMATION WE COLLECT
We collect only what the Websites need to function and to respond to you. The three Websites differ in what they collect:
- mettastartupstudio.com: contact and inquiry form data and analytics only. No sales funnel, no checkout.
- mettacofounder.com: the above, plus newsletter signups, booking and scheduling data, waitlist signups, and purchase data for paid offers (Sprint, Intensive, six-month engagement).
- mettascale.com: the above, plus inquiry and booking data for scaleup sales engagements.
1.1 Information You Give Us
- Contact and inquiry forms: your name, email address, the nature of your inquiry (for example press, partnership, investor, hiring, or a service question), and the content of your message.
- Newsletter and community signups: your email address, and any name or preferences you provide.
- Bookings and scheduling: when you book a call or session, the scheduling details you provide (name, email, selected time, and any notes), processed through our scheduling and CRM provider.
- Purchases (mettacofounder.com): when you buy a paid offer, your billing details are processed by our payment provider. We do not store full card numbers (see section 1.3).
1.2 Information Collected Automatically
When you visit the Websites we collect, subject to your cookie choices where applicable:- IP address and approximate (city or country level) location.
- Browser type and version, operating system, and device type.
- Pages visited, referring and exit pages, time on page, and basic interaction data.
- Error logs and performance metrics.
1.3 Payment Data (mettacofounder.com)
Payment processing for paid offers is handled by Stripe. We do not store, access, or process your full card number, CVV, or bank details. Stripe provides us with the last four digits of your payment method, billing and invoice records, and payment status. Stripe's own privacy policy governs how it handles your payment data: https://stripe.com/privacy.
2. HOW WE USE YOUR INFORMATION
- To respond to your inquiries and route them to the right team.
- To send our newsletter and community updates, only where you have opted in.
- To schedule and manage calls and sessions you book.
- To process and fulfil purchases of paid offers, and to manage billing and invoicing.
- To understand how the Websites are used and to improve them.
- To maintain the security and integrity of the Websites and to prevent fraud and abuse.
- To comply with legal obligations and to establish, exercise, or defend legal claims.The Websites do not process your personal data through AI models. AI-assisted processing happens only inside our software products mettaCofounder.ai and mettaScale.ai, under their own policies.
3. LEGAL BASIS FOR PROCESSING (GDPR ARTICLE 6)
- Consent (Art. 6(1)(a)): newsletter and marketing emails, and non-essential analytics and advertising cookies. You can withdraw consent at any time.
- Contractual Necessity (Art. 6(1)(b)): fulfilling a purchase, processing a booking you requested, and responding to a service inquiry.
- Legitimate Interest (Art. 6(1)(f)): security and fraud prevention, basic site analytics, and responding to non-contractual inquiries. Balanced against your rights; you can object.
- Legal Obligation (Art. 6(1)(c)): tax and accounting records, and responding to lawful requests.
4. COOKIES & TRACKING TECHNOLOGIES
4.1 What cookies are
Cookies are small text files placed on your device that help the Websites function, remember your preferences, and understand usage.
4.2 Categories we use
Strictly necessary (always active). Security, load balancing, and cookie-consent preference cookies. These cannot be switched off, as the Websites cannot function without them.Analytics and performance (consent required). Used to understand traffic and improve the Websites. Where deployed, these may include Google Analytics 4 and similar product-analytics or session-insight tools. Only the tools actually in use on each site are loaded, and the published list is kept current.Advertising and retargeting (consent required). Used to measure campaign performance and build retargeting audiences. Where deployed on the agency sites, these may include the Meta (Facebook) Pixel, the LinkedIn Insight Tag, and the Reddit Pixel.
4.3 Your cookie choices
On your first visit you will see a consent banner. You can accept all, reject all non-essential cookies (only strictly necessary cookies then remain active), or set preferences by category. We do not load non-essential cookies until you consent. You can change your choices at any time through the cookie-settings link in the footer.
5. HOW WE SHARE YOUR INFORMATION
5.1 We do not sell your data
We do not sell, rent, or trade your personal information, including under the CCPA/CPRA definitions of "sale" and "sharing".
5.2 Service providers (processors)
We share data with providers who act on our behalf under data processing agreements, including:
- GoHighLevel: forms, scheduling, CRM, and email marketing.
- Stripe: payment processing for paid offers (PCI DSS Level 1 certified).
- Cloudflare: DNS, content delivery, and security.
- Website hosting and build platform for the sites themselves.
- Analytics providers (for example Google Analytics 4) where deployed, with consent.
- Advertising platforms (Meta, LinkedIn, Reddit) for pixel data only, with consent.
5.3 Legal requirements
We may disclose information where required by law, regulation, legal process, or a lawful governmental request.
5.4 Business transfers
In a merger, acquisition, or sale of assets, your data may transfer to the acquiring entity. We will notify you before your data becomes subject to a different policy.
