How we handle your data .

A practical guide to Attributter's security, privacy, and data handling — written in plain English.
We connect to your LinkedIn Ads and HubSpot CRM to attribute pipeline back to ad exposure. That's a serious amount of trust,
so this page lays out exactly what we read, what we store, where it lives, and how we keep it safe.
On this page
1. The short version2. Frequently asked questions3. What data we access4. Infrastructure & hosting5. Sub-processors6. Security measures7. Documents & contact
The short version
If you only read one section, read this one.
Read-only by default. Attributter requests read-only OAuth scopes from HubSpot and LinkedIn. We do not write back to your CRM, do not edit your ads, and do not impersonate you anywhere.
Minimal personal data. The only personal data we process for your account is your name and email. Everything else we store is company-level (organization names, domains, deal amounts, ad impressions).
Encrypted OAuth tokens. The tokens that let us call HubSpot and LinkedIn on your behalf are encrypted at rest using AES-256-CBC envelope encryption (DEK + master key). Database dumps are useless without the master key.
Your data is yours. We never sell, rent, or enrich third-party datasets with your data. We do not use your CRM or ad data to train any machine-learning model.
One-click disconnect. Disconnecting HubSpot or LinkedIn from Attributter revokes the OAuth grant on the provider side and deletes the encrypted token from our database.
Account deletion deletes everything. Ask us to delete your account and we permanently remove your user record, your synced companies, deals, ad analytics, matches, and OAuth tokens within 30 days.
Frequently asked questions
Where is my data stored?
All customer data lives in a managed PostgreSQL database and a managed Redis cache, both hosted on our cloud provider in an EU region. Backups stay in the same region. We do not replicate customer data outside the EU.
What personal data do you actually process?
For your Attributter account, we store: first name, last name, email, a bcrypt-hashed password (12 salt rounds), and email-verification status. That's it.For attribution, we sync company-level records from HubSpot and LinkedIn — company names, domains, deal amounts, ad impressions. We sync HubSpot contacts only to determine deal-level lead source (e.g. "this deal's primary contact came from LinkedIn") and never expose them outside your own account.
Do you read or write data in my CRM and ad accounts?
Read only. The OAuth scopes we request are strictly read scopes:
HubSpot: crm.objects.companies.read, crm.objects.deals.read, crm.objects.contacts.read
LinkedIn: r_ads, r_ads_reporting, r_organization_social, plus standard openid profile email
Attributter cannot create, modify, or delete anything inside your HubSpot or LinkedIn account.
How are my OAuth tokens secured?
Tokens use envelope encryption:
A unique Data Encryption Key (DEK) is generated per token.
The token is encrypted with the DEK using AES-256-CBC.
The DEK itself is encrypted with the application master key, which lives in a separate secrets store — not in the database.
Token refresh runs automatically with a 5-minute buffer before expiry, so we never extend access longer than the provider allows.
A database dump on its own contains no usable tokens.
Do you sell, share, or "enrich" my data?
No. We do not sell your data. We do not share it with data brokers. We do not enrich third-party datasets with your CRM. We do not train models on your data. Attributter is paid by you; you are the customer, not the product.
Who at Attributter can see my data?
Access to production data is restricted to a small number of engineers on the Attributter team and is logged. We use the principle of least privilege — engineers do not have ambient access to your raw CRM or ad data; they only access it on a case-by-case basis to debug a support ticket, and only with your knowledge.
What happens when I disconnect an integration?
Hitting Disconnect in Data Sources does three things, in order: (1) calls the provider's token-revocation endpoint, (2) deletes the encrypted token row from our database, (3) flips the integration's status to disconnected so workers stop trying to sync. Previously-synced data remains in your Attributter workspace so your historical attribution still works — but no new data is pulled.
What happens if I delete my account?
Account deletion is a hard delete. We remove your user record, synced HubSpot companies and deals, synced LinkedIn analytics and organizations, matched-company records, OAuth tokens, and pipeline selections. Backups age out on a rolling 30-day cycle, after which all traces are gone.
How do you handle a security incident?
If we discover an incident that affects customer data, we will notify affected customers by email within 72 hours of confirming the breach (in line with GDPR Article 33). The notification includes what happened, what data was involved, what we've done, and what you should do.
Is Attributter SOC 2 / ISO 27001 certified?
Not yet. We're a young product and formal certification is on our roadmap rather than complete. In the meantime this page is an honest description of the controls that are in place — encrypted tokens, read-only scopes, EU hosting, structured access control, rate limiting, security headers, audit-friendly logging. If you need a DPA, SCCs, or a vendor-security questionnaire filled in, email us and we'll get it back to you within two business days.
What data we access
Concretely, here's the read/write surface of each integration. "Read" means we sync this data into your Attributter workspace.
