Legal
Privacy Policy
Last updated: July 8, 2026
This page is maintained by Attribufi to explain how we handle personal data on the Service. It's a summary, not a certification.
What we collect
- Account: name, email, workspace name, avatar (if provided by Google).
- Product usage: brands, prompts, mentions, citations, dashboard interactions.
- Connected accounts: when you connect Google Analytics or HubSpot, we store encrypted OAuth tokens and the specific metrics requested for attribution reporting.
- Waitlist: email, brand name, and prompts submitted through the AI visibility grader.
How we use it
To run the Service, generate weekly AI visibility runs, deliver digest emails, and improve product features. We don't sell personal data.
Sharing
We share data with infrastructure subprocessors that run the Service (cloud database, email delivery, AI model providers used for scoring runs). Third-party analytics you connect (GA4, HubSpot) remain under those providers' terms.
AI model providers
Prompts you submit are sent to model providers (OpenAI, Anthropic, Google, Perplexity, xAI) as part of weekly runs. Providers may process prompts under their own terms; we don't send personal customer data in prompts by default.
Security
Data is transmitted over TLS. OAuth tokens for connected accounts are encrypted at rest using AES-256-GCM before being written to the database. Row-Level Security enforces workspace boundaries.
Retention
Workspace data is retained while your account is active. On cancellation, data is deleted within 30 days unless retention is required by law.
Your rights
You can access, correct, export, or delete your data by emailing privacy@attribufi.com. Users in the EU/UK have rights under GDPR/UK GDPR; California residents have rights under the CCPA.
Cookies
We use essential cookies for authentication. We may use privacy-respecting analytics to understand product usage in aggregate.
Contact
Questions or requests: privacy@attribufi.com.