Privacy & Compliance
AttributeHQ is designed with privacy in mind, supporting GDPR, ATT, and data minimization principles.
Data Collection
What We Collect
| Data | Purpose | Platform | Storage |
|---|---|---|---|
| IP address | Fingerprinting, geolocation | All | Server-side (anonymized) |
| User-Agent | Fingerprinting, device type | All | Server-side |
| Screen resolution | Fingerprinting | All | Sent on install only |
| Timezone | Fingerprinting | All | Sent on install only |
| Language | Fingerprinting | All | Sent on install only |
| IDFA | Deterministic attribution | iOS | With ATT permission |
| GAID | Deterministic attribution | Android | If not opted out |
| Install Referrer | Deterministic attribution | Android | One-time read |
| Custom events | Analytics | All | Encrypted at rest |
What We Don’t Collect
- Browser history or bookmarks
- Contacts or phone numbers
- Photos or media
- Location (GPS/fine location)
- SMS or call logs
- Cookies from other domains
- Form inputs or passwords
- DOM content
IP Anonymization
IP addresses are anonymized during fingerprint matching:
- IPv4: Last octet zeroed (e.g.,
192.168.1.42→192.168.1.0) - IPv6: Last 80 bits zeroed
The original IP is used only for the initial fingerprint hash calculation, then discarded. The hash is one-way (SHA-256) and cannot be reversed.
ATT (iOS 14+)
On iOS 14+, the SDK requests App Tracking Transparency permission before accessing the IDFA. If the user denies:
- No IDFA is collected
- Attribution falls back to fingerprint matching
- SKAdNetwork still provides privacy-preserving attribution
Data Retention
| Data Type | Retention | Storage |
|---|---|---|
| Click records | 7 days | DynamoDB (TTL auto-delete) |
| Event data | 90 days | ClickHouse |
| Raw events | 90 days hot, 2 years archive | S3 → S3 Glacier |
| Attribution results | Indefinite | PostgreSQL |
| SDK localStorage | Until cleared by user | Client-side |
GDPR Compliance
- Lawful basis: Legitimate interest (attribution for business analytics)
- Data minimization: Only data necessary for attribution is collected
- Purpose limitation: Data used solely for attribution and analytics
- Storage limitation: Automatic TTL-based cleanup
- Data subject rights: Users can clear localStorage to remove client-side data
- Encryption: All data transmitted over HTTPS, encrypted at rest in AWS
No Third-Party Sharing
AttributeHQ does not sell or share user data with third parties. Postbacks to ad networks contain only the device ID and attribution metadata — no personal information.
Self-Hosted Option
For maximum data control, AttributeHQ can be self-hosted on your own AWS infrastructure. All data stays within your AWS account and VPC.