PDS Metronome augments your existing data stores to ensure GDPR/CCPA/PIPEDA/HIPAA compliance and to reveal insights on how your business uses personal data. Use automated risk reporting to understand reasons for data access, coordinate incident response, conduct impact assessments, and confidently expire data that is no longer used.
Personally identifiable data (PII) and other identifying data remains safely in your business’s data store because Metronome uses identifiers for data like customer-123 or customer-123/email. These are enriched with metadata that indicate the system, the users involved, and reasons for access. We infer the rest.
Audit data access by user and software component
Tamperproof, off-device audit trail
Does not store or process personal information
Low risk, developer friendly integration
We never see the actual data, only IDs, so we are a safe, drop-in solution that provides advanced functionality with no risk.
Powerful reports allow you to monitor and manage access of personal data by individual users, external data processors, and software components. Our surveillance of changing usage patterns and active alerting helps you to spot a rogue team, staff member or a data leak in progress before it is too late.
Data protection impact assessments
Surveillance and anomaly detection
Automate data subject requests
Understand the paths through which data flows
Without understanding how your organisation uses personal data, you can't spot misuse. Our reports close this gap helping to mitigate risk.
Your existing data store may not be able to tell you why you initially collected each data item so you may not know when it should expire. Not routinely expiring personal data is likely to be a compliance failure in many jurisdictions. Our reports and alerting helps cover any features you may be missing, providing expiry notices when data is no longer in use. Connecting specific data policies to each data access gives you peace of mind during compliance audits.
Coordinate which data is still in use and why
Identify unauthorised further processing by vendors
Confidently delete stale data
Reduce the chance of compliance failure fines
GDPR compliance failure can result in fines of up to €20 million, or 4% of worldwide turnover for the preceding financial year.
Connect the reasons why you access data to named policies in code. These policies help us coordinate data retention across your business and illustrate the pathways that personal data follows through your organisation.
Data Protection Officers specify your policies
Customer jurisdiction appropriate policies
Policies explain purpose and retention duration
Low effort, coordinated data retention
Day-by-day data expiry notifications
Using only telemetry, we can coordinate between your software components what data is active and let you know which data you aren't using and can safely delete from your data store. Our service unifies your approach to many different privacy laws. By selecting country specific policies you satisfy the varying requirements of each jurisdiction's privacy law.
Our data access telemetry service is now in private beta. Service pricing after launch is dependent on the number of data items we track for you.
Up to 150,000 production items
Unlimited development items
First million API calls free
€3.50/million API calls
Cancel with 30 days notice
Up to 1,000,000 production items
Unlimited development items
First million API calls free
€3.50/million API calls
Cancel with 30 days notice
Up to 10,000,000 production items
Unlimited development items
First million API calls free
€3.50/million API calls
Cancel with 60 days notice
Please contact us to discuss how we can help you protect a larger data set.
No you do not. Since we only see IDs, not actual personal data, you don't need to mention us as a data processor.
Yes, we provide open source client libraries in a range of popular programming languages. We also specify our API with OpenAPI (previously Swagger).
Each account is provided with segregated production and development instances. The development instance allows unlimited items but is rate limited to 20 API calls per minute. The production instance item count determines your monthly subscription cost and has no API rate limits.
No we do not. As a data service provider we are not in a position to provide legal guidance specific to your business case. Our partners do provide this support and guidance and we are very happy to refer you.