Privacy Policy

Last updated: 26 June 2026

Attriboard (“we”) provides a first-party marketing-attribution service for SaaS businesses (“customers”). This policy explains what we collect, why, and the choices you have. It is provided for transparency and is not legal advice.

Data we process for our customers

When a customer installs our pixel on their website, we process analytics events on their behalf as a data processor. These events include page URLs, referrers, UTM parameters, a randomly generated session identifier stored in the visitor’s browser, user-agent string, and — only where the customer’s end-user identifies themselves — an email address used to join sessions to Stripe payment records.

We do not store raw IP addresses. IPs are one-way hashed (SHA-256, salted per site) solely for de-duplication and abuse prevention, and cannot be reversed back to the original address.

Account data we collect as a controller

To run your Attriboard account we store your email address (for passwordless sign-in), workspace and site configuration, your plan, and your Stripe customer/connection identifiers. We use passwordless magic-link authentication; we never store passwords.

Payments

Subscription billing is handled by Stripe. We do not see or store full card numbers. Stripe’s processing is governed by their own privacy policy.

How we use data

To provide the attribution dashboard, authenticate you, bill you, prevent abuse, and improve reliability. We do not sell personal data or use it for advertising.

Retention & your rights

Customers can export their attribution data (CSV) and can request deletion of their workspace and associated events. End-users of our customers’ sites should direct access/deletion requests to that site’s operator, who controls the data; we will assist our customers in fulfilling such requests. Depending on your location you may have rights under the GDPR or CCPA, including access, correction, and deletion.

Contact

Questions or requests: privacy@attriboard.shovelware.ai.