Orchestrate revenue agents with the new Workflows

Privacy Policy

Attio takes data privacy very seriously. We are committed to handling data privacy transparently and in line with data protection principles and relevant regulations. Find out more in our Privacy Policy below.

Last updated: June 2026

1. Introduction

This Privacy Policy sets out how Attio Limited and its affiliates collect and process personal data. It also explains your rights in relation to your personal data. If you have any questions about this Privacy Policy or wish to exercise any of your rights in relation to your personal data, you can contact us using the details below.

Attio Limited will usually act as the controller of data processed in connection with the provision of services including CRM tools and API services. In other cases, for example if you apply for a job with Attio Inc. or where you enter into a contract with that entity, Attio Inc. may act as a controller. If you have any questions about this, you can contact us using the details set out in Section 15 below.

This Privacy Policy affects your legal rights and obligations so please read it carefully. If you do not wish for us to process your personal data as set out in this Privacy Policy, please do not provide your personal data to us, and ask your employer to ensure that they do not do so. By using our services, you agree to the collection, use, disclosure, and procedures this Privacy Policy describes. Beyond the Privacy Policy, your use of our platform is also subject to our Services Agreement.

We may update this Privacy Policy from time to time at our discretion and in particular to reflect any changes in applicable laws. If we do so, and the changes substantially affect your rights or obligations, we shall take commercially reasonable measures to notify you. Otherwise, you are responsible for regularly reviewing this Privacy Policy so that you are aware of any changes to it.

2. Our role in relation to personal data

This Privacy Policy explains how we collect and use personal data that we handle as a controller. We act as a controller of personal data about you if you:

  • - Provide personal data to us directly, for example when contacting us about our services, or signing up to receive mailings (see section 3.1).

  • - Visit our websites or use our services, in which case we will automatically collect certain information about your usage of such websites and services (see section 3.2).

  • - Connect third party services to Attio (see section 3.3).

  • - Sign up for an Attio account to allow you to access a trial, or an account that your employer or colleague has set up (see section 3.4).

We may also receive personal data from third party sources, such as data enrichment providers, as described below.

Alternatively, we may receive your personal data through our platform because one of our clients has uploaded your details within their account on our platform. In these circumstances, we act as a processor of your personal data, and we shall only process your personal data in accordance with the client’s instructions and our Data Processing Addendum. If you have any questions about personal data that we handle as a processor, you should refer directly to the relevant client using our services, since these operations are not covered by this Privacy Policy.

We may allow certain developers or users access to the Attio API or Attio SDK in order to develop certain applications enabling interoperation between a third-party platform and the Attio services (each an “Integration App”). Each Integration App is developed independently and at the developer’s own risk. Accordingly, each developer of an Integration App shall be deemed to be a separate and independent controller of any personal data you may share by using such Integration App, and you will be subject to the Integration App’s separate terms and privacy policy. We encourage you to read the terms and privacy policy of every Integration App you may use in connection with our services.

3. What personal data do we collect and from whom?

By personal data we mean any identifiable information about you, such as your name, email address, gender, date of birth, mobile and home telephone number, your IP address or a photo of you which you upload to our platform.

We may obtain special categories of personal data about you if you choose to provide such data to us. Special categories of personal data are data about your race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or sex life or sexual orientation.

3.1. Data you provide to us

We will collect personal data from you if you:

  • - Use our website.

  • - Use our mobile app.

  • - Use our platform.

  • - Apply for a job with us.

  • - Provide services to us.

  • - Purchase services from us.

  • - Contact us through an account we hold on a social media platform such as LinkedIn.

  • - Subscribe to receive product update e-mails from us.

  • - Otherwise contact us, for example with queries, comments, or complaints.

Personal data you provide to us may include your name, email address, phone number, location or region and, if you are applying for a job with us, information you choose to provide on your CV/resume (such as your education and employment history).

We shall process all such personal data in accordance with this Privacy Policy. Certain personal data is mandatory to be provided to us in order that we can fulfil your request, for example to provide services to you. We make this clear to you at the point of collection of the personal data.

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.

All personal data that you provide to us must be true, complete, and accurate. At our request, you shall promptly provide evidence of your identity. If you provide us with inaccurate or false data, and we suspect or identify fraud, we will record this, and we may be unable to provide our services to you. We may also report this information. When you contact us by email or post, we may keep a record of the correspondence, and we may also record any telephone call we have with you.