6. INTERNATIONAL DATA TRANSFERS
Our primary establishment and core providers are in the EU. Some providers (for example certain analytics and advertising platforms) may process data outside the EEA. Where that happens we rely on appropriate safeguards: European Commission adequacy decisions, EU Standard Contractual Clauses, the EU-US Data Privacy Framework for certified US organizations, and supplementary measures where required. You can request details by contacting us.
7. DATA RETENTION
- Inquiry and contact form data: kept while we handle your inquiry and for a reasonable period afterward, then deleted.
- Newsletter and marketing contacts: until you unsubscribe, plus up to 3 years of consent records as evidence of compliance.
- Booking records: kept for the duration of the engagement and a reasonable period afterward.
- Payment and billing records: 7 years (Portuguese tax law).
- Analytics data: up to 26 months, then anonymized.
- Security and access logs: up to 12 months.
8. YOUR PRIVACY RIGHTS
8.1 GDPR (EEA and UK)
You have the rights of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), objection (Art. 21), and withdrawal of consent (Art. 7(3)) at any time without affecting prior lawful processing. You may also lodge a complaint with a supervisory authority (see section 11).
8.2 CCPA/CPRA (California)California residents have the rights to know, delete, and correct personal information, to opt out of sale or sharing (we do not sell or share as defined), to non-discrimination for exercising rights, and to limit the use of sensitive personal information. We do not disclose personal information for third parties' direct marketing ("Shine the Light").
8.3 UK GDPRUK residents have equivalent rights to those above. The supervisory authority is the UK Information Commissioner's Office (ICO).
8.4 LGPD (Brazil)Brazilian residents have rights of confirmation, access, correction, anonymization, portability, deletion, information about sharing, and consent withdrawal. The supervisory authority is the ANPD.
8.5 How to exercise your rightsEmail info@mettastartupstudio.com with a clear subject line (for example "Access Request" or "Delete My Data"). We respond within 30 days (extendable by 60 days for complex requests, with notice). We may verify your identity first. Reasonable requests are free; we may charge for manifestly unfounded or excessive requests.
9. HOW WE PROTECT YOUR INFORMATION
We use encryption in transit (TLS 1.2+), access controls limiting who can see personal data, data processing agreements with our providers, and incident-response procedures. In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours where required, and affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms.
10. AGE RESTRICTIONS
The Websites are intended for business professionals and are not directed at anyone under 18. We do not knowingly collect data from anyone under 18. If we learn we have, we will delete it.
11. CONTACT & SUPERVISORY AUTHORITIES
Data Controller: Mettacompany Unipessoal Lda
Address: Rua Filipe Folque 7, 3 Dto, 1050-110 Lisboa, Portugal
NIF / VAT: PT516915380
Email: info@mettastartupstudio.com
You may lodge a complaint with a supervisory authority, including:
- Portugal (CNPD): Comissão Nacional de Proteção de Dados, www.cnpd.pt
- United Kingdom (ICO): www.ico.org.uk
- Brazil (ANPD): www.gov.br/anpd
- California: California Attorney General, oag.ca.gov
We encourage you to contact us first so we can address your concerns directly.
12. CHANGES TO THIS POLICY
For material changes we will post a prominent notice on the Websites, update the "Last Updated" date, and where required obtain renewed consent. For minor clarifications we will update the Policy and note the change date. Continued use after the effective date constitutes acceptance.
13. GOVERNING LAW & JURISDICTION
This Policy is governed by the laws of Portugal and the European Union. The courts of Lisbon, Portugal have exclusive jurisdiction, except where mandatory local consumer-protection law provides otherwise. Nothing in this Policy limits your rights under mandatory applicable data-protection law. Where local law provides greater protection, those provisions apply.
Mettacompany Unipessoal Lda · Lisbon, Portugal · VAT PT516915380
© 2026 Mettacompany Unipessoal Lda. All rights reserved.
mettaStartup Studio · mettaCofounder · mettaScale
mettastartupstudio.com · mettacofounder.com · mettascale.com
Last Updated: June 13, 2026
Policy Version: 1.0
Legal Entity: Mettacompany Unipessoal Lda
NIF / VAT: PT516915380
Jurisdiction: Portugal (EU)
Applicable Law: GDPR, ePrivacy, UK GDPR, CCPA/CPRA, LGPDThis policy governs the collection and use of personal data through the public websites operated by Mettacompany Unipessoal Lda. The self-serve software products mettaCofounder.ai and mettaScale.ai are governed by their own separate privacy policies.
INTRODUCTION
This Privacy & Cookie Policy ("Policy") explains how Mettacompany Unipessoal Lda ("we", "us", "our"), a company registered in Portugal (NIF PT516915380) with its registered office at Rua Filipe Folque 7, 3 Dto, 1050-110 Lisboa, Portugal, collects, uses, stores, and protects personal data when you visit or interact with our websites:
- mettastartupstudio.com, the corporate site of our venture studio (information, press, partnerships, hiring).
