Privacy Policy

1. Controller and Contact

Attentra is the operator of Attentra. Privacy requests are handled through the authenticated account support channel.

2. Personal Information We Collect

• Account data such as email address, authentication identifiers, profile details, and policy acceptance records.
• Billing data such as Stripe customer identifiers, subscription state, billing events, and transaction metadata returned to us by Stripe.
• Technical data such as IP address, device/browser details, logs, session cookies, and usage telemetry needed to secure and operate the service.
• Support and communications data when you contact us.

3. Why We Use Personal Information

• To create and secure accounts, authenticate users, and control paid access.
• To process subscriptions, reconcile Stripe events, handle billing support, and prevent abuse or fraud.
• To operate, maintain, monitor, and improve the service.
• To comply with legal obligations, enforce our Terms, and respond to complaints or lawful requests.

4. Vendors and Processors

We use third-party infrastructure and processors to operate the service. Current processors include Stripe for billing and payments, Supabase for authentication and hosted database services, and our hosting and infrastructure providers that deliver the application and related logs.

5. Cookies and Similar Technologies

We use cookies and similar storage mechanisms necessary for authentication, session continuity, and core service delivery. If we add non-essential analytics, advertising, or marketing cookies, we will provide the required notice and consent flow where applicable.

6. Cross-Border Disclosure

Because we use cloud infrastructure and service providers, personal information may be stored or processed outside your country, including outside Australia. Where required, we take reasonable steps to work with providers that maintain appropriate safeguards.

7. Retention

• Account, subscription, and policy acceptance records are retained for as long as reasonably necessary to operate the service, evidence consent, handle disputes, and meet legal obligations.
• We may retain limited records after account closure where needed for security, fraud prevention, taxation, accounting, or legal compliance.

8. Security

We use administrative, technical, and organizational measures intended to reduce unauthorized access, misuse, or disclosure. No internet service or storage system can be guaranteed fully secure.

9. User Rights

Depending on your location, you may have rights to request access, correction, deletion, objection, portability, restriction, or withdrawal of consent where consent is the basis for processing. We will assess and respond in line with applicable law.

10. Complaints

Please contact us through the authenticated account support channel first so we can investigate and respond. If you are in Australia, you may also contact the OAIC. Users in other jurisdictions may contact their local regulator where available.