Legal

Privacy Policy

Last updated: June 6, 2026

This Privacy Policy explains how GTMVP Inc. (“GTMVP,” “we,” “us,” or “our”), through its AttriByte™ product, collects, uses, shares, and protects information when you visit www.attribyte.xyz, create an account, or use our B2B marketing attribution platform (collectively, the “Services”).

1. Introduction

AttriByte™ is a privacy-first marketing attribution platform built for B2B revenue teams by GTMVP Inc. We help you understand how every marketing touchpoint contributes to revenue while you keep ownership of your data, with export and deletion on demand. Privacy is not a feature we added late; it is the way the product is designed.

This policy applies to personal data we process as a controller — for example, information about the people who visit our website or administer an AttriByte workspace. When we process data on behalf of a customer through the Services (for instance, data drawn from a customer’s connected marketing tools), we generally act as a processor, and that processing is governed by the agreement between AttriByte and that customer rather than by this policy.

By using the Services, you acknowledge the practices described here. If you do not agree with this policy, please do not use the Services.

2. Information We Collect

We collect information in a few distinct ways, and we try to collect only what we need to run the Services well.

Account information

When you sign up or set up a workspace, we collect details such as your name, work email address, company name, role, and the credentials used to authenticate your account. If you contact us for support or sales, we keep a record of that correspondence.

Usage and device data

When you interact with our website or application, we automatically collect technical information such as your IP address, browser type, device and operating system, referring pages, the pages you view, and the actions you take inside the product. We use this to keep the Services secure, diagnose problems, and improve how things work.

Customer-connected data sources

The core of AttriByte is connecting the marketing and revenue tools you already use — for example, your CRM, ad platforms, and billing system — and modeling attribution across them. Through these connections we process data such as campaign performance, events, contacts, and revenue records. This connected data belongs to you. We process it in a managed, isolated, encrypted environment, you retain ownership, and you can export or delete it on demand — your own systems remain the source of truth.

Cookies, device identification & similar technologies

We use a limited set of first-party cookies, similar storage technologies, and — as a consent-gated fallback — device-identification (sometimes called “fingerprinting”) techniques to recognize returning visitors and connect sessions into a single buyer journey without relying on third-party cookies. We describe exactly how these work, and how to opt out, in Cookies, Tracking & Device Identification below.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, maintain, and secure the Services.
  • Authenticate users and administer workspaces and access controls.
  • Build and deliver attribution models and analytics for your account.
  • Respond to your requests, questions, and support tickets.
  • Monitor performance, debug issues, and improve our features.
  • Detect, investigate, and prevent fraud, abuse, and security incidents.
  • Send service and administrative communications, and — where permitted — relevant product updates you can opt out of.
  • Comply with our legal obligations and enforce our agreements.

Where the GDPR or UK GDPR applies, we rely on the following legal bases: performance of a contract, our legitimate interests (such as securing and improving the Services), your consent (for example, for certain marketing or non-essential cookies), and compliance with legal obligations.

4. Data Processing & Sub-Processors

To deliver the Services, we work with a small set of trusted vendors and infrastructure providers who process data on our behalf under appropriate contractual safeguards. AttriByte processes your analytical data in a managed, isolated, encrypted environment, and is built so that you retain ownership and can export or delete your data on demand.

Data ownership and control

You connect the marketing and revenue sources you own; AttriByte ingests the data needed to model attribution and computes in an isolated environment, with results available to export back to a warehouse you own. You retain ownership and control of your data, and you can revoke our access at any time. In-warehouse pushdown compute, where modeling runs inside your own warehouse, is on our Enterprise roadmap.

Integration partners

Connections to your marketing and revenue tools are established through managed OAuth so that credentials are handled securely. Depending on the integrations you enable, AttriByte may process data from sources such as Salesforce, HubSpot, Google Ads, Meta Ads, LinkedIn Ads, TikTok Ads, and Stripe, among others. We access these sources only with your authorization and only to provide the Services you have requested.

Service providers

We also rely on infrastructure, authentication, communication, and payment providers to operate the business. A formal sub-processor list is in progress and will be published here; in the meantime we can share our current sub-processors with customers under evaluation on request. We require our sub-processors to protect personal data consistent with this policy and applicable law.

5. Cookies, Tracking & Device Identification

We use cookies and similar technologies to keep you signed in, remember your preferences, secure the Services, and understand how our website is used. Essential cookies are required for the site to function. Analytics and preference cookies help us improve the experience and are used in accordance with your choices. We use only first-party cookies; we do not use third-party advertising cookies and we do not allow third parties to use our cookies to build cross-site advertising profiles of you.

Device identification (“fingerprinting”)

AttriByte is a cookieless-by-design attribution platform. To recognize a returning visitor and stitch sessions into one buyer journey without third-party cookies, AttriByte and AttriByte customer deployments may use device-identification techniques — commonly called “fingerprinting.” These combine signals your browser and device make available (such as browser and operating-system type, language, time zone, screen characteristics, and rendering, audio, and font characteristics) into a probabilistic identifier.