- mettacofounder.com, the marketing site for our mettaCofounder agency services.
- mettascale.com, the marketing site for our mettaScale services.
We refer to these together as the "Websites". This Policy applies to visitors globally, including in the European Economic Area (EEA), the United Kingdom, the United States (including California), Brazil, and elsewhere.
If you use our software products, please see the separate mettaCofounder.ai Privacy & Cookie Policy or mettaScale.ai Privacy & Cookie Policy, which cover the account-based processing those products involve.
Data Controller: Mettacompany Unipessoal Lda, Rua Filipe Folque 7, 3 Dto, 1050-110 Lisboa, Portugal.
Privacy Contact: info@mettastartupstudio.com
Primary Establishment: Lisbon, Portugal (EU).
1. INFORMATION WE COLLECT
We collect only what the Websites need to function and to respond to you. The three Websites differ in what they collect:
- mettastartupstudio.com: contact and inquiry form data and analytics only. No sales funnel, no checkout.
- mettacofounder.com: the above, plus newsletter signups, booking and scheduling data, waitlist signups, and purchase data for paid offers (Sprint, Intensive, six-month engagement).
- mettascale.com: the above, plus inquiry and booking data for scaleup sales engagements.
1.1 Information You Give Us
- Contact and inquiry forms: your name, email address, the nature of your inquiry (for example press, partnership, investor, hiring, or a service question), and the content of your message.
- Newsletter and community signups: your email address, and any name or preferences you provide.
- Bookings and scheduling: when you book a call or session, the scheduling details you provide (name, email, selected time, and any notes), processed through our scheduling and CRM provider.
- Purchases (mettacofounder.com): when you buy a paid offer, your billing details are processed by our payment provider. We do not store full card numbers (see section 1.3).
1.2 Information Collected Automatically
When you visit the Websites we collect, subject to your cookie choices where applicable:- IP address and approximate (city or country level) location.
- Browser type and version, operating system, and device type.
- Pages visited, referring and exit pages, time on page, and basic interaction data.
- Error logs and performance metrics.
1.3 Payment Data (mettacofounder.com)
Payment processing for paid offers is handled by Stripe. We do not store, access, or process your full card number, CVV, or bank details. Stripe provides us with the last four digits of your payment method, billing and invoice records, and payment status. Stripe's own privacy policy governs how it handles your payment data: https://stripe.com/privacy.
2. HOW WE USE YOUR INFORMATION
- To respond to your inquiries and route them to the right team.
- To send our newsletter and community updates, only where you have opted in.
- To schedule and manage calls and sessions you book.
- To process and fulfil purchases of paid offers, and to manage billing and invoicing.
- To understand how the Websites are used and to improve them.
- To maintain the security and integrity of the Websites and to prevent fraud and abuse.
- To comply with legal obligations and to establish, exercise, or defend legal claims.The Websites do not process your personal data through AI models. AI-assisted processing happens only inside our software products mettaCofounder.ai and mettaScale.ai, under their own policies.
3. LEGAL BASIS FOR PROCESSING (GDPR ARTICLE 6)
- Consent (Art. 6(1)(a)): newsletter and marketing emails, and non-essential analytics and advertising cookies. You can withdraw consent at any time.
- Contractual Necessity (Art. 6(1)(b)): fulfilling a purchase, processing a booking you requested, and responding to a service inquiry.
- Legitimate Interest (Art. 6(1)(f)): security and fraud prevention, basic site analytics, and responding to non-contractual inquiries. Balanced against your rights; you can object.
- Legal Obligation (Art. 6(1)(c)): tax and accounting records, and responding to lawful requests.
4. COOKIES & TRACKING TECHNOLOGIES
4.1 What cookies are
Cookies are small text files placed on your device that help the Websites function, remember your preferences, and understand usage.
4.2 Categories we use
Strictly necessary (always active). Security, load balancing, and cookie-consent preference cookies. These cannot be switched off, as the Websites cannot function without them.Analytics and performance (consent required). Used to understand traffic and improve the Websites. Where deployed, these may include Google Analytics 4 and similar product-analytics or session-insight tools. Only the tools actually in use on each site are loaded, and the published list is kept current.Advertising and retargeting (consent required). Used to measure campaign performance and build retargeting audiences. Where deployed on the agency sites, these may include the Meta (Facebook) Pixel, the LinkedIn Insight Tag, and the Reddit Pixel.
4.3 Your cookie choices
On your first visit you will see a consent banner. You can accept all, reject all non-essential cookies (only strictly necessary cookies then remain active), or set preferences by category. We do not load non-essential cookies until you consent. You can change your choices at any time through the cookie-settings link in the footer.
