Watch First

Watch First

Watch First

Back To All Updates

Back To All Updates

April 22, 2025

v 1.0

🔒 Your Privacy is Paramount

Privacy Policy TL;DR:

We’re deeply committed to safeguarding your personal information.

AttentionGrab securely collects and manages data like:

• Your Name
• Contact Details
• Location
• Device Info, to enhance your user experience.

Using OAuth 2.0, we safely integrate your accounts from services like Google, Facebook, LinkedIn, WhatsApp, and others, while employing industry-leading data protection standards through AWS and Supabase.

We fully comply with global privacy laws (GDPR, CCPA/CPRA, CalOPPA), clearly exclude users under the age of 13, and empower you with complete control over your personal data.

Questions or requests? Contact us at support@attentiongrab.io or attentiongrab.io/contact.

widget pic
widget pic


Privacy Policy



Last Updated: April 22, 2025


AttentionGrab (the “Service”) is a web, desktop, and mobile application provided by Income Outcome LLC (DBA AttentionGrab), a Wyoming, USA company. We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use AttentionGrab and its related services. It also outlines your rights under laws such as the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), California Online Privacy Protection Act (CalOPPA), the Children’s Online Privacy Protection Act (COPPA), and other global privacy standards.


By using AttentionGrab, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Service. We may update this Policy from time to time (see “Changes to This Privacy Policy” below). If you have any questions or requests regarding your personal data, you can contact us at support@attentiongrab.io or via our contact form at https://www.attentiongrab.io/contact. Our mailing address is 5830 E 2nd St, Ste 7000, Casper, WY 82609, USA.



1. Information We Collect



We may collect general location information (such as country, region, or city) based on your IP address or browser settings. This information helps us provide regionally relevant insights, improve our services, and tailor marketing content to your area. We do not collect precise GPS coordinates without your explicit consent. We collect various types of information from and about users of our Service, including personal information and usage data. We only collect information that is necessary for the purposes described in this Policy. The types of information we may collect include:



1.1 Personal Details



We collect personal details that you provide when registering or using our Service, such as:


  • Identity Information: Your organization name and, if applicable, your full name or social media channel handle.

  • Contact Information: Email address, telephone number, and physical address (street address, city, state, postal code, country).

  • Account Credentials: If you create an account with us directly, we collect a username (email) and password. (For third-party OAuth logins, see Section 1.2 below – we do not receive your passwords for those external accounts.)

  • Profile Information: Any profile details or preferences you set within the app.



These personal details are generally required to create and maintain your account, provide you with our services, and communicate with you. If you choose not to provide certain personal details, some features of AttentionGrab may not be available.



1.2 Data from Third-Party Accounts (OAuth 2.0 Integrations)



AttentionGrab allows you to connect your account with various third-party services to enhance your experience. When you choose to link or sign in via these services, we use OAuth 2.0 secure protocols to request access to certain information from your accounts on those platforms. OAuth 2.0 means you are redirected to the third-party service to grant permission; we never see your third-party login credentials (like passwords). After authorization, we receive data from the third-party as permitted by you and that provider.


If you connect or integrate any of the following accounts or services, we may collect certain information as described:


  • Google Services (Google account, Google Docs, Gmail, YouTube): For example, your Google profile information (name, email), and if you explicitly consent, content you select such as Google Contacts, calendar events, Google Docs files or metadata, or certain Gmail data (e.g. email headers or specific content if you grant permission). We only access Google account data within the scope you consent to.

  • Social Networks: Including Facebook, Instagram, TikTok, X (Twitter), LinkedIn, Reddit, Discord, Twitch, Medium, and Substack. If you connect these, we may access data like your profile name, user ID, profile picture, email (if the platform provides it), contact/friends list, posts or content you choose to share, and analytics or engagement data (such as likes, comments, follower counts) as allowed by that platform’s API. This enables features like cross-posting content, aggregating your social media analytics, or managing multiple accounts through AttentionGrab.

