AttriByte

Legal

Privacy Policy

Last updated: May 29, 2026

This Privacy Policy explains how GTMVP Inc. (“GTMVP,” “we,” “us,” or “our”), through its AttriByte™ product, collects, uses, shares, and protects information when you visit www.attribyte.xyz, create an account, or use our B2B marketing attribution platform (collectively, the “Services”).

1. Introduction

AttriByte™ is a privacy-first marketing attribution platform built for B2B revenue teams by GTMVP Inc. We help you understand how every marketing touchpoint contributes to revenue while keeping your underlying data inside infrastructure you own. Privacy is not a feature we added late; it is the way the product is designed.

This policy applies to personal data we process as a controller — for example, information about the people who visit our website or administer an AttriByte workspace. When we process data on behalf of a customer through the Services (for instance, data drawn from a customer’s connected marketing tools), we generally act as a processor, and that processing is governed by the agreement between AttriByte and that customer rather than by this policy.

By using the Services, you acknowledge the practices described here. If you do not agree with this policy, please do not use the Services.

2. Information We Collect

We collect information in a few distinct ways, and we try to collect only what we need to run the Services well.

Account information

When you sign up or set up a workspace, we collect details such as your name, work email address, company name, role, and the credentials used to authenticate your account. If you contact us for support or sales, we keep a record of that correspondence.

Usage and device data

When you interact with our website or application, we automatically collect technical information such as your IP address, browser type, device and operating system, referring pages, the pages you view, and the actions you take inside the product. We use this to keep the Services secure, diagnose problems, and improve how things work.

Customer-connected data sources

The core of AttriByte is connecting the marketing and revenue tools you already use — for example, your CRM, ad platforms, and billing system — and modeling attribution across them. Through these connections we process data such as campaign performance, events, contacts, and revenue records. This connected data belongs to you. AttriByte is built to run on the customer’s own data warehouse, so this data stays within infrastructure you control rather than being copied into a black box we own.

Cookies and similar technologies

We use a limited set of cookies and similar technologies on our website and application. See Cookies & Tracking below for details.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, maintain, and secure the Services.
  • Authenticate users and administer workspaces and access controls.
  • Build and deliver attribution models and analytics for your account.
  • Respond to your requests, questions, and support tickets.
  • Monitor performance, debug issues, and improve our features.
  • Detect, investigate, and prevent fraud, abuse, and security incidents.
  • Send service and administrative communications, and — where permitted — relevant product updates you can opt out of.
  • Comply with our legal obligations and enforce our agreements.

Where the GDPR or UK GDPR applies, we rely on the following legal bases: performance of a contract, our legitimate interests (such as securing and improving the Services), your consent (for example, for certain marketing or non-essential cookies), and compliance with legal obligations.

4. Data Processing & Sub-Processors

To deliver the Services, we work with a small set of trusted vendors and infrastructure providers who process data on our behalf under appropriate contractual safeguards. AttriByte’s architecture is deliberately warehouse-centric: your analytical data is modeled inside the data warehouse you own, which limits the personal data that ever leaves your environment.

The warehouse model

Rather than centralizing your raw marketing and revenue data on our servers, AttriByte runs attribution computations against your own data warehouse. You retain ownership and control of that data, and you can revoke our access at any time.

Integration partners

Connections to your marketing and revenue tools are established through managed OAuth so that credentials are handled securely. Depending on the integrations you enable, AttriByte may process data from sources such as Salesforce, HubSpot, Google Ads, Meta Ads, LinkedIn Ads, TikTok Ads, and Stripe, among others. We access these sources only with your authorization and only to provide the Services you have requested.

Service providers

We also rely on infrastructure, authentication, communication, and payment providers to operate the business. We maintain a current list of sub-processors and will make it available on request. We require our sub-processors to protect personal data consistent with this policy and applicable law.

5. Cookies & Tracking

We use cookies and similar technologies to keep you signed in, remember your preferences, secure the Services, and understand how our website is used. Essential cookies are required for the site to function. Analytics and preference cookies help us improve the experience and are used in accordance with your choices.

You can control cookies through your browser settings, and where required we will ask for your consent to non-essential cookies. Note that AttriByte’s attribution product itself is designed to minimize reliance on third-party tracking — privacy-first measurement is the point of the platform.

6. Data Sharing & Disclosure

We do not sell your personal data. We share information only in the limited circumstances described below:

  • With sub-processors and service providers who help us operate the Services, under contractual confidentiality and security obligations.
  • With the third-party integrations you choose to connect, to the extent needed to provide the Services you authorize.
  • In connection with a merger, acquisition, financing, or sale of assets, where information may be transferred subject to this policy.
  • When required by law, legal process, or a valid government request, or to protect the rights, property, or safety of AttriByte, our users, or others.
  • With your direction or consent, for any other purpose disclosed at the time.

7. Data Retention

We retain personal data for as long as needed to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements. Retention periods vary by data type and context. Because much of your connected analytical data lives in your own warehouse, you control its lifecycle directly. When data is no longer required, we delete or de-identify it using reasonable measures.

8. Security

We use technical and organizational measures designed to protect personal data, including encryption in transit, access controls, least-privilege practices, and monitoring. Our warehouse-centric architecture also reduces risk by keeping sensitive data within your own environment. No method of transmission or storage is perfectly secure, however, and we cannot guarantee absolute security. You are responsible for safeguarding your account credentials.

9. International Data Transfers

AttriByte operates from the United States, and the personal data we process as a controller may be transferred to and processed in the United States or other countries where we or our sub-processors operate. These countries may have data-protection laws that differ from those in your jurisdiction.

Where we transfer personal data out of the European Economic Area, the United Kingdom, or Switzerland, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (and the UK Addendum where applicable) to protect that data in line with the GDPR and UK GDPR.

10. Your Privacy Rights

EEA / UK (GDPR & UK GDPR)

If you are in the EEA or the UK, you have the right to access, correct, delete, restrict, or object to our processing of your personal data, the right to data portability, and the right to withdraw consent where processing is based on consent. You also have the right to lodge a complaint with your local supervisory authority.

California (CCPA / CPRA)

If you are a California resident, you have the right to know what personal information we collect and how we use it, to request access to or deletion of your personal information, to correct inaccurate information, and to not be discriminated against for exercising your rights. AttriByte does not sell or “share” personal information for cross-context behavioral advertising as those terms are defined under the CPRA.

To exercise any of these rights, contact us at privacy@attribyte.xyz. We will verify and respond to your request as required by applicable law. You may also authorize an agent to act on your behalf where the law permits.

11. Children’s Privacy

The Services are intended for businesses and are not directed to children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, please contact us and we will take appropriate steps to delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the “Last updated” date above and, where appropriate, provide additional notice. Your continued use of the Services after an update means you accept the revised policy.

13. Contact Us

If you have questions about this Privacy Policy or how we handle your data, contact us at:

GTMVP Inc. (AttriByte™)
privacy@attribyte.xyz

You can also review our Terms of Use.