3.2. Data we automatically collect about you

When you use our services, we automatically collect and store information about your device and your activities. This information could include:

  • - Technical information about your device such as type of device, web browser or operating system.

  • - Your preferences and settings such as time zone and language.

  • - How long you used the website/app and which services and features you used.

  • - Your location information, which we infer by using your IP address.

  • - Information about your interactions with our website and services, such as the pages or other content you view, referrer information (the website you visited before coming to our services), and the dates and times of your visits.

If you want to find out more about the types of cookies we use, why, and how you can control them, please see our Cookie Policy.

We will also collect information about our communications with you, including whether our emails were successfully delivered, whether they were opened, and whether you interacted with their content.

3.3. Type of data we automatically collect from connected third-party services, such as Google Services, Dropbox, Microsoft Outlook, and Microsoft OneDrive

You may choose the option to log in with or access third-party services in order to access this information from within the Attio application and in such cases, we will automatically collect and store your user data from that third party. This may include:

  • - Profile with third party

  • - Name

  • - Email address

3.4. Data we receive from others

Your employer or a colleague may from time to time provide personal data to us that relates to you (for example, your email address) so that you can create an account on our platform. If a third party such as your employer or a colleague provides us with your email address, and that address is your personal, non-work email address, you must contact us to let us know and we will remove this data.

We may also receive personal data about you from an Integration App, our payment providers and/or our website security service partners, particularly if there is any misuse of the platform including the introduction of viruses or other malicious software.

If you sign up or log in to your Attio account using a third-party account (such as your Google account), we may receive personal data from those services, such as your name, email address, and profile information.

If you access our services through third-party tools such via an MCP, we may receive information relating to your connection between Attio and such third-party services.

If you express an interest in Attio’s platform and services (for example, by requesting to talk to sales on our website), or if we think you may be interested in our services, we may collect information about you from third parties and use this information to contact you. You can ask to unsubscribe from being contacted at any time.

If you apply for a job with us, we may receive information about you and references from your previous employer. We may also collect your information from third-party platforms such as LinkedIn if we think that you may be suitable for a vacancy that we are promoting at Attio. If you accept a role with us, we will work with third-party partners to verify your identity and carry out background checks, including right to work checks and, for certain job roles, criminal background checks.

4. Using data from connected Google Services

If we have received your personal data because you have chosen to Sign in with Google, we will process your personal data to perform any contract we have entered into with your employer or in relation to any steps we take at the request of your employer prior to entering into a contract. In particular, this includes providing you with access to the Attio application.

Attio is providing a customer relationship management (CRM) and task management application aimed at business customers. If we have received personal data because you have chosen to connect your Google Drive, Google Calendar and/or your Gmail account we will collect your data from this service in order to enhance the email, file and contact management experience and improve your productivity when using the Attio application. In particular, this includes access to your Google user data from within the Attio application where you can view your data in the relevant context of a CRM software application and manage your professional relationships.

Additional Limits on Use of Your Google User Data:

Notwithstanding anything else in this Privacy Policy, if you provide us with access to data from connected Google services, our use of that data will be subject to the additional restrictions set out below. For the avoidance of doubt, we process data received from connected Google services solely in the capacity of a processor on your behalf, and not as a controller:

  • - We will only use access to data from a connected Google Service to provide our Attio web and mobile CRM and task management application that allows users to read, process, write and delete emails, track recipient opens, clicks and replies to emails, access their Google Drive files and calendar. Furthermore, our use of data is limited to providing or improving user-facing features that are prominent in the requesting application’s user interface.

  • - We will not transfer this data to others unless doing so is necessary to provide and improve features that are prominent in the user interface, comply with applicable law, or as part of a merger, acquisition, or sale of assets.

  • - We will never use Google User data for serving advertisements, including retargeting, personalized, or interest-based advertising.

  • - We will not allow humans to read this data unless we have your affirmative agreement for specific messages, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for our internal operations and even then, only when the data have been aggregated and anonymized.

  • - Attio’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

5. Lawful bases for which we use your personal data

If you are located in the European Economic Area, Switzerland or the United Kingdom, we only process your personal data as a controller where we have a legal basis to do so. The legal bases we rely on include:

  • - Necessary for a legitimate interest that we pursue. Where we or a third party have a legitimate interest in processing your personal data, we may do so provided that our interest is not overridden by your rights and interests. We may rely on this legal basis to, for example, keep business records, respond to unsolicited communications from you, assert our legal rights and obtain professional advice.

