Attio AI Policy
Find out more about the use of AI in Attio's services.
Last updated: March 2026
Attio is committed to providing customers with innovative and efficient services. As part of our service offerings, we may use Artificial Intelligence (AI) technologies, including those provided by third parties, to enhance the efficiency, accuracy, and overall performance of the services we deliver. This includes the use of generative AI technology, which typically relies on machine learning, deep learning, or neural networks to generate new content.
In this Policy we:
set out how Attio uses AI, including models from third-party providers
give customers clarity on how AI may be used when we provide our services
describe how we use AI to improve our services and meet our goals.
If you have questions about how we use AI to process your data (including personal data), please email us at [email protected]. This Policy is not intended to be contractual. Please refer to our Services Agreement for relevant contractual terms regarding our services, including AI.
1. Ethical Guidelines
We're committed to using AI responsibly. That means following ethical guidelines built around fairness, accountability, transparency, human oversight, inclusion, and non-discrimination. We regularly review and improve how we use AI to make sure it meets best practices and industry standards.
We're open with customers about how and when we use AI. That's why we publish this Policy on our website and list AI providers that process personal data in our DPA. Our services are not intended to be used for any AI-driven automated decision-making with legal or similarly significant effects for individuals, or for any purpose that would be considered “high risk” under the EU’s AI Act. We also expect our customers not to use our services for such purposes.
2. Privacy and Security
We put appropriate safeguards in place to protect customer data from unauthorized access or disclosure when using AI.
Where customer data includes personal data, we process it in line with our DPA. We use physical and electronic safeguards to prevent personal data from being accidentally lost, misused, accessed without authorization, altered, or disclosed. We also have procedures in place to promptly notify customers in writing if we become aware of a personal data breach. Before allowing any supplier, including third-party AI providers, to access customer data, we carry out appropriate due diligence and will update our sub-processor list in line with our DPA.
3. Employee training
We will ensure that all employees and contractors receive training on AI use and this Policy at least once a year. We will keep records to show that training has been completed.
4. Use of Third-Party AI Models
We only build and use AI systems that are robust, secure, and safe. To deliver our services, we may use third-party AI models from providers such as Google, OpenAI, and Anthropic. These models help us support and improve the functionality of our services. We may switch AI models or engage new third party providers at any time, in line with our DPA.
When we use third-party AI models, those providers may process customer data, including metadata.
When using AI features within our services, please ensure you review and comply with relevant third party documentation and terms which you can find below:
Anthropic:
Supported Regions Policy (if you are outside of these regions AI features may not work)
OpenAI:
Supported Countries and Territories (if you are outside of these regions AI features may not work)
Google Gemini:
5. Training models
We don't train our own models on customer data, and we don't allow third-party AI providers to train their models on it either.
6. Location of AI models
If we use a third party AI model as a sub-processor, our DPA will outline where they are based and what transfer mechanism we rely on when transferring personal data to that sub-processor (for example, Standard Contractual Clauses).
Please note that we use global endpoints for all AI providers we currently use, and therefore processing may occur outside of the location of the AI provider itself. Our own agreements with them require any such transfers to be in accordance with a transfer mechanism.
7. Recording and Tracking Usage of AI
We maintain appropriate records of our use of AI tools, including how they are used within our services. We aim to be transparent about these practices and can provide further information on request.
8. Changes to this Policy
Our services are always evolving, including the AI models and technologies we use. We may update this Policy to reflect changes in how we use AI, the third-party services we rely on, or our operational practices. We encourage you to check this Policy regularly for updates. We may not always notify you directly of changes.
If you have any questions about how we use AI, or want to know more about our data handling practices, you can reach us at Attio Limited, 42 St John's Square, 2nd Floor, London, United Kingdom, EC1M 4EA, or by email [email protected].