  • Messaging Apps: WhatsApp, Signal, Telegram. If you integrate these messaging services, we might collect your username or phone number associated with the service and access messaging capabilities. For example, AttentionGrab might enable you to send updates or receive notifications via these apps. We do not read the content of your private messages on these services, except for communications that involve the Service itself (for instance, if the app sends you a verification code or you use our Service to send a message, we process that content as necessary to fulfill your request). These integrations use official APIs or protocols compliant with each service’s terms.

  • Other Connected Services and CRM Systems: If you link a customer relationship management (CRM) system or other third-party tools, we will access information such as contact lists, leads, or notes from those systems as needed to integrate with AttentionGrab. For example, you might connect a CRM to import client contact info into AttentionGrab. We only retrieve the data that you specifically direct us to fetch from these systems.



Important: For each third-party account, you will be shown an authorization screen detailing what information we are requesting and you have the opportunity to consent or decline. The information we receive from these third parties is governed by this Privacy Policy, but we are not responsible for the content or privacy practices of those third-party services themselves. We recommend you review the privacy settings and policies of any external accounts you connect. You may disconnect an integrated third-party account at any time via our app settings or by revoking our app’s access from the third-party account’s settings. If you disconnect, we stop collecting new data from that account, and you can request us to delete any data previously obtained from that account (subject to legal retention requirements).



1.3 Device and Usage Information



When you use AttentionGrab, we automatically collect certain information about your device and how you interact with our Service. This includes:


  • Device Information: Details about the device you use to access the Service, such as your device type (e.g., laptop, smartphone, tablet), operating system and version, browser type and version (if using the web app), unique device identifiers or advertising IDs, and device model. For mobile apps, this may include the mobile network and phone model.

  • Usage Data: Information about your activity on the Service, including the pages or screens you view, the features you use, the date/time of your visits, the amount of time spent on pages, referral URLs (what page or link brought you to our site/app), error logs, and other diagnostic data. This helps us understand how the Service is used and improve it.

  • IP Address and Geolocation: We collect your device’s Internet Protocol (IP) address which can indicate general location (country, state, city). We may also collect precise geolocation data (GPS coordinates) from your device ifyou grant permission. For example, if AttentionGrab has location-based features or if you choose to tag a post with your location, we will access your GPS location with your consent. You can control location access via your device settings.

  • Cookies and Similar Technologies: We use cookies, web beacons, and similar tracking technologies in our web and mobile applications to collect information. Cookies are small text files stored on your browser or device. They help us recognize you, remember your preferences, and understand usage of our Service (see Section 2.3 on Analytics and Advertising for more detail on how we use cookies). You have controls to manage or disable cookies through your browser settings or our cookie consent banner (where applicable).

  • Sensors and App Permissions: With your consent, the mobile or desktop app may access device sensors or other data:


    • Camera and Photos/Media: If you choose to use a feature that involves taking photos, scanning documents, or recording videos through AttentionGrab, we will access your camera or photo library with permission. For example, you might upload a profile picture or capture content to share via the app. These images or videos will be stored and processed to provide the service (such as saving your profile image or including the content in messages you send).

    • Microphone: If you use voice commands or record audio (for example, sending a voice message or using an audio note feature within the app), we will request access to your microphone. Audio data captured is used strictly for the feature you engage (e.g., to send that voice message) and is not used for any other purpose without your consent.

    • Contacts/Address Book: If you opt to find friends, invite contacts, or otherwise use your device’s contacts within the Service, we will ask for access to your phonebook/contacts list. If granted, we may collect contact names, phone numbers, email addresses, or social media handles from your address book. We use this information only to help you connect with people you know (for instance, to see which of your contacts are also using AttentionGrab, or to send invites at your request). We do not store your contacts indefinitely; typically, this data is used on-the-fly or temporarily cached to perform the matching or invitation, then discarded, unless you explicitly import contacts to your account. You can disconnect or revoke contact access at any time via your device permissions.