  • - Necessary for compliance with a legal obligation to which we are subject. We may process your personal data where we are required to do so to comply with our legal obligations, for example to comply with tax and accounting obligations or to respond to lawful requests from public authorities.

  • - Necessary to perform a contract. We will process your personal data where it is necessary to give effect to a contract between you and us, for example if you purchase our services or we buy services from you.

  • - Consent. We may process your personal data on the basis of consent in some circumstances. For example, we may ask you to consent to our use of cookies and similar technologies, or to certain forms of marketing. You may withdraw your consent at any time by contacting us or using the unsubscribe link in marketing emails.

6. How do we use the personal data we collect?

We use the information we collect:

  • - To provide, maintain, improve, and enhance our services.

  • - To personalize your experience on our services such as by providing tailored content and recommendations.

  • - To understand and analyze how you use our services and develop new products, services, features, and functionality.

  • - To communicate with you, provide you with updates and other information relating to our services, provide information that you request, respond to comments and questions, and otherwise provide customer support.

  • - For marketing and advertising purposes, such as developing and providing promotional and advertising materials that may be relevant, valuable or otherwise of interest to you.

  • - To generate anonymized or aggregate data containing only de-identified, non-personal information that we may use for any lawful purposes.

  • - To send you text messages and push notifications.

  • - To process and respond to job applications.

  • - To facilitate transactions and payments.

  • - To find and prevent fraud and abuse and respond to trust and safety issues that may arise.

  • - For compliance purposes, including enforcing our Terms and Conditions or other legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency.

  • - For other purposes for which we provide specific notice at the time the information is collected.

7. Using data to provide marketing emails

We strive to provide you with choices regarding certain personal data uses, particularly around email marketing.

We may use your identity, contact, technical, usage and profile data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).

You will receive marketing communications from us if you have requested information from us or purchased our services from us or where you have not opted out of receiving that marketing.

You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you, accessing our website settings or by contacting us at any time. Please note that where you do opt-out of marketing emails, it may take us a few days to update our records to reflect your request.

Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a purchase, warranty registration, product/service experience or other transactions. You may therefore receive emails relating to your use, account and/or users use or account even if you have opted out of our marketing emails. This is because these emails are transactional and/or informational in nature and do not require your consent to receive.

If you ask us to remove you from our mailing lists, we shall keep a record of your name and email address to ensure that we do not send to you anymore information you have opted out of receiving. We shall also continue to send you necessary information relating to your use of our services if you, your employer or colleague has an account with us.

8. Who do we share your data with?

We may share your personal data with third parties in the following circumstances:

  • - Service providers working on our behalf. We may share your personal data with any service providers, sub-contractors, and agents that we may appoint to perform functions on our behalf and in accordance with our instructions, including payment providers and IT hosting and maintenance services.

  • - Service providers you use. If you use third-party services, for example using an Integration App or via our MCP, we will send certain information in order to make the connection. This includes, for example, member ID, email address and name.

  • - Independent service providers. We may share your personal data with, or receive your personal data from, third parties that we partner with to support various aspects of our business and our services. This includes, for example, third party payment providers who collect payments on our behalf, and recruiters that we work with to identify employment candidates.

  • - Professional advisors. We may share your personal data with our professional advisors, such as lawyers, accountants, auditors or consultants, where required in order to obtain advice or services.

  • - Legal. We may disclose your personal data to third parties if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, in response to a court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies. We also reserve the right to disclose your personal data that we believe, in good faith, is appropriate or necessary to: (i) take precautions against liability; (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity; (iii) investigate and defend ourselves against any third-party claims or allegations; (iv) protect the security or integrity of our services and any facilities or equipment used to make our services available; (v) respond to your requests; or (vi) protect our property or other legal rights, including to enforce our agreements, or the rights, property, or safety of others.

  • - Merger or corporate event. We may disclose or otherwise transfer personal data to an acquirer, investor, successor or assignee as part of any merger, acquisition, debt financing, investment, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.

  • - Affiliates. We may share your personal data with Attio Inc., for purposes consistent with this Privacy Policy, such as the administration and provision of our services and internal business operations.

  • - AI Service Providers. We may disclose information we receive to providers of artificial intelligence services, for example to support our backend services or general business operations.

