Attrfix

Privacy Policy

Effective date: April 10, 2026

1. Who we are

Attrfix is a deal attribution tool for HubSpot users. We help sales and marketing teams understand which activities drove a deal to close. This policy explains what data we collect, why, and how we protect it.

2. Data we collect

Account data

When you sign up, we collect your work email address. If you use Google OAuth, we receive your name and email from Google. We do not accept personal email domains (Gmail, Yahoo, etc.).

HubSpot data

When you connect HubSpot, we access the following data to compute attribution scores:

  • Contact properties: traffic source, form submissions, email opens and clicks, web visits, sequence enrollment, call and meeting counts, LinkedIn ad click date
  • Deal properties: deal name, amount, stage, close date, associated contact IDs
  • Engagements: call, meeting, email, and LinkedIn Sales Navigator message records with timestamps

We do not read the content of any emails or messages. We only access counts, timestamps, and structured metadata.

We write a single custom property (attrfix_verdict) back to each deal in HubSpot to store the attribution verdict. No other data is written to your HubSpot account.

Usage data

We collect basic usage information such as pages visited and features used, to improve the product.

3. How we use your data

  • To compute and display attribution verdicts for your deals
  • To authenticate you and maintain your session
  • To contact you about your account, billing, or major product changes
  • To improve Attrfix and diagnose technical issues

We do not sell your data. We do not use your HubSpot data to train machine learning models for any purpose other than attribution scoring within your own account.

4. Data storage and security

Your data is stored in Supabase, hosted on AWS infrastructure in the United States. All data is encrypted at rest (AES-256) and in transit (TLS 1.2+).

HubSpot OAuth tokens are stored encrypted. We use the minimum required OAuth scopes to perform attribution. Write access is limited to storing the attribution verdict on deals via a single custom property.

We apply security headers on all responses, including HSTS, X-Frame-Options DENY, X-Content-Type-Options nosniff, and a strict Referrer-Policy.

5. Data retention

We retain your account and HubSpot data for as long as your account is active. If you disconnect HubSpot, your synced deal data is deleted within 30 days. If you delete your account, all associated data is deleted within 30 days.

If you add a third-party AI API key (Anthropic or OpenAI) in Settings, it is stored encrypted in our database and used solely to make API calls on your behalf when you request an AI explanation. We never log or transmit your key to any other service. You can remove it at any time from Settings.

6. Third-party services

  • Supabase: authentication and database hosting
  • HubSpot: CRM data source, accessed via OAuth 2.0 with your consent
  • Vercel: application hosting and edge network
  • Anthropic / OpenAI: optional AI explanation feature, only used if you provide your own API key in Settings. Your deal data is sent to the provider you choose solely to generate the explanation. We do not store the response beyond your session.
  • Stripe: payment processing. We do not store card details — all billing data is handled directly by Stripe.

We do not share your data with any other third parties.

7. Your rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and all associated data
  • Disconnect your HubSpot integration at any time from your settings

To exercise these rights, email us at privacy@attrfix.com. We will respond within 30 days.

8. Cookies

We use cookies only for authentication (session management) and security (CSRF protection for OAuth flows). We do not use advertising or tracking cookies.

9. Changes to this policy

If we make material changes, we will notify you by email or by posting a notice in the app at least 14 days before the changes take effect.

10. Contact

Questions about this policy? Email us at privacy@attrfix.com.