Privacy Policy

Account Data: Email address, brand name, and password hash when you sign up.

Click Data: When someone clicks a tracking link, we collect: hashed IP address (SHA-256, never plain text), user agent string, referer URL, browser fingerprint (derived from HTTP headers), and timestamp.

Conversion Data: Order IDs, revenue amounts, coupon codes, and click IDs as sent by you via webhooks or tracking snippets.

Usage Data: Pages visited within the dashboard, feature usage patterns.

We do not collect: plain-text IP addresses, names or emails of end consumers, payment card details, social security numbers, or any sensitive personal data.

• Provide click tracking, conversion attribution, and analytics
• Detect and prevent click fraud and bot traffic
• Scan destination URLs for scams and phishing (AI-powered)
• Improve the Service and develop new features
• Send transactional emails (account verification, password reset)
• Comply with legal obligations

We do not sell, rent, or share your personal data with third parties for marketing purposes.

• IP addresses are hashed with SHA-256 immediately upon receipt — we never store plain-text IPs
• All data is transmitted over HTTPS/TLS
• Database access is protected by Row Level Security (RLS) — users can only access their own workspace data
• API keys are UUID v4 and unique per workspace
• Supabase Auth handles password hashing with bcrypt
• Service role keys are server-side only and never exposed to the browser

We use the following third-party services:

• Supabase — Database hosting and authentication (EU/US data centers)
• Google Cloud Run — Redirect engine hosting
• Vercel — Dashboard hosting
• Google Gemini AI — URL safety scanning and fraud analysis (data sent: URLs and aggregated click statistics only, no personal data)

You have the right to:

• Access your personal data
• Correct inaccurate data
• Delete your account and associated data
• Export your data in a portable format
• Object to processing of your data
• Withdraw consent at any time

To exercise these rights, contact us at privacy@attriq.io.

• Click data: Retained for 12 months, then automatically deleted
• Conversion data: Retained for the duration of your account
• Account data: Retained until you delete your account
• After account deletion: All data is permanently deleted within 30 days

We use first-party cookies only for authentication session management (Supabase Auth). We do not use third-party cookies, tracking pixels, or advertising cookies.

The tracking snippet uses localStorage (not cookies) to store the click_id for attribution purposes. This data is scoped to the brand's domain and expires after 30 days.