  • - Advertising Partners. We work with third-party advertising partners to collect and process your information in order to show you ads that we think may interest you. Some of our advertising partners are members of the Digital Advertising Alliance (https://optout.aboutads.info) and serve ads through cookie-based technologies. Please visit their opt-out pages to learn about how you may opt out of receiving certain web-based personalized ads from member companies. These opt-outs will apply only to our third-party advertising partners that are members of these organizations. These opt-outs will not apply when our partners serve ads through non-cookie based technologies. You can access any settings offered by your mobile operating system to limit ad tracking, or you can install the AppChoices mobile app to learn more about how you may opt out of personalized ads in mobile apps.

  • - Consent. We may also disclose your personal data with your permission.

9. Where we hold and process your personal data

Some or all of your personal data may be stored or transferred outside of the United Kingdom (UK) or European Economic Area (the EEA), including for example, if our email server is located in a country outside the UK or EEA or if any of our service providers are based outside of the UK or EEA.

Where your personal data is transferred outside the UK or EEA, it will only be transferred to countries that have been identified as providing adequate protection for your data or to a third party where we have approved transfer mechanisms in place to protect your personal data – i.e., by entering into the UK’s International Data Transfer Agreement (IDTA) or Addendum, or the European Commission’s Standard Contract Clauses.

Please contact us on the email address set out in section 15 if you require further information on the specific mechanism that we use when transferring your personal data outside of the UK or EEA under this paragraph.

10. Security

We make reasonable efforts to protect your personal data by using appropriate technical or organizational measures designed to improve the security of the information we maintain.

Notwithstanding the above, you acknowledge that no system can be completely secure. Therefore, although we take these steps to secure your personal data, we do not promise that your personal data will always remain completely secure.

11. Your rights

If you are based in the UK, the European Economic Area or Switzerland, you may have the following legal rights:

  • - Access and Portability. You may ask us to provide you with a copy of the personal data we maintain about you, including a machine-readable copy of the personal data that you have provided to us, and request information about its processing.

  • - Rectification and Deletion. You may ask us to update and correct inaccuracies in your personal data, or to have the information anonymized or deleted, as appropriate.

  • - Restriction and Objection. You may ask us to restrict the processing of your personal data, or object to such processing.

  • - Consent Withdrawal. You may withdraw any consent you previously provided to us regarding the processing of your personal data, at any time and free of charge. We will apply your preferences going forward and this will not affect the lawfulness of the processing before you withdrew your consent.

  • - Complaint. You may lodge a complaint with a supervisory authority, including in your country of residence, place of work, or where an incident took place. We would, however, appreciate the chance to deal with your concerns before you approach a supervisory authority, so please contact us in the first instance.

You may exercise these rights by contacting us using the contact details at the end of this Privacy Policy. Please note that there are exceptions and limitations to each of these rights.

If we are a processor of your data (and our client is the controller) we shall only process your personal data as instructed by our client. You will need to contact our client directly if you wish to exercise your rights in relation to the data processed on our platform. If you do contact us directly, we will notify our client as soon as reasonably practical and assist our client as the controller by taking appropriate measures to enable the fulfilment of our obligations to you.

If you have any complaints in relation to this Privacy Policy or otherwise in relation to our processing of your personal data, please tell us. We shall review and investigate your complaint and try to get back to you within a reasonable time. You can also contact the Information Commissioner, see www.ico.org.uk or if you are based outside of the United Kingdom, please contact your local data protection authority.

12. Retention of personal data

We will retain personal data in accordance with applicable laws.

If we have received your personal data because you are an employee of a client, we shall retain your personal data until we no longer work with your employer, except where we are required to retain personal data for a particular period of time to comply with legal, auditory, or statutory requirements, including requirements of HMRC in respect of financial documents.

If we have your personal data because a client has uploaded it to our platform, we shall retain it in accordance with our client’s instructions.

In some circumstances you can ask us to delete your data: see ‘Your rights’ above for further information.

In some circumstances we will anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

13. Children’s privacy

We do not knowingly collect, maintain, or use personal data from children under 18 years of age, and no part of our services is directed to children. If you learn that a child has provided us with personal information in violation of this Privacy Policy, then you may alert us by emailing [email protected].

14. Third party platforms

Our services may include links to third-party websites, plug-ins, and applications (including Integration Apps). Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website or online service you visit.

15. How to contact us

You can contact us with any questions or comments about your personal data, this Privacy Policy, or any other privacy-related enquiries by emailing [email protected].

If you are in the European Union, you may address privacy-related inquiries to our EU representative pursuant to Article 27 GDPR:

EU-REP.Global GmbH, Attn: Attio

Hopfenstr. 1d, 24114 Kiel, Germany

[email protected]

www.eu-rep.global