We will clearly ask for your permission before accessing any sensitive device features such as location, camera, microphone, or contacts. You can decline to grant these permissions; however, corresponding features (like location-tagging, voice messaging, etc.) may not work without the relevant access.



1.4 Payment Information



If you make purchases (such as subscribing to a premium plan or buying services) through AttentionGrab, you will provide payment information. We use third-party payment processors (like Stripe or PayPal) to handle payment transactions. We generally do not collect or store your full credit card numbers or financial account details on our servers. Instead, you provide payment details directly to the payment processor via embedded secure forms. We may receive from the payment processor a limited amount of information to record the transaction, such as your billing name and address, a truncated card number (last four digits), transaction ID, payment amount, and status. This information is used for record-keeping, receipts, and to handle billing issues or refunds. All payment transactions are encrypted and processed over secure channels, and the third-party processors’ use of your data is governed by their privacy policies (we will identify those processors at time of payment and you should review their terms as well).



1.5 Sensitive Personal Data



In the normal course of using AttentionGrab, we do not seek to collect sensitive personal data about you unless necessary. “Sensitive” data can include information about health, biometric identifiers, finance, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, precise geo-location, or personal data of children. We ask that you do not volunteer sensitive personal information on public or shared areas of the app. If AttentionGrab needs to process any sensitive data (for example, a feature that involves biometric login or you volunteering data in your content), we will do so in accordance with applicable laws and with extra care and security. Any sensitive data that we do handle (such as precise location or contacts as described above, which could be considered sensitive in some jurisdictions) will only be collected and used with your explicit consent and for necessary purposes.



2. How We Use Your Information



We use the information we collect for various purposes related to providing and improving our Service. The main purposes for which AttentionGrab processes your personal information include:



  • To provide localized marketing insights, trends, and services based on your general location (e.g., region or city). We use your approximate location (such as city, region, or country), derived from your IP address or browser settings, to tailor your experience and improve our services. This may include generating marketing insights or trends relevant to your area. You can contact us to review or update this information at any time.

  • Providing and Maintaining the Service: We use personal details (like your name, contact info) to create and manage your user account, authenticate you when you log in, and provide you with the features of AttentionGrab. For example, information from your third-party integrations is used to display content from those accounts in our app or to facilitate cross-platform posting/communication that you initiate.

  • Service Functionality and Personalization: To operate core features of the app, such as aggregating feeds from your connected accounts, sending out messages or posts you schedule, or providing analytics about your engagement across platforms. We use your data to personalize your experience – for instance, remembering your preferences, showing content relevant to your interests, or suggesting connections (like finding contacts you know on the app).

  • Communication: To contact you with service-related communications. This includes:


    • Transactional Messages: e.g., welcome emails, confirmations, technical or security alerts (like new login notification, password reset instructions), and administrative messages about your account or transactions.

    • Updates and Notifications: e.g., notifying you about new features, updates to terms or policies, or relevant news about AttentionGrab. Some of these may be required (service or security updates), while others may be optional.

    • Marketing and Promotional Emails: If you have subscribed or consented to receive marketing communications, we may send newsletters, promotions, or offers. You can opt-out of marketing emails at any time by clicking the unsubscribe link provided in those emails or contacting us (see Section 8 on Your Rights and Choices). We will not send you marketing messages if you have opted out. We may also use in-app notifications or messages via integrated services (for example, sending a notification to you on WhatsApp or Signal if that’s part of the Service functionality) – always in compliance with that service’s messaging rules.


  • Analytics and Product Improvement: We analyze usage data, device information, and feedback to understand how our Service is used and to improve performance and develop new features. For example, usage logs help us identify popular features or troubleshoot issues. Aggregate analytics (which do not identify individuals) may be used to inform our product strategy and business decisions. We may also use information gathered through cookies and similar tools to test changes in the user interface or to gauge the effectiveness of new features.

