Privacy Policy for xattra.com

Privacy Policy By using Xattra's attribution analytics services for ecommerce, you grant us access to private data, which we commit to handling securely and confidentially. The types of data you share with us are outlined below.

Secure Data Transfer and Storage When Xattra requests or sends your data to web services you opt into, or to display data in your browser, this is done via a secure (SSL) web connection. Any data we store to provide our services is encrypted at rest in a database hosted on Google or AWS servers in North Virginia, USA (with the highest security precautions), and accessible only via our web servers (for your consumption) and a select number of Xattra employees and contractors.

Email and Password We use your email to provide customer support and occasionally promote new products and services to you (only from Xattra). You can opt out of these emails. We promise never to share your email address with third parties.

Your password is encrypted at rest.

Google Login By connecting your Google account, you grant us access to:

  • Your name and profile image
  • Your email address
  • All Google Analytics properties linked to your account
Google Analytics Xattra pulls a range of data from your Google Analytics account. We use this data to:

(a) Provide data exports of your ecommerce website performance, accessible only via your Google account or (with explicit permission from you) to other members you invite to your Xattra account.

(b) Test new attribution analytics methods and visualizations for our internal use. Your data will only be accessible by Xattra's European Union-based employees and contractors, bound by a non-disclosure agreement.

(c) Provide anonymized benchmarks to other customers. We promise this data will never be identifiable to you or your website and will only be used in aggregate segments of at least 10 benchmark companies – so that your performance cannot be inferred from the benchmark.

Sending Personally Identifiable Information (PII) about your end users to Google Analytics (for example, customer email addresses) is in breach of Google's terms as well as our Terms.

Ecommerce Data Our attribution analytics services process historic and current customer orders to provide you with valuable insights. We only store non-personal information (order numbers, transaction amounts, and product names) for up to 3 months for reconciliation and audit purposes.

Where you ask us to send PII customer data from your ecommerce platform to a destination (e.g. Segment.com), we pass this information straight on without storing it in our own database.

Your Rights Regarding Your Personal Information The UK's General Data Protection Regulation and other applicable data protection laws provide certain rights for data subjects.

You are entitled to request details of the information we hold about you and how we process it. You may also have a right, in accordance with applicable data protection law, to have it rectified or deleted, to restrict our processing of that information, to stop unauthorized transfers of your personal information to a third party, and, in some circumstances, to have personal information relating to you transferred to another organization.

If you object to the processing of your personal information or if you have provided your consent to processing and later choose to withdraw it, we will respect that choice in accordance with our legal obligations and good practices.

Your objection (or withdrawal of any previously given consent) could mean that you are not able to make use of the services and products offered by us. Please note that even after you have chosen to withdraw your consent, we may be able to continue to process your personal information to the extent required or otherwise permitted by law, particularly in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations.

To make any request outlined above, please use our contact form.