"Write" means we push changes back to the source — which we don't.
Platform
Object
Read
Write
Used for
HubSpot
Companies
Yes
No
Matching CRM companies to LinkedIn ad audiences
HubSpot
Deals
Yes
No
Pipeline value, won/lost revenue, attribution classification
HubSpot
Contacts
Yes
No
Deal-level lead-source detection (e.g. "primary contact came from LinkedIn")
HubSpot
Pipelines
Yes
No
Resolving pipeline IDs to human-readable names
LinkedIn Ads
Ad accounts
Yes
No
Letting you choose which ad account to attribute
LinkedIn Ads
Company-level ad analytics
Yes
No
Impressions, clicks, engagements per company per month
LinkedIn Ads
Organization data
Yes
No
Resolving organizations to names, domains, and countries
LinkedIn Ads
Campaigns
Yes
No
Ad spend breakdown by campaign
Infrastructure & hosting
Attributter is a small, well-defined stack. Every component is run as a managed service so we don't operate our own hardware:
Application layer
The API is a Node.js 20 / Express 5 server with Helmet security headers, a CORS allow-list, and Zod request validation on every endpoint. The frontend is a static React SPA served via CDN. Background workers run as a separate long-running process and consume jobs from BullMQ.
Data layer
Customer data lives in managed PostgreSQL in an EU region with automated daily backups and point-in-time recovery. Job queue state lives in managed Redis, also EU-region.
Encryption in transit
All traffic to Attributter is served over TLS 1.2+ (HSTS enabled). All outbound calls to HubSpot, LinkedIn, and our sub-processors use TLS. We do not accept plaintext HTTP.
Encryption at rest
OAuth tokens — the most sensitive thing we store — are encrypted using envelope encryption (see the FAQ). The database itself is encrypted at rest by the managed-database provider. Backups inherit that encryption.
Logging
We log application events with Winston (request IDs, error stack traces in development, structured JSON in production) and ship them to a managed log store with restricted access. Logs do not contain raw OAuth tokens, passwords, or full HubSpot/LinkedIn payloads — only metadata needed to debug.
Sub-processors
The third-party services that touch your data, what they do, and where they're based.
Sub-processor
Purpose
Region
Data shared
Railway
Application & worker hosting, managed PostgreSQL, managed Redis
EU
All customer data (encrypted at rest)
Resend
Transactional email (signup, password reset, account notifications)
EU
Recipient email, message contents
HubSpot API
Source: companies, deals, contacts, pipelines
Per HubSpot account region
OAuth token, read-only API calls only
LinkedIn Marketing API
Source: ad analytics, organizations, campaigns
LinkedIn (US/EU)
OAuth token, read-only API calls only
Stripe
Subscription billing
EU/US
Billing email, payment method (never stored by us)
Cloudflare
DNS, CDN, DDoS protection in front of the frontend
Global edge
HTTP request metadata (IP, user-agent)
Security measures
The concrete controls in the codebase and the runtime.
Password hashing
bcrypt with 12 salt rounds. Passwords are never
stored in plaintext or returned by any API.
JWT sessions
HS256 tokens, 24-hour expiry. Password-reset tokens are bound to the user's current password hash, so a reset link auto-invalidates the moment the password changes.
OAuth token envelope encryption
Per-token DEK + AES-256-CBC, with the master key stored in a separate secrets store. Database alone is not enough to decrypt.
OAuth CSRF protection
A cryptographically random state with a 10-minute expiry guards every OAuth round-trip, preventing CSRF and replay attacks.
Rate limiting
Login/register capped at 10 requests / 15 min / IP. Password reset capped at 5 / hour / IP. Mitigates brute-force and credential-stuffing attacks.
Security headers
Helmet enabled in production: HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and a strict Content-Security-Policy.
Input validation
Every API endpoint validates body, query, and path params with Zod schemas. Unknown fields are stripped. Type-confusion and prototype-pollution surfaces are minimized.
CORS allow-list
The API only accepts cross-origin requests from your tenant's known frontend origins. No wildcard origins.
Dependency hygiene
Lockfiles are committed. Dependencies are scanned for known CVEs on every push, and critical advisories are patched within 7 days.
Least-privilege access
No human has standing access to your data. Production access is granted on a case-by-case basis for support and rotates back to zero immediately after.
Documents & contact
Need a paper trail for legal, security, or procurement?
Privacy Policy
What we collect, why, and your rights under GDPR.
Terms of Service
Acceptable use, billing, liability, governing law.
Features
CRM Sync
Pipeline Receipts
Custom Threshold
Ongoing Sync
Company
About us
Pricing
Contact us
Privacy Policy
Terms of Service
Security
Contact
+92 322 0803918
marketing@attributter.com
© All rights reserved. Attributter