Privacy Policy

This summary highlights the key points of our Privacy Policy:

• What data do we collect? We collect information you provide directly (account details, payment information) and data generated through your use of our Services (usage data, analytics).
• How do we use your data? We use your data to provide and improve our Services, process payments, communicate with you, and comply with legal obligations.
• Do we share your data? We share data with service providers who help us operate our business (payment processors, cloud hosting). We do not sell your personal data.
• What are your rights? Depending on your location, you may have rights to access, correct, delete, or port your data. EEA/UK residents have additional rights under GDPR.
• How do we protect your data? We implement appropriate technical and organizational security measures to protect your information.
• How can you contact us? Email us at privacy@attensira.com or write to our address in Tallinn, Estonia.

Attensira Technology OÜ is the data controller responsible for your personal information. We are a company registered in Estonia.

• Company Name: Attensira Technology OÜ
• Registered Address: Tallinn, Harju County, Estonia
• Contact Email: privacy@attensira.com

As an Estonian company, we are subject to the Estonian Data Protection Act and the EU General Data Protection Regulation (GDPR).

Information You Provide Directly

When you create an account or use our Services, you may provide:

• Account Information: Name, email address, company name, job title
• Payment Information: Billing address and payment card details (processed securely by Stripe)
• Communications: Messages you send us through support channels or feedback forms
• Website URLs: URLs you submit for analysis through our platform

Information Collected Automatically

When you use our Services, we automatically collect:

• Usage Data: Features used, actions taken, timestamps, and frequency of use
• Device Information: Browser type, operating system, device type
• Log Data: IP address, pages visited, referring URLs, access times
• Analytics Data: Aggregated data about how users interact with our Services

Payment Data

When you subscribe to our paid plans, we collect information necessary to process your payment:

• Billing Information: Name, billing address, and company name
• Payment Card Details: Collected and processed securely by Stripe
• Transaction Records: Payment amounts, dates, and invoice details

We use Stripe as our payment processor. Your payment card details (card number, CVV, expiration date) are collected and processed directly by Stripe and are never stored on our servers. Please review Stripe's Privacy Policy for information on how they handle your payment data.

Information We Do NOT Collect

We do not collect:

• Sensitive personal data (racial/ethnic origin, political opinions, health data, etc.)
• Social Security numbers or government IDs
• Precise geolocation data
• Data from minors under 18 years of age

We use your information for the following purposes:

To Provide Our Services

• Create and manage your account
• Process your subscription and payments
• Deliver AI visibility reports and analytics
• Provide content optimization recommendations
• Enable access to our tools and features

To Communicate With You

• Send service-related notifications (account updates, security alerts)
• Respond to your support requests and inquiries
• Send marketing communications (with your consent, where required)

To Improve Our Services

• Analyze usage patterns to improve user experience
• Develop new features and functionality
• Fix bugs and technical issues

For Legal and Security Purposes

• Comply with legal obligations
• Protect against fraud and abuse
• Enforce our Terms of Service

Under the GDPR and UK GDPR, we must have a valid legal basis to process your personal information. We rely on the following bases:

Contract Performance

We process your data when necessary to fulfill our contract with you, including:

• Providing access to your account and our Services
• Processing payments for your subscription
• Delivering the features and tools you have purchased

Legitimate Interests

We process data based on our legitimate business interests, provided these do not override your rights. This includes:

• Improving and developing our Services
• Analyzing usage data to enhance user experience
• Marketing our Services to existing customers
• Protecting our Services from fraud and abuse

Consent

Where required by law, we obtain your consent before processing your data, particularly for:

• Sending marketing emails to non-customers
• Using non-essential cookies

You can withdraw consent at any time by contacting us or using the unsubscribe link in our emails.

Legal Obligations

We may process your data to comply with applicable laws, such as tax regulations, court orders, or regulatory requirements.

We do not sell your personal data. We share your information only with:

Service Providers

We work with trusted third-party service providers who process data on our behalf:

• Stripe: Payment processing
• Cloud Hosting: Data storage and infrastructure
• Analytics Providers: Website analytics (e.g., Google Analytics)
• Email Services: Transactional and marketing emails

These providers are contractually bound to protect your data and may only use it for the specific services they provide to us.

Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or to protect our legal rights.

Business Transfers

If Attensira is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

Attensira is based in Estonia (European Union). Your data may be transferred to and processed in countries outside the EEA, including the United States, where some of our service providers are located.

When we transfer data outside the EEA, we ensure appropriate safeguards are in place:

• Adequacy Decisions: Transfers to countries deemed adequate by the European Commission
• Standard Contractual Clauses (SCCs): EU-approved contractual terms with our service providers
• EU-US Data Privacy Framework: For transfers to certified US companies

You may request a copy of the safeguards we use by contacting us at privacy@attensira.com.

We retain your personal information only for as long as necessary to fulfill the purposes described in this Policy. Specific retention periods are:

• Account Data: Retained while your account is active and for 30 days after deletion to allow for account recovery
• Payment Records: Retained for 7 years to comply with tax and accounting regulations
• Usage Analytics: Aggregated and anonymized after 26 months
• Support Communications: Retained for 3 years after resolution
• Marketing Preferences: Retained until you withdraw consent

When retention periods expire, we securely delete or anonymize your data.

We implement appropriate technical and organizational measures to protect your personal information:

• Encryption: Data encrypted in transit (TLS/SSL) and at rest
• Access Controls: Role-based access limited to authorized personnel
• Infrastructure Security: Secure cloud hosting with regular security audits
• Monitoring: Continuous monitoring for security threats

While we strive to protect your data, no method of transmission over the Internet is 100% secure. If you suspect a security breach, please contact us immediately at security@attensira.com.

Rights Under GDPR (EEA/UK Residents)

If you are in the European Economic Area, UK, or Switzerland, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Limit how we process your data
• Portability: Receive your data in a machine-readable format
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent where processing is based on consent

Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority. For Estonia, this is:

You may also complain to the supervisory authority in your country of residence.

Rights for US Residents

If you reside in California, Virginia, Colorado, Connecticut, or other states with privacy laws, you may have additional rights including:

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of sale of personal information (we do not sell data)
• Right to non-discrimination for exercising your rights

Exercising Your Rights

To exercise any of these rights, please contact us at privacy@attensira.com. We will respond within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

We use cookies and similar tracking technologies to operate our website and Services. For detailed information about the cookies we use and how to control them, please see our Cookie Policy.

Key points:

• Essential Cookies: Required for the website to function (authentication, security)
• Analytics Cookies: Help us understand how visitors use our website (Google Analytics)
• Your Choices: You can manage cookie preferences through your browser settings or our cookie consent tool

Our Services are designed for businesses and are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

If you believe we have collected data from a minor, please contact us immediately at privacy@attensira.com, and we will take steps to delete such information.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes, we will:

• Update the "Last updated" date at the top of this Policy
• Notify you by email (for registered users) if changes significantly affect your rights
• Post a notice on our website

We encourage you to review this Policy periodically. Your continued use of our Services after changes constitutes acceptance of the updated Policy.

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

We aim to respond to all legitimate requests within 30 days. If your request is complex or you have made multiple requests, we will notify you if we need additional time.