  • Advertising and Sponsorship (if applicable): If our Service displays advertisements or sponsored content, we may use certain data (like your usage patterns or demographics) to deliver relevant ads and measure their effectiveness. For instance, we might use third-party ad networks that use cookies or mobile ad IDs to serve personalized ads within the app. (See Section 3 on Third-Party Services for details on advertising partners.) Any such use will be consistent with your advertising preferences and applicable law (e.g., if required, we will seek your consent for targeted advertising, and you can opt-out of personalized ads).

  • Security and Fraud Prevention: To protect the security of the Service and its users. We may use data like device information, IP addresses, and usage patterns to detect and prevent fraudulent activity, abuse, unauthorized access, violations of our Terms of Service, or other harmful or illegal activities. For example, we might detect multiple failed login attempts or unusual activity and take steps to secure the account. We also may use automated systems to screen for security issues (like scanning uploaded content for viruses or malicious code).

  • Compliance with Legal Obligations: To comply with applicable laws, regulations, subpoenas, legal processes, or enforceable governmental requests. For instance, keeping transaction records for accounting and tax compliance, or responding to a court order to disclose data if required by law. We also use your information to enforce our agreements (such as Terms of Service) or to establish, exercise, or defend legal claims.

  • Other Purposes with Consent: If we intend to use your personal information for a purpose not covered above, we will explain it to you at the point we collect it and, if required, obtain your consent. For example, if one day we wanted to use some of your content for a public testimonial or case study, we would ask for your permission separately.



We ensure that we have a valid legal basis for each use of your data. Under GDPR (for users in the European Economic Area, United Kingdom, and similar jurisdictions), our legal bases for processing your data include: performance of a contract (providing the services you requested), your consent (for optional data uses, which you can withdraw at any time), legal obligations (complying with laws), and legitimate interests (such as improving our services or ensuring security, balanced against your rights). If you have any questions about the specific legal basis for a particular processing activity, please contact us.



3. How We Share Your Information



We do not sell your personal information to third parties. However, we do share certain information with third parties in the following circumstances, as necessary to provide our services and as permitted by law:


  • Service Providers (Processors): We employ trusted third-party companies and individuals to perform functions and process data on our behalf (often called “service providers” or “processors”). These include:


    • Cloud Hosting and Storage: e.g., AWS (Amazon Web Services) and Supabase – We use secure cloud infrastructure to host our application and databases. Personal data (including the information described in Section 1) is stored on these servers. Our cloud providers store data in secure facilities and implement their own physical and technical safeguards. We have agreements in place to ensure they only process your data under our instructions and in compliance with this Policy and applicable law.

    • Analytics Services: e.g., Google Analytics – We use analytics tools to collect information about app usage (see Section 3.1 below for details). These providers may receive certain usage and device data (via automated means like scripts or SDKs in our app) to provide aggregated insights to us.

    • Email and Communication Services: e.g., Mailchimp, SendGrid, or similar email delivery platforms – Used to send out emails and communications to you (transactional and marketing emails). These providers have access to your email address and name and any email content we send (for example, a newsletter) for the purpose of delivering messages on our behalf. They are not permitted to use your information for their own marketing.

    • Advertising Partners: e.g., Google Ads, or other ad networks – If we display advertising or conduct marketing campaigns, we may share limited data (like device identifiers or demographic segments) with advertising partners to serve and target ads (see Section 3.2 below).

    • Payment Processors: e.g., Stripe, PayPal – As noted, if you make purchases, your payment details go directly to these processors. We share with them the charge amount, your name, and possibly your email or user ID to tie the payment to your account. They in turn provide us confirmation of payment. These processors are independent data controllers for your payment information, but we ensure they comply with security standards.

    • Messaging and Notification Services: e.g., services to send SMS or WhatsApp messages (such as Twilio or the official WhatsApp Business API) – If we send you notifications or verification codes via SMS or messaging apps, we share your phone number and message content with those platforms strictly for delivering the communication.

