Aanrich

Privacy Policy

Last updated: March 4, 2026

1. Introduction

Aanrich ("we", "us", "our") provides a contact enrichment service for Attio CRM. This Privacy Policy explains how we collect, use, store, and protect your information when you use our service.

By installing or using Aanrich, you agree to the practices described in this policy.

2. Data We Collect

Account & workspace data

  • Attio workspace ID and workspace name
  • Installer name and email address (provided by Attio during OAuth)
  • OAuth access tokens (used to read/write Attio records on your behalf)

Enrichment data

  • Person record data from your Attio workspace (first name, last name, company, LinkedIn URL), used to perform the enrichment lookup
  • Enrichment results (professional email addresses and phone numbers), written back to your Attio workspace

Usage & billing data

  • Credit balance and transaction history (purchases, consumptions, refunds)
  • Enrichment logs (timestamp, status, enrichment type)
  • Payment information processed by Stripe (we do not store card details)

3. How We Use Your Data

  • Provide the Service: Look up contact information from data providers and write results to your Attio records
  • Billing: Track credit usage and process payments
  • Support: Diagnose issues and respond to support requests
  • Communication: Send transactional emails (welcome email, purchase confirmations, product updates)
  • Improvement: Analyze aggregated usage patterns to improve the service (no individual contact data is used for this purpose)

4. Data Processing & Storage

Aanrich does not maintain its own contact database. Enrichment data flows directly from our data providers through our enrichment engine to your Attio workspace. We do not store or resell enriched contact data.

We use the following infrastructure providers to operate the service:

  • Vercel: Application hosting
  • Upstash Redis: Credit balances, holds, and usage logs
  • Stripe: Payment processing (PCI DSS compliant)
  • Resend: Transactional email delivery
  • FullEnrich: Waterfall enrichment engine (queries 15+ B2B data providers)

5. Data Sharing

We do not sell, rent, or trade your personal data. We share data only with:

  • Enrichment providers: We send limited Person record data (name, company, LinkedIn URL) to our enrichment engine to perform lookups
  • Payment processor: Stripe receives billing information to process credit purchases
  • Email provider: Resend receives your email address to send transactional emails

We may also disclose information if required by law or to protect our rights.

6. Data Retention

  • OAuth tokens are stored for as long as the app is installed on your workspace
  • Usage logs and credit transactions are retained for billing and support purposes
  • Enrichment request data is not persisted after the enrichment is completed and the result is written to Attio
  • If you uninstall the app, you can request deletion of all your data by contacting us

7. Cookies & Tracking

The Aanrich website uses PostHog for basic analytics (page views, install button clicks). The Aanrich application within Attio does not use cookies or tracking scripts.

8. GDPR Compliance

For users in the European Economic Area (EEA), we process personal data under the following legal bases:

  • Contract performance: Processing your workspace and billing data to provide the service you signed up for
  • Legitimate interest: Processing professional contact data for B2B prospecting purposes (GDPR Art. 6(1)(f))

Under GDPR, you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate data
  • Request erasure of your data
  • Object to or restrict processing
  • Data portability

To exercise any of these rights, contact us at support@aanrich.com.

9. CCPA Compliance

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it is used
  • Request deletion of your personal information
  • Opt out of the sale of personal information (we do not sell personal information)
  • Non-discrimination for exercising your rights

10. Security

We implement appropriate technical and organizational measures to protect your data:

  • All data in transit is encrypted via TLS/HTTPS
  • OAuth tokens are stored securely in encrypted Redis
  • Payment processing is handled by Stripe (PCI DSS Level 1 certified)
  • Our enrichment infrastructure is SOC 2 Type II certified
  • We follow the principle of least privilege for all API access

11. Children's Privacy

Aanrich is a B2B service and is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the Service. Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Data Processing Agreement

If you require a Data Processing Agreement (DPA) for compliance purposes, please contact us at support@aanrich.com.

14. Contact

If you have any questions about this Privacy Policy or wish to exercise your data rights, contact us at support@aanrich.com.