Attrfix

Privacy Policy

Effective date: April 3, 2026

1. Who we are

Attrfix is a deal attribution tool for HubSpot users. We help sales and marketing teams understand which activities drove a deal to close. This policy explains what data we collect, why, and how we protect it.

2. Data we collect

Account data

When you sign up, we collect your work email address. If you use Google OAuth, we receive your name and email from Google. We do not accept personal email domains (Gmail, Yahoo, etc.).

HubSpot data

When you connect HubSpot, we access the following data to compute attribution scores:

  • Contact properties: traffic source, form submissions, email opens and clicks, web visits, sequence enrollment, call and meeting counts
  • Deal properties: deal name, amount, stage, close date, associated contact IDs
  • Engagements: call, meeting, and email engagement records with timestamps

We do not read the content of any emails. We only access counts, timestamps, and structured metadata.

Usage data

We collect basic usage information such as pages visited and features used, to improve the product.

3. How we use your data

  • To compute and display attribution verdicts for your deals
  • To authenticate you and maintain your session
  • To contact you about your account, billing, or major product changes
  • To improve Attrfix and diagnose technical issues

We do not sell your data. We do not use your HubSpot data to train machine learning models for any purpose other than attribution scoring within your own account.

4. Data storage and security

Your data is stored in Supabase, hosted on AWS infrastructure in the United States. All data is encrypted at rest (AES-256) and in transit (TLS 1.2+).

HubSpot OAuth tokens are stored encrypted. We use the minimum required OAuth scopes to perform attribution. We do not request write access to your HubSpot account.

We apply security headers on all responses, including HSTS, X-Frame-Options DENY, X-Content-Type-Options nosniff, and a strict Referrer-Policy.

5. Data retention

We retain your account and HubSpot data for as long as your account is active. If you disconnect HubSpot, your synced deal data is deleted within 30 days. If you delete your account, all associated data is deleted within 30 days.

6. Third-party services

  • Supabase: authentication and database hosting
  • HubSpot: CRM data source, accessed via OAuth 2.0 with your consent
  • Vercel: application hosting and edge network

We do not share your data with any other third parties.

7. Your rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and all associated data
  • Disconnect your HubSpot integration at any time from your settings

To exercise these rights, email us at privacy@attrfix.com. We will respond within 30 days.

8. Cookies

We use cookies only for authentication (session management) and security (CSRF protection for OAuth flows). We do not use advertising or tracking cookies.

9. Changes to this policy

If we make material changes, we will notify you by email or by posting a notice in the app at least 14 days before the changes take effect.

10. Contact

Questions about this policy? Email us at privacy@attrfix.com.