    • Technical Tools: We use various other tools for functions like error tracking (e.g., Sentry), user support (e.g., Intercom or Zendesk for support tickets or live chat, if implemented), and content moderation (automated filters to block spam or abusive content). These tools might incidentally process some data (like a crash report with your user ID, or a support ticket containing your email and issue details) in order to assist us.


    We only share the minimum information necessary for these providers to perform their tasks. They are contractually obligated to protect your data, keep it confidential, and use it only for the purposes we specify. We conduct due diligence on our service providers to ensure they meet security and privacy standards (many are industry-certified, such as ISO 27001 or SOC 2 compliance). If a provider is located outside of your country (for example, a cloud server in another region), we take steps to ensure lawful data transfer (see Section 7 on International Transfers).

  • Integration Partners: When you connect third-party accounts (as described in Section 1.2), we share data with those third parties as directed by you. For example, if you draft a social media post in AttentionGrab and schedule it to publish, we will send the content of that post to the respective platform (Facebook, Twitter, etc.) to be published under your account. Similarly, if you ask AttentionGrab to send a message via WhatsApp or Signal to one of your contacts, the content of that message is shared with the messaging service for delivery. These actions are initiated by you, and the third-party services process that data according to their terms (we recommend reviewing their privacy policies). We only facilitate the transfer on your behalf.

  • Business Transfers: If AttentionGrab or Income Outcome LLC is involved in a merger, acquisition, sale of assets, financing, or transfer of all or a portion of our business to another company, your information may be disclosed to that acquiring organization as part of due diligence or transferred as an asset. We will ensure any such transfer is subject to appropriate confidentiality and that your data remains protected. If ownership or usage of your personal information changes as a result of a business transaction, we will notify you (for example, via email and/or a prominent notice on our Service) of any choices you may have regarding your information.

  • Legal Requirements and Protection: We may disclose your information if required to do so by law or in the good-faith belief that such action is necessary to:


    • Comply with a legal obligation, such as a lawful subpoena, court order, or other mandatory request from authorities.

    • Protect and defend the rights, property, or safety of AttentionGrab, Income Outcome LLC, our users, or the public. This includes exchanging information with other companies and organizations for the purposes of fraud detection and credit risk reduction.

    • Investigate or assist in preventing any violation or potential violation of the law, this Privacy Policy, or our Terms of Service, including report to law enforcement or regulatory authorities any activities that we reasonably believe to be unlawful.


  • With Your Consent: We will share your personal information with others for any other purpose only with your explicit consent. For instance, if we ever want to feature your success story or share your info with a partner for their own marketing, we would ask for your permission first. You are free to decline such requests.



We do not share or disclose personal information to third parties for their own direct marketing purposes unless you explicitly agree. We do not “sell” personal information as traditionally understood (exchange for money). Additionally, under the definitions of CCPA/CPRA, we do not share personal information for cross-context behavioral advertising without proper notice and consent. If in the future we ever consider selling or sharing data in a way that falls under those definitions, we will provide required opt-outs and notices.


Below we provide more details on some key third-party services we use:



3.1 Analytics Services



We use third-party analytics tools to better understand how users interact with AttentionGrab. One primary analytics service we use is Google Analytics. Google Analytics uses cookies and similar technologies to collect information about usage of our website and app. This may include data such as your IP address (though we have configured Google Analytics to anonymize IP addresses in many cases), browser type, pages visited, time spent, and other usage statistics. Google Analytics compiles aggregated data about our website traffic and user interactions that we use to identify trends, usage patterns, and areas for improvement.


How we protect your data with Analytics: We have enabled settings to limit the data Google Analytics can see (for example, we do not send them any of your name, email, or other directly identifying information). The information generated by the Google Analytics cookie about your use of the Service will typically be transmitted to and stored by Google on servers in the United States. Google is certified under the EU-US and Swiss-US Privacy Frameworks, which means they commit to a certain level of protection for personal data transferred internationally. We may also use features of Google Analytics like Demographics and Interests reports to get an overview of our user base (these rely on Google advertising cookies). If these are active, we will obtain any necessary consent for using such cookies in regions where required.