5. HOW WE SHARE YOUR INFORMATION
5.1 We do not sell your data
We do not sell, rent, or trade your personal information, including under the CCPA/CPRA definitions of "sale" and "sharing".
5.2 Service providers (processors)
We share data with providers who act on our behalf under data processing agreements, including:
- GoHighLevel: forms, scheduling, CRM, and email marketing.
- Stripe: payment processing for paid offers (PCI DSS Level 1 certified).
- Cloudflare: DNS, content delivery, and security.
- Website hosting and build platform for the sites themselves.
- Analytics providers (for example Google Analytics 4) where deployed, with consent.
- Advertising platforms (Meta, LinkedIn, Reddit) for pixel data only, with consent.
5.3 Legal requirements
We may disclose information where required by law, regulation, legal process, or a lawful governmental request.
5.4 Business transfers
In a merger, acquisition, or sale of assets, your data may transfer to the acquiring entity. We will notify you before your data becomes subject to a different policy.
6. INTERNATIONAL DATA TRANSFERS
Our primary establishment and core providers are in the EU. Some providers (for example certain analytics and advertising platforms) may process data outside the EEA. Where that happens we rely on appropriate safeguards: European Commission adequacy decisions, EU Standard Contractual Clauses, the EU-US Data Privacy Framework for certified US organizations, and supplementary measures where required. You can request details by contacting us.
7. DATA RETENTION
- Inquiry and contact form data: kept while we handle your inquiry and for a reasonable period afterward, then deleted.
- Newsletter and marketing contacts: until you unsubscribe, plus up to 3 years of consent records as evidence of compliance.
- Booking records: kept for the duration of the engagement and a reasonable period afterward.
- Payment and billing records: 7 years (Portuguese tax law).
- Analytics data: up to 26 months, then anonymized.
- Security and access logs: up to 12 months.
8. YOUR PRIVACY RIGHTS
8.1 GDPR (EEA and UK)
You have the rights of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), objection (Art. 21), and withdrawal of consent (Art. 7(3)) at any time without affecting prior lawful processing. You may also lodge a complaint with a supervisory authority (see section 11).
8.2 CCPA/CPRA (California)California residents have the rights to know, delete, and correct personal information, to opt out of sale or sharing (we do not sell or share as defined), to non-discrimination for exercising rights, and to limit the use of sensitive personal information. We do not disclose personal information for third parties' direct marketing ("Shine the Light").
8.3 UK GDPRUK residents have equivalent rights to those above. The supervisory authority is the UK Information Commissioner's Office (ICO).
8.4 LGPD (Brazil)Brazilian residents have rights of confirmation, access, correction, anonymization, portability, deletion, information about sharing, and consent withdrawal. The supervisory authority is the ANPD.
8.5 How to exercise your rightsEmail info@mettastartupstudio.com with a clear subject line (for example "Access Request" or "Delete My Data"). We respond within 30 days (extendable by 60 days for complex requests, with notice). We may verify your identity first. Reasonable requests are free; we may charge for manifestly unfounded or excessive requests.
9. HOW WE PROTECT YOUR INFORMATION
We use encryption in transit (TLS 1.2+), access controls limiting who can see personal data, data processing agreements with our providers, and incident-response procedures. In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours where required, and affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms.
10. AGE RESTRICTIONS
The Websites are intended for business professionals and are not directed at anyone under 18. We do not knowingly collect data from anyone under 18. If we learn we have, we will delete it.
11. CONTACT & SUPERVISORY AUTHORITIES
Data Controller: Mettacompany Unipessoal Lda
Address: Rua Filipe Folque 7, 3 Dto, 1050-110 Lisboa, Portugal
NIF / VAT: PT516915380
Email: info@mettastartupstudio.com
You may lodge a complaint with a supervisory authority, including:
- Portugal (CNPD): Comissão Nacional de Proteção de Dados, www.cnpd.pt
- United Kingdom (ICO): www.ico.org.uk
- Brazil (ANPD): www.gov.br/anpd
- California: California Attorney General, oag.ca.gov
We encourage you to contact us first so we can address your concerns directly.
12. CHANGES TO THIS POLICY
For material changes we will post a prominent notice on the Websites, update the "Last Updated" date, and where required obtain renewed consent. For minor clarifications we will update the Policy and note the change date. Continued use after the effective date constitutes acceptance.
13. GOVERNING LAW & JURISDICTION
This Policy is governed by the laws of Portugal and the European Union. The courts of Lisbon, Portugal have exclusive jurisdiction, except where mandatory local consumer-protection law provides otherwise. Nothing in this Policy limits your rights under mandatory applicable data-protection law. Where local law provides greater protection, those provisions apply.
Mettacompany Unipessoal Lda · Lisbon, Portugal · VAT PT516915380
© 2026 Mettacompany Unipessoal Lda. All rights reserved.
