Data Processing Addendum

This Data Processing Addendum applies when Attry processes personal data on behalf of a customer through the Attry service.

The processing is limited to providing mobile attribution, deep links, deferred deep links, SDK event collection, campaign analytics, app usage analytics, support, security, and related product operations.

The customer is the controller or business for personal data it sends to Attry. Attry acts as processor or service provider for that customer data.

Attry processes customer data according to the customer's instructions, the product configuration, the Terms, this DPA, and applicable law.

Customer data may include app user identifiers selected by the customer, event names, event properties, attribution metadata, device and app context, platform, operating system, app version, country, region, city, IP-derived network context, user agent, referrer, timestamps, revenue values, and campaign tags.

Customers should not send sensitive personal data unless Attry has agreed to support that data type in writing.

Attry uses reasonable technical and organizational safeguards for customer data, including access controls, encrypted transport, credential protection, least-privilege operational access, backups, monitoring, and incident response procedures.

The customer is responsible for secure SDK implementation, key rotation, access control for its workspace, and limiting event properties to data needed for attribution and analytics.

Attry may use subprocessors for hosting, storage, databases, email delivery, authentication, analytics, security, support, and payment operations.

Attry remains responsible for subprocessors that process customer data on Attry's behalf, and will require them to protect customer data under appropriate contractual obligations.

Attry may process and store data in countries where Attry or its infrastructure providers operate.

Where required, Attry will use appropriate transfer safeguards such as standard contractual clauses or equivalent lawful mechanisms.

Attry will provide reasonable assistance for data subject requests, security inquiries, deletion requests, and compliance obligations where the request relates to customer data processed by Attry.

The customer is responsible for responding to its app users and for determining whether a request is valid.

On termination or written request, Attry will delete or return customer data where reasonably possible, subject to backup, security, billing, legal, and abuse-prevention retention requirements.

Aggregated or de-identified analytics may be retained if it no longer identifies a customer app user.

DPA questions can be sent to hello@attry.io.