Your choices with analytics: You can opt-out of Google Analytics data collection for our site by using the Google Analytics Opt-Out Browser Add-on (for web) or by disabling cookies. On our site, you may also have been presented with a cookie consent banner—if you opt out of analytics there, we will honor that by not loading Google Analytics. For the mobile app, you can typically opt-out of analytics data collection through an in-app settings menu if available, or by adjusting your device’s advertising identifier settings (some analytics use the Advertising ID, which you can reset or limit ad tracking on your device settings). Additionally, to the extent Google Analytics may be considered a “sale” or “sharing” of data under CCPA/CPRA, we will respect Global Privacy Control signals or similar mechanisms as an opt-out, or you can contact us to opt out of analytics for California purposes.


We may use other analytics or tracking tools over time (such as Mixpanel, Matomo, etc.); if so, we will update this Policy and provide appropriate disclosures and choices. Any analytics providers we use will be obligated to use your data only for providing services to us and not for their own purposes (except as part of providing us aggregated analysis).



3.2 Advertising and Marketing Partners



AttentionGrab’s primary goal is to serve you, not to bombard you with advertising. As of the latest update of this Policy, we do not display third-party advertisements within the app in a way that shares your personal information with external advertisers beyond what is described here. However, we may use certain advertising-related services for our own marketing and for any ad features we might implement, including:


  • Advertising Networks: We may partner with networks such as Google Ads/AdSense or social media advertising platforms (Facebook Ads, etc.) to promote AttentionGrab on third-party platforms and to possibly show promotions within our Service. If we do so, those networks might set cookies or use tracking technologies on our website to measure ad performance (for example, a Facebook Pixel or Google Ads tag to see if you clicked one of our ads and signed up). These technologies would enable the advertising network to recognize your device and understand ad campaign effectiveness or target ads. We will obtain consent for any such cookies where legally required. You can opt-out of many third-party ad cookies through tools like the Network Advertising Initiative (NAI) opt-out or Digital Advertising Alliance (DAA) Consumer Choice pages.

  • Personalized Ads: If in the future AttentionGrab offers a free tier supported by ads, we might show you ads tailored to your interests based on data like your usage or demographic area. In such a case, we will provide clear notice and consent options for personalized advertising. You will have the ability to opt-out of targeted ads by using a “Do Not Sell or Share My Info” link (for California residents) or equivalent settings in the app for others. Opting out would mean you may still see ads but they would be generic and not based on your personal info. We will also honor device-level ad opt-out settings (for example, “Limit Ad Tracking” on iOS or Android).

  • Email Marketing Services: As mentioned, we use providers like Mailchimp to manage our email newsletter and marketing campaigns. If you subscribe to our newsletter or we send you promotional updates, your email address and maybe your name are stored with that provider. They help us design and send emails and may collect statistics on email open rates or link clicks to help us understand engagement. These email messages will always include an unsubscribe link if you wish to stop receiving them. We only send marketing emails to users who have either signed up for them or who are customers where it’s allowed to send relevant updates. We do not share your email with unrelated third parties for their own marketing.



Each of these partners has their own privacy policy which we recommend you review (e.g., Google’s Privacy Policy for how Google uses data from our site, Mailchimp’s Privacy Policy for how they handle our mailing list). However, we take steps to minimize data sharing (for instance, hashing customer email lists for ad retargeting, where applicable, or enabling privacy-focused settings).



3.3 Social Media and Third-Party Login



If you log into AttentionGrab through a third-party account (like signing in with Google or Facebook), those services may collect information about that sign-in (such as the fact that you used their login to access AttentionGrab). That use is governed by the third-party’s own privacy policy. We only receive from them the information needed to create or log in to your account (like your name, email, and an authentication token). We do not send your AttentionGrab account data back to those platforms except as needed for the login process or if you explicitly request a data transfer.


