Privacy Policy
Last updated: 26 June 2026
Attriboard (“we”) provides a first-party marketing-attribution service for SaaS businesses (“customers”). This policy explains what we collect, why, and the choices you have. It is provided for transparency and is not legal advice.
Data we process for our customers
When a customer installs our pixel on their website, we process analytics events on their behalf as a data processor. These events include page URLs, referrers, UTM parameters, a randomly generated session identifier stored in the visitor’s browser, user-agent string, and — only where the customer’s end-user identifies themselves — an email address used to join sessions to Stripe payment records.
We do not store raw IP addresses. IPs are one-way hashed (SHA-256, salted per site) solely for de-duplication and abuse prevention, and cannot be reversed back to the original address.
Account data we collect as a controller
To run your Attriboard account we store your email address (for passwordless sign-in), workspace and site configuration, your plan, and your Stripe customer/connection identifiers. We use passwordless magic-link authentication; we never store passwords.
Payments
Subscription billing is handled by Stripe. We do not see or store full card numbers. Stripe’s processing is governed by their own privacy policy.
How we use data
To provide the attribution dashboard, authenticate you, bill you, prevent abuse, and improve reliability. We do not sell personal data or use it for advertising.
Retention & your rights
Customers can export their attribution data (CSV) and can request deletion of their workspace and associated events. End-users of our customers’ sites should direct access/deletion requests to that site’s operator, who controls the data; we will assist our customers in fulfilling such requests. Depending on your location you may have rights under the GDPR or CCPA, including access, correction, and deletion.
Contact
Questions or requests: privacy@attriboard.shovelware.ai.