We are deliberate about how this is used. Device identification is only ever a fallback to first-party deterministic identity — such as a hashed email address, a login event, or a CRM identifier — and is never the primary identifier. It is used to connect a visitor’s own sessions on a customer’s property, not to track you across unaffiliated third-party websites. We do not use session replay, keystroke logging, or interception of the contents of your communications.

Your choices and opt-out signals (GPC / DNT)

We honor opt-out preference signals, including Global Privacy Control (GPC) and Do Not Track (DNT). When we detect such a signal — or where analytics consent has not been granted — we suppress device identification for that visit: no device-identification record is created or used, and only the data necessary to provide and secure the Services is processed. You can also manage cookies through your browser settings, and, where required, we will ask for your consent to non-essential cookies and tracking technologies before they are used.

California tracking technologies & consent (CIPA)

For California residents: California’s Invasion of Privacy Act (CIPA) and similar laws govern the use of certain tracking technologies. We disclose the cookies, analytics, and device-identification technologies we use in this section so that your use of the Services is informed. By using the Services without enabling an opt-out signal, you consent to the use of the technologies described in this policy. You may withdraw that consent at any time through GPC or DNT, through your browser controls, or by contacting us at privacy@attribyte.xyz. We do not use “wiretap”-style interception of your communications and we do not disclose the contents of your communications to third parties for their own independent purposes.

6. Data Sharing & Disclosure

We do not sell your personal data. We share information only in the limited circumstances described below:

  • With sub-processors and service providers who help us operate the Services, under contractual confidentiality and security obligations.
  • With the third-party integrations you choose to connect, to the extent needed to provide the Services you authorize.
  • In connection with a merger, acquisition, financing, or sale of assets, where information may be transferred subject to this policy.
  • When required by law, legal process, or a valid government request, or to protect the rights, property, or safety of AttriByte, our users, or others.
  • With your direction or consent, for any other purpose disclosed at the time.

7. Data Retention

We retain personal data for as long as needed to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements. Retention periods vary by data type and context. Because you retain ownership of your connected analytical data and can export or delete it on demand, you control its lifecycle directly. When data is no longer required, we delete or de-identify it using reasonable measures.

8. Security

We use technical and organizational measures designed to protect personal data, including encryption in transit and at rest, access controls, least-privilege practices, and monitoring. We process your analytical data in a managed, isolated environment and give you export and deletion control over it. No method of transmission or storage is perfectly secure, however, and we cannot guarantee absolute security. You are responsible for safeguarding your account credentials.

Certifications & roadmap

We align our information-security practices with recognized industry frameworks. ISO/IEC 27001 certification of our information-security management system is coming soon — we are working toward it and will update this page once certification is in place. We are happy to share our current security posture with customers and prospects under evaluation; contact security@attribyte.xyz.

9. International Data Transfers

AttriByte operates from the United States, and the personal data we process as a controller may be transferred to and processed in the United States or other countries where we or our sub-processors operate. These countries may have data-protection laws that differ from those in your jurisdiction.

Where we transfer personal data out of the European Economic Area, the United Kingdom, or Switzerland, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (and the UK Addendum where applicable) to protect that data in line with the GDPR and UK GDPR.

10. Your Privacy Rights

EEA / UK (GDPR & UK GDPR)

If you are in the EEA or the UK, you have the right to access, correct, delete, restrict, or object to our processing of your personal data, the right to data portability, and the right to withdraw consent where processing is based on consent. You also have the right to lodge a complaint with your local supervisory authority.

California (CCPA / CPRA)

If you are a California resident, you have the right to know what personal information we collect and how we use it, to request access to or deletion of your personal information, to correct inaccurate information, to opt out of any “sale” or “sharing” of personal information, to limit the use of sensitive personal information, and to not be discriminated against for exercising your rights.

In the preceding twelve months, we have collected the following categories of personal information, drawn from the sources and used for the purposes described in this policy:

  • Identifiers — such as name, work email, company, and online identifiers including IP address and device identifiers.
  • Internet or network activity — browsing and interaction data on our website and application, and the device-identification signals described in Cookies, Tracking & Device Identification.
  • Professional or employment information — such as your role and company, collected for account and B2B context.
  • Commercial information — your subscription, plan, and billing records.
  • Inferences — attribution and analytics results derived to provide the Services.

AttriByte does not sell your personal information, and we do not “share” it for cross-context behavioral advertising, as those terms are defined under the CPRA. We do not use or disclose sensitive personal information for purposes that require a right-to-limit option. We honor opt-out preference signals, including Global Privacy Control (GPC); see Cookies, Tracking & Device Identification.

To exercise any of these rights, contact us at privacy@attribyte.xyz. We will verify and respond to your request as required by applicable law. You may also authorize an agent to act on your behalf where the law permits.

11. Children’s Privacy

The Services are intended for businesses and are not directed to children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, please contact us and we will take appropriate steps to delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the “Last updated” date above and, where appropriate, provide additional notice. Your continued use of the Services after an update means you accept the revised policy.

13. Contact Us

If you have questions about this Privacy Policy or how we handle your data, contact us at:

GTMVP Inc. (AttriByte™)
privacy@attribyte.xyz

You can also review our Terms of Use.