Privacy Policy

Attensira Technology OÜ is the data controller for everything described in this policy. We are registered in Estonia, which means we operate under EU law and the GDPR.

We build an AI search optimization platform at app.attensira.com. It helps businesses track and improve how they appear in AI-powered search results from ChatGPT, Claude, Perplexity, Google AI Overviews, and others.

This policy applies when you visit our website at attensira.com, use the app, use our free tools, or talk to our team through sales or support.

Things you give us

• Account info: Name, email, company name, job title. The basics to set up your workspace.
• URLs you submit: The web pages you want us to analyze for AI visibility.
• Messages: Anything you send us through support, feedback forms, or email.
• Billing details: Name, billing address, and company name for invoicing. Your actual card number goes straight to Stripe — we never see it.

Things we collect automatically

• Usage data: Which features you use, when, and how often.
• Device info: Browser type, OS, screen size. Nothing exotic.
• Log data: IP address, pages visited, referring URL, timestamps.
• Analytics: Aggregated data about how people use the site and the app.

Payment data

We use Stripe to process payments. Your card number, CVV, and expiration date are collected by Stripe directly. They never touch our servers. We keep transaction records (amounts, dates, invoices) for accounting and tax compliance.

No health data. No racial or ethnic data. No political opinions. No government IDs. No precise GPS location. No data from anyone under 18.

We are a B2B analytics tool. We have no reason to collect sensitive personal data, and we do not.

To run the product: Create your account, process payments, generate AI visibility reports, deliver content optimization recommendations, and give you access to tools.

To talk to you: Service notifications (account changes, security alerts), support replies, and marketing emails if you opted in.

To improve: Understand usage patterns, find bugs, build better features.

To stay legal: Comply with tax law, respond to lawful requests, and enforce our Terms of Service and Acceptable Use Policy.

The GDPR requires us to have a valid reason for processing your data. Here are ours:

Contract. When you sign up and pay for Attensira, we need to process your data to deliver the service. Account creation, payment processing, report generation — all contract performance.

Legitimate interest. We analyze usage data to improve the product, market to existing customers, and protect against fraud. We balance our interests against your rights and only process what is proportionate.

Consent. Marketing emails to non-customers and non-essential cookies require your opt-in. You can withdraw consent any time by clicking unsubscribe or emailing privacy@attensira.com.

Legal obligation. Tax records, court orders, regulatory requirements. We keep what the law tells us to keep.

We do not sell your personal data. Full stop.

We share data with a small number of service providers who need it to help us operate:

• Stripe — payment processing
• Google Analytics — website analytics
• Cloud hosting provider — infrastructure and data storage
• Email service provider — transactional and marketing emails

Each provider is bound by a data processing agreement (DPA). They can only use your data for the specific service they provide to us. Nothing else.

Law enforcement: We will share data if compelled by a valid court order or legal obligation. We will not voluntarily hand over data to any government.

Business transfers: If Attensira is acquired or merges with another company, your data may transfer as part of that deal. We will notify you before that happens.

We are based in Estonia (EU). Some of our service providers operate in the United States.

When data leaves the EEA, we protect it using one of these mechanisms:

• EU adequacy decisions — the destination country has been approved by the European Commission
• Standard Contractual Clauses (SCCs) — EU-approved contract terms with the provider
• EU-US Data Privacy Framework — for certified US companies

Want a copy of the safeguards? Email privacy@attensira.com.

We keep different types of data for different periods:

• Account data: While your account is active, plus 30 days after deletion (so you can recover it if you change your mind).
• Payment records: 7 years. Estonian and EU tax law requires this.
• Usage analytics: Aggregated and anonymized after 26 months. After that, it is no longer personal data.
• Support messages: 3 years after the conversation is resolved.
• Marketing preferences: Until you unsubscribe or withdraw consent.

When these periods end, we delete or anonymize the data. No exceptions.

Here is what we do to protect your data:

• Encryption in transit (TLS) and at rest for all personal data.
• Role-based access controls. Only team members who need access to your data have it.
• Secure cloud infrastructure with regular security audits.
• Continuous monitoring for threats and anomalies.

No system is perfectly secure. If you suspect a breach or vulnerability, contact security@attensira.com immediately.

If you are in the EEA, UK, or Switzerland

Under the GDPR, you can:

• Access your data — get a copy of everything we hold about you
• Correct inaccurate or incomplete data
• Delete your data ("right to be forgotten")
• Restrict processing while we resolve a dispute
• Port your data to another service in a machine-readable format
• Object to processing based on legitimate interest
• Withdraw consent at any time, without affecting prior processing

If you are in the US

Residents of California, Virginia, Colorado, Connecticut, and other states with privacy laws have the right to know what data is collected, request deletion, and opt out of data sales. Since we do not sell data, the opt-out right is already satisfied.

How to exercise your rights

Email privacy@attensira.com. We will respond within 30 days. We may ask you to verify your identity first.

Filing a complaint

If you think we have handled your data wrongly, you can complain to a supervisory authority. Our lead authority is:

You can also complain to the supervisory authority in your own country.

We use cookies. The full details are in our Cookie Policy. The short version:

• Essential cookies keep you logged in and the site functional. You cannot opt out of these.
• Analytics cookies (Google Analytics) help us understand traffic. You can opt out through our cookie consent tool or your browser settings.

Attensira is a B2B platform. It is not for anyone under 18. We do not knowingly collect data from minors. If you believe a child has created an account, email privacy@attensira.com and we will delete it.

We may update this policy. When we do, we will change the date at the top. If the changes meaningfully affect your rights, we will email registered users.

We respond to privacy requests within 30 days. If yours is complicated, we will tell you and explain why it takes longer.