Request a Demo

Security Policy

1. Scope

This Security Policy applies to the website metagens.ai and all personal data collected through it. It describes the technical and organisational measures Metagens.ai Private Limited has implemented to protect personal data submitted by visitors to the Site.

This policy covers the following data collected on the Site:

  • Email addresses submitted via the newsletter subscription form
  • Name, Company Name, Role, and description submitted via the contact/demo request form

The Site does not maintain user accounts, does not store passwords, and does not process payment information. The security scope is therefore limited to the data points listed above.


2. Technical Security Measures


2.1 Encrypted transmission

All data transmitted between your browser and the Site is encrypted using Transport Layer Security (TLS). The Site enforces HTTPS on all pages. Unencrypted HTTP connections are automatically redirected to HTTPS. The SSL certificate is provisioned and maintained by Hostinger International Ltd and validated by CookieYes.


2.2 Server security

The Site is hosted on a Virtual Private Server (VPS) provided by Hostinger International Ltd, running on LiteSpeed web server infrastructure. Server-level security measures include:

  • Cloudflare CDN and DDoS protection layer sitting in front of the origin server
  • Wordfence Security plugin providing application-level firewall and malware scanning
  • Limit Login Attempts Reloaded providing brute-force login protection on the WordPress admin
  • WP Activity Log recording all administrative actions taken on the Site
  • Regular automated malware scans via Wordfence

2.3 Access control

Access to the WordPress admin panel is restricted to the founding team of Metagens.ai. Admin credentials are not shared with external contractors without a separate confidentiality agreement. Two-factor authentication is strongly recommended and applied to all admin accounts.


2.4 Data minimisation

The Site collects only the minimum personal data required for each specific purpose. The contact form does not collect phone numbers, dates of birth, financial information, or any sensitive personal data as defined by applicable law. The newsletter subscription collects email address only.


2.5 Third-party processor security

Personal data submitted through the Site is processed by the following third-party services, each of which maintains their own security certifications:

  • HubSpot, Inc. — ISO 27001 certified, SOC 2 Type II audited, GDPR compliant
  • Google LLC (Analytics 4) — ISO 27001 certified, SOC 2 audited
  • Microsoft Corporation (Clarity) — ISO 27001 certified, SOC 2 audited
  • Hostinger International Ltd — ISO 27001 certified
  • Cloudflare, Inc. — ISO 27001 certified, SOC 2 Type II audited


3. Organisational Security Measures

In addition to technical measures, Metagens.ai operates the following organisational controls:

  • Personal data access is restricted on a need-to-know basis within the founding team
  • No personal data collected through the Site is shared with third parties beyond those listed in the Privacy Notice
  • No personal data is processed on personal devices without encryption
  • Third-party services with access to personal data are subject to Data Processing Agreements (DPAs) where required by applicable law


4. Data Breach Response

In the event of a personal data breach affecting data collected through the Site, Metagens.ai will:

  • Contain the breach and assess its nature and scope as quickly as practicable
  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where required by UK GDPR (ICO), Singapore PDPA (PDPC), or India DPDP Act 2023 (Data Protection Board)
  • Notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms
  • Document all breaches in an internal breach register regardless of whether notification is required


To report a suspected security vulnerability or data breach involving the Site, contact us immediately at hello@metagens.ai with the subject line: SECURITY.


5. Responsible Disclosure

We welcome responsible disclosure of security vulnerabilities in the Site. If you discover a vulnerability, please contact us at hello@metagens.ai before public disclosure. We will acknowledge your report within 5 business days and aim to resolve confirmed vulnerabilities within 30 days. We ask that you do not exploit any vulnerability you discover or disclose it publicly before we have had the opportunity to address it.


6. Review of This Policy

This Security Policy will be reviewed at least annually or following any significant change to the Site’s technical infrastructure, data processing activities, or applicable legal requirements. The version number and effective date at the top of this document will be updated at each review.


7. Contact

Metagens.ai Private Limited

Address: 35, 4th Cross Rd, 2nd Block, Ayyappa Nagar, Krishnarajapuram, Bengaluru, Karnataka 560036, India., Bengaluru, Karnataka, India

Email: hello@metagens.ai

Website: metagens.ai

Last updated: April 2026

Stop assembling. Start deploying.

Full-stack fintech infrastructure for teams building lending products in the US market. Lending. AML. Payments. Core Banking. Cards. One deployment. Built native. Not assembled.

Want Insights Directly?

Subscribe for new articles on fintech lending infrastructure, AML compliance, and payments architecture. No marketing content. No product announcements. Just the technical insights.