Legal

Privacy Policy

Last updated: March 2, 2026

Attrifast ("we", "us", "our") operates the website attrifast.com and the Attrifast analytics service. This Privacy Policy explains what data we collect, what we do not collect, how we use data, and your rights regarding that data. Attrifast is a cookie-free, privacy-first analytics platform — our architecture is designed to never collect personal data from your website visitors.

1. Data Collected from Your Website Visitors

When someone visits a website that uses Attrifast's tracking script, we collect the following anonymous visit data:

  • Referrer URL (where the visitor came from)
  • UTM parameters (utm_source, utm_medium, utm_campaign, utm_term, utm_content)
  • Page URL visited
  • Timestamp of the visit

This data is anonymous and cannot be used to identify individual visitors. We generate a non-persistent session hash for the duration of a visit — this hash cannot be reversed to identify a person and is not stored long-term.

2. Data We Do NOT Collect

Attrifast is architecturally designed to avoid collecting personal data from website visitors. We do not collect:

  • IP addresses — discarded immediately on receipt, never stored or logged
  • Cookies — no cookies of any kind are set or read
  • Device fingerprints — no browser, screen, or device data is collected
  • Personal identifiers — no names, emails, or account information from visitors
  • Cross-site tracking data — no tracking across different websites

3. Account Data

When you register for an Attrifast account, we collect your email address and name through Google OAuth (or another supported authentication method). This data is used solely to manage your account, communicate with you about the Service, and provide customer support. We do not sell or share your account data with third parties for marketing purposes.

4. Payment Data

Payments are processed securely by Stripe. We do not store your credit card number, expiration date, or CVC on our servers. We store only your Stripe customer ID to manage your subscription. For details on how Stripe handles your payment data, refer to Stripe's Privacy Policy.

5. Stripe Webhook Data

When you connect Stripe to Attrifast, we receive webhook events containing order and transaction data. This data is used exclusively for revenue attribution — to connect a payment to the marketing channel that drove it.

From webhooks, we process order amounts, transaction identifiers, and timestamps. We do not store customer personally identifiable information (PII) such as customer names, email addresses, or shipping addresses from webhook payloads.

6. How We Use Data

All data collected by Attrifast is used for one purpose: revenue attribution analytics. Specifically:

  • Anonymous visit data is matched with revenue events to show which marketing channels drive paying customers
  • Account data is used to manage your subscription and communicate with you about the Service
  • Payment data (Stripe customer ID) is used to manage billing
  • Webhook data is used to attribute revenue to marketing sources

We do not use data for advertising, profiling, or any purpose beyond providing the analytics service you signed up for.

7. Data Retention

Anonymous visit data and attribution data are retained for the duration of your active subscription. Account data is retained as long as your account is active. Upon account deletion or termination, we delete your data within 30 days unless we are required by law to retain it longer.

8. Third-Party Services

Attrifast uses the following third-party services:

  • Stripe — for payment processing and subscription management
  • Google OAuth — for account authentication
  • Vercel — for hosting the web application

Each of these services has its own privacy policy governing their use of data. We only share the minimum data necessary for each service to function.

9. GDPR Compliance

Attrifast does not collect personal data from website visitors. Because no personal data is processed, no cookie consent banner is required for the Attrifast tracking script under the GDPR or the ePrivacy Directive.

For registered account holders, we process personal data (email and name) under the lawful basis of contract performance (GDPR Article 6(1)(b)) — this data is necessary to provide the service you signed up for. You have the right to access, correct, export, or delete your account data at any time by contacting us.

10. Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS), secure authentication, and access controls. While no method of electronic transmission or storage is 100% secure, we strive to protect your data using commercially reasonable practices.

11. Children's Privacy

Attrifast is a business-to-business service and is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

13. Contact

If you have questions about this Privacy Policy or your data, please contact us at vincent@sproutfi.xyz.

See also our Terms of Service.