Legal

Privacy Policy

Last updated: July 8, 2026

This page is maintained by Attribufi to explain how we handle personal data on the Service. It's a summary, not a certification.

What we collect

  • Account: name, email, workspace name, avatar (if provided by Google).
  • Product usage: brands, prompts, mentions, citations, dashboard interactions.
  • Connected accounts: when you connect Google Analytics or HubSpot, we store encrypted OAuth tokens and the specific metrics requested for attribution reporting.
  • Waitlist: email, brand name, and prompts submitted through the AI visibility grader.

How we use it

To run the Service, generate weekly AI visibility runs, deliver digest emails, and improve product features. We don't sell personal data.

Sharing

We share data with infrastructure subprocessors that run the Service (cloud database, email delivery, AI model providers used for scoring runs). Third-party analytics you connect (GA4, HubSpot) remain under those providers' terms.

AI model providers

Prompts you submit are sent to model providers (OpenAI, Anthropic, Google, Perplexity, xAI) as part of weekly runs. Providers may process prompts under their own terms; we don't send personal customer data in prompts by default.

Security

Data is transmitted over TLS. OAuth tokens for connected accounts are encrypted at rest using AES-256-GCM before being written to the database. Row-Level Security enforces workspace boundaries.

Retention

Workspace data is retained while your account is active. On cancellation, data is deleted within 30 days unless retention is required by law.

Your rights

You can access, correct, export, or delete your data by emailing privacy@attribufi.com. Users in the EU/UK have rights under GDPR/UK GDPR; California residents have rights under the CCPA.

Cookies

We use essential cookies for authentication. We may use privacy-respecting analytics to understand product usage in aggregate.

Contact

Questions or requests: privacy@attribufi.com.