Legal
Privacy Policy
Last updated: June 6, 2026
This Privacy Policy explains how GTMVP Inc. (“GTMVP,” “we,” “us,” or “our”), through its AttriByte™ product, collects, uses, shares, and protects information when you visit www.attribyte.xyz, create an account, or use our B2B marketing attribution platform (collectively, the “Services”).
1. Introduction
AttriByte™ is a privacy-first marketing attribution platform built for B2B revenue teams by GTMVP Inc. We help you understand how every marketing touchpoint contributes to revenue while you keep ownership of your data, with export and deletion on demand. Privacy is not a feature we added late; it is the way the product is designed.
This policy applies to personal data we process as a controller — for example, information about the people who visit our website or administer an AttriByte workspace. When we process data on behalf of a customer through the Services (for instance, data drawn from a customer’s connected marketing tools), we generally act as a processor, and that processing is governed by the agreement between AttriByte and that customer rather than by this policy.
By using the Services, you acknowledge the practices described here. If you do not agree with this policy, please do not use the Services.
2. Information We Collect
We collect information in a few distinct ways, and we try to collect only what we need to run the Services well.
Account information
When you sign up or set up a workspace, we collect details such as your name, work email address, company name, role, and the credentials used to authenticate your account. If you contact us for support or sales, we keep a record of that correspondence.
Usage and device data
When you interact with our website or application, we automatically collect technical information such as your IP address, browser type, device and operating system, referring pages, the pages you view, and the actions you take inside the product. We use this to keep the Services secure, diagnose problems, and improve how things work.
Customer-connected data sources
The core of AttriByte is connecting the marketing and revenue tools you already use — for example, your CRM, ad platforms, and billing system — and modeling attribution across them. Through these connections we process data such as campaign performance, events, contacts, and revenue records. This connected data belongs to you. We process it in a managed, isolated, encrypted environment, you retain ownership, and you can export or delete it on demand — your own systems remain the source of truth.
Cookies, device identification & similar technologies
We use a limited set of first-party cookies, similar storage technologies, and — as a consent-gated fallback — device-identification (sometimes called “fingerprinting”) techniques to recognize returning visitors and connect sessions into a single buyer journey without relying on third-party cookies. We describe exactly how these work, and how to opt out, in Cookies, Tracking & Device Identification below.
3. How We Use Your Information
We use the information we collect to:
- Provide, operate, maintain, and secure the Services.
- Authenticate users and administer workspaces and access controls.
- Build and deliver attribution models and analytics for your account.
- Respond to your requests, questions, and support tickets.
- Monitor performance, debug issues, and improve our features.
- Detect, investigate, and prevent fraud, abuse, and security incidents.
- Send service and administrative communications, and — where permitted — relevant product updates you can opt out of.
- Comply with our legal obligations and enforce our agreements.
Where the GDPR or UK GDPR applies, we rely on the following legal bases: performance of a contract, our legitimate interests (such as securing and improving the Services), your consent (for example, for certain marketing or non-essential cookies), and compliance with legal obligations.
4. Data Processing & Sub-Processors
To deliver the Services, we work with a small set of trusted vendors and infrastructure providers who process data on our behalf under appropriate contractual safeguards. AttriByte processes your analytical data in a managed, isolated, encrypted environment, and is built so that you retain ownership and can export or delete your data on demand.
Data ownership and control
You connect the marketing and revenue sources you own; AttriByte ingests the data needed to model attribution and computes in an isolated environment, with results available to export back to a warehouse you own. You retain ownership and control of your data, and you can revoke our access at any time. In-warehouse pushdown compute, where modeling runs inside your own warehouse, is on our Enterprise roadmap.
Integration partners
Connections to your marketing and revenue tools are established through managed OAuth so that credentials are handled securely. Depending on the integrations you enable, AttriByte may process data from sources such as Salesforce, HubSpot, Google Ads, Meta Ads, LinkedIn Ads, TikTok Ads, and Stripe, among others. We access these sources only with your authorization and only to provide the Services you have requested.
Service providers
We also rely on infrastructure, authentication, communication, and payment providers to operate the business. A formal sub-processor list is in progress and will be published here; in the meantime we can share our current sub-processors with customers under evaluation on request. We require our sub-processors to protect personal data consistent with this policy and applicable law.
7. Data Retention
We retain personal data for as long as needed to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements. Retention periods vary by data type and context. Because you retain ownership of your connected analytical data and can export or delete it on demand, you control its lifecycle directly. When data is no longer required, we delete or de-identify it using reasonable measures.
8. Security
We use technical and organizational measures designed to protect personal data, including encryption in transit and at rest, access controls, least-privilege practices, and monitoring. We process your analytical data in a managed, isolated environment and give you export and deletion control over it. No method of transmission or storage is perfectly secure, however, and we cannot guarantee absolute security. You are responsible for safeguarding your account credentials.
Certifications & roadmap
We align our information-security practices with recognized industry frameworks. ISO/IEC 27001 certification of our information-security management system is coming soon — we are working toward it and will update this page once certification is in place. We are happy to share our current security posture with customers and prospects under evaluation; contact security@attribyte.xyz.
9. International Data Transfers
AttriByte operates from the United States, and the personal data we process as a controller may be transferred to and processed in the United States or other countries where we or our sub-processors operate. These countries may have data-protection laws that differ from those in your jurisdiction.
Where we transfer personal data out of the European Economic Area, the United Kingdom, or Switzerland, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (and the UK Addendum where applicable) to protect that data in line with the GDPR and UK GDPR.
10. Your Privacy Rights
EEA / UK (GDPR & UK GDPR)
If you are in the EEA or the UK, you have the right to access, correct, delete, restrict, or object to our processing of your personal data, the right to data portability, and the right to withdraw consent where processing is based on consent. You also have the right to lodge a complaint with your local supervisory authority.
California (CCPA / CPRA)
If you are a California resident, you have the right to know what personal information we collect and how we use it, to request access to or deletion of your personal information, to correct inaccurate information, to opt out of any “sale” or “sharing” of personal information, to limit the use of sensitive personal information, and to not be discriminated against for exercising your rights.
In the preceding twelve months, we have collected the following categories of personal information, drawn from the sources and used for the purposes described in this policy:
- Identifiers — such as name, work email, company, and online identifiers including IP address and device identifiers.
- Internet or network activity — browsing and interaction data on our website and application, and the device-identification signals described in Cookies, Tracking & Device Identification.
- Professional or employment information — such as your role and company, collected for account and B2B context.
- Commercial information — your subscription, plan, and billing records.
- Inferences — attribution and analytics results derived to provide the Services.
AttriByte does not sell your personal information, and we do not “share” it for cross-context behavioral advertising, as those terms are defined under the CPRA. We do not use or disclose sensitive personal information for purposes that require a right-to-limit option. We honor opt-out preference signals, including Global Privacy Control (GPC); see Cookies, Tracking & Device Identification.
To exercise any of these rights, contact us at privacy@attribyte.xyz. We will verify and respond to your request as required by applicable law. You may also authorize an agent to act on your behalf where the law permits.
11. Children’s Privacy
The Services are intended for businesses and are not directed to children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, please contact us and we will take appropriate steps to delete it.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the “Last updated” date above and, where appropriate, provide additional notice. Your continued use of the Services after an update means you accept the revised policy.
13. Contact Us
If you have questions about this Privacy Policy or how we handle your data, contact us at:
GTMVP Inc. (AttriByte™)
privacy@attribyte.xyz
You can also review our Terms of Use.