What MetricSign accesses, what it stores, and what it never touches.
MetricSign monitors your data pipelines without ever reading your business data. We work exclusively with metadata — the what, when, and how of your data processes — not the data itself.
MetricSign connects to your environment via a service principal — an application identity in Azure Active Directory with read-only permissions. Through this connection, we access:
Refresh metadata
Timestamps, duration, status (success/failure), error codes. Not the data being refreshed.
Dataset and workspace names
Names and identifiers of datasets, workspaces, reports, and pipelines.
Schema information
Table names, column names, measure definitions, and relationships — for model intelligence features. No row data, no values.
Pipeline and job run status
Run start/end times, status, error messages from ADF pipelines and Databricks jobs.
Row data or report content
We never query, read, or transmit the actual data in your tables, reports, or dashboards.
End-user identities or activity
We do not access who views which report, user-level activity logs, or personal data of your organisation's users.
Write access
MetricSign operates read-only. We do not modify datasets, reports, pipelines, or any configuration in your environment.
The AI assistant is off by default for new organisations. An admin can choose to enable it in two modes: FAQ mode (predefined answers, no external data processing) or the Claude-powered mode (powered by Anthropic). Everything described below applies only to organisations where an admin has explicitly activated the Claude-powered mode.
What is sent to Anthropic
Your question, the conversation history, and relevant context from the current incident — such as dataset names, error codes, and timestamps. No row data or report content.
Retention
Conversation logs are stored for 90 days to enable context-aware follow-up questions. After 90 days they are permanently deleted.
Anthropic's data use
Anthropic processes queries under their API terms. MetricSign uses the API tier, which does not allow Anthropic to use your data to train models.
Customers who prefer not to use the AI assistant can operate MetricSign without it — all monitoring and alerting features are fully independent.
MetricSign processes data on the following legal grounds under the General Data Protection Regulation (GDPR):
Contract performance
Processing your environment's metadata is necessary to deliver the monitoring service you subscribed to. Without it, MetricSign cannot detect failures, delays, or anomalies.
Legitimate interest
Storing historical monitoring data (run history, incidents, schema snapshots) is necessary to provide trend analysis, anomaly detection, and debugging support — the core purpose of the service.
Legal obligation
Where required by applicable law — for example, retaining records for security incident reporting under Article 33 GDPR.
MetricSign applies the principle of data minimisation. Data is retained only as long as necessary for the purposes described above.
Metadata stored in MetricSign
Refresh history, incident records, schema snapshots, and pipeline run logs are stored in MetricSign's database to power monitoring and trend analysis.
Credentials encrypted at rest
Service principal secrets and API tokens are stored encrypted using AES-256 (Fernet). The encryption key is held separately from the database.
Tenant isolation
Each organisation's data is logically isolated in the database. No cross-tenant data access is possible through the application.
Data location
MetricSign is hosted in the European Union. Data does not leave the EU, except for AI assistant queries processed by Anthropic (US-based).
The following third-party services are used in the operation of MetricSign:
We are happy to discuss data handling, provide a data processing agreement, or answer specific questions about how MetricSign processes your organisation's information.
Contact usLast updated: March 2026