Privacy Policy

Last updated: February 15, 2026

1. Introduction

Attestly ("we," "our," or "us") operates the website at attestly.io. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.

2. Data We Collect

Account Information

When you create an account, we collect your email address via Supabase authentication. We do not collect your name, phone number, or physical address.

Questionnaire Responses

When you use our document generation service, we store your questionnaire answers (business type, size, states of operation, AI tools and uses, data sharing practices) in our Supabase database. This information is used to generate your compliance documents.

Payment Information

Payments are processed entirely by Stripe. We do not store your credit card number or payment card details. We receive from Stripe your Stripe customer ID and subscription status for account management purposes.

Usage Data

We collect anonymized usage analytics through PostHog, including pages visited, features used, and general interaction patterns. This data helps us improve the Service.

3. How We Use Your Data

To generate AI compliance documents based on your inputs
To process payments and manage your subscription
To send transactional emails (document delivery, compliance alerts, account notifications)
To improve and maintain the Service
To detect and prevent abuse or fraud

4. Third-Party Services

We use the following third-party services that may process your data:

Service	Purpose	Privacy Policy
Anthropic (Claude)	AI document generation	Link
Stripe	Payment processing	Link
Supabase	Database and authentication	Link
Resend	Transactional email	Link
Cloudflare	Bot protection (Turnstile)	Link
Vercel	Hosting and deployment	Link
PostHog	Product analytics	Link
Sentry	Error monitoring	Link

5. Cookies

We use the following cookies:

Supabase auth cookies: Essential for maintaining your login session
Cloudflare Turnstile: Essential for bot protection during document generation
PostHog: Analytics cookies for understanding usage patterns (can be blocked without affecting core functionality)

6. Data Retention

We retain your questionnaire responses and generated documents for as long as your account is active. If you delete your account, your data will be removed within 30 days. Anonymous session data (documents generated without an account) is retained for 90 days.

7. Your Rights

California Residents (CCPA)

You have the right to know what personal information we collect, request deletion of your data, and opt out of the sale of personal information. We do not sell your personal information to third parties.

European Residents (GDPR)

You have the right to access, rectify, erase, restrict processing, and port your personal data. You may also withdraw consent at any time. To exercise these rights, contact us at support@attestly.io.

All Users

You may request a copy of your data or request deletion at any time by emailing support@attestly.io.

8. Data Security

We implement industry-standard security measures including encrypted connections (HTTPS/TLS), Row Level Security (RLS) in our database, and secure authentication. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

9. Children's Privacy

The Service is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered users. The "Last updated" date at the top indicates the most recent revision.

11. Contact

For privacy-related questions or to exercise your data rights, contact us at support@attestly.io.