Data Processing Agreement

Last updated: March 2026

1. Introduction

This Data Processing Agreement ("DPA") forms part of the agreement between you ("Data Controller") and EncubIQ ("Data Processor") for the use of the Attriqs platform. This DPA governs the processing of personal data that you input into or collect through the platform.

2. Definitions

"Personal data", "processing", "data subject", "controller", and "processor" have the meanings given in the applicable data protection legislation (including GDPR and CCPA where applicable).

3. Scope of Processing

The Attriqs platform processes the following categories of personal data on your behalf:

  • Website visitor session data (IP addresses, page views, referrers, UTM parameters)
  • User identifiers (email addresses, names, hashed at point of capture)
  • Transaction data (order values, product categories)
  • Phone call metadata (caller number, duration, source attribution)
  • Chat interaction metadata (platform, timestamp, source attribution)

4. Purpose of Processing

We process personal data solely for the purpose of providing the Attriqs attribution platform to you. This includes: tracking website visitors, stitching user journeys, running attribution models, generating reports, and providing AI-powered insights.

5. Data Isolation

Each client workspace is logically isolated. Data belonging to one workspace cannot be accessed by another workspace. Cross-tenant data is only used in anonymised, aggregated form for benchmarking purposes (where enabled), with minimum tenant thresholds to prevent de-anonymisation.

6. Data Security

We implement appropriate technical and organisational measures to protect personal data, including: encryption in transit (TLS) and at rest; access controls with role-based permissions; PII hashing at point of capture; regular security reviews; and incident response procedures.

7. Sub-Processors

We use the following categories of sub-processors to deliver the platform: cloud infrastructure providers (hosting and data storage), email delivery services (for platform notifications), and AI model providers (for AI insights features). A current list of sub-processors is available on request.

8. Data Subject Rights

We will assist you in fulfilling data subject requests (access, rectification, erasure, portability) to the extent technically feasible within the platform. The platform includes tools for data export and account deletion.

9. Data Retention

Platform data is retained for the duration of your subscription. Upon cancellation, data is retained for 30 days to allow for export, after which it is permanently deleted from all systems including backups within 90 days.

10. International Transfers

Data may be processed in locations where our infrastructure providers operate. Where data is transferred outside your jurisdiction, appropriate safeguards are in place in accordance with applicable data protection law.

11. Breach Notification

In the event of a personal data breach, we will notify you without undue delay and in any event within 72 hours of becoming aware of the breach. Notification will include the nature of the breach, categories of data affected, and remedial measures taken.

12. Contact

For DPA-related enquiries, contact us at dpa@attriqs.com or via our contact form.

Got questions?
Ask MosAIc™