Our Service may also contain social media widgets or plugins (for example, a “Share” button to Facebook or X/Twitter on a piece of content). If you choose to use these features, they may collect your IP address and which page you are visiting, and set a cookie to function properly. These features are hosted by the third party and are subject to that third party’s privacy policy.



4. Data Security



We take the security of your personal information very seriously. We implement a variety of technical, administrative, and physical safeguards to protect your data from unauthorized access, disclosure, alteration, and destruction. Here are key security measures in place:


  • Encryption: All data is transmitted over secure channels using TLS/SSL encryption (the industry standard protocol for secure web communication – you’ll see “https” in our URLs). This means that data exchanged between your device and our servers is encrypted in transit. Additionally, we employ encryption at rest for sensitive data stored in our databases and files. For example, any sensitive personal information and passwords are stored encrypted or hashed (we never store plaintext passwords).

  • Secure Cloud Infrastructure: We use reputable cloud providers like AWS and managed databases like Supabase, which maintain high security standards. Our servers are configured with firewalls and network security measures to restrict access. Data is backed up regularly, and backups are also secured. We utilize access controls so that only authorized personnel and service processes can access the servers where your data is stored.

  • Access Controls and Policies: Within our organization, access to personal data is restricted to employees, contractors, and agents who need to know that information in order to process it for us (for example, support staff assisting you, or developers troubleshooting an issue). All such persons are subject to strict confidentiality obligations and are trained on data protection. We follow the principle of least privilege and regularly review access roles.

  • Monitoring and Testing: We monitor our systems for possible vulnerabilities and attacks. We employ intrusion detection systems and keep our software and dependencies up to date with security patches. Regular security assessments and audits are conducted, including code reviews and, where appropriate, penetration testing by security experts. If we discover any security breach that affects your personal information, we will notify you and the appropriate authorities as required by law.

  • Secure Development Practices: Our application is built using reputable open-source components and follows security best practices (for example, protection against SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF) in our web interface). We also utilize Model Context Protocols and APIs in ways that do not expose your data unnecessarily. Any integration with third-party APIs is done securely using tokens and keys that are stored safely.

  • Data Minimization: We strive to collect only the data that is needed for the stated purposes and retain it only for as long as necessary (see Data Retention below). By limiting what we store, we reduce the risk exposure in case of any incident.

  • Encryption for Third-Party Comms: When communicating with third-party services (like fetching data from an OAuth provider or sending a message via WhatsApp), we utilize their recommended secure methods (often also TLS-encrypted channels). For example, messages sent through WhatsApp or Signal APIs are end-to-end encrypted in those services; we make use of their official integration paths to ensure security is maintained.



Despite all these measures, it’s important to note that no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security. You also play a role in keeping your data safe: please use a strong, unique password for AttentionGrab (if not using third-party login), keep your login credentials confidential, and notify us immediately if you suspect any unauthorized access to your account.



5. Data Retention



We retain personal information for as long as necessary to fulfill the purposes for which it was collected, as outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. In general:


  • Account Information: If you have an account with AttentionGrab, we will keep your profile information, account settings, and content you have provided or generated for as long as your account is active. If you choose to delete your account or if your account is terminated, we will initiate the deletion of your personal information from our active databases. In many cases, deletion will occur within a short period (for example, we aim to complete most deletions within 30 days of request), but some data may persist in backup archives for a limited time (typically not more than 90 additional days) before being fully erased. We may retain a record of your email or account ID on a suppression list to ensure we do not inadvertently create a new account for you or send you emails after you’ve requested deletion.

  • Third-Party Integration Data: Data fetched from connected accounts (like social media posts, contact lists, etc.) is retained only as long as needed to provide the functionality. If you disconnect an integration, we will delete the data retrieved from that account (unless it has been combined into derivative data that is necessary for our service or you have otherwise saved it). For example, if our app created an aggregated report of your social media engagement, we might keep that report (as it is your content), but after disconnection we would stop retrieving new data and you can request removal of stored data from the third-party source.

  • Transaction and Payment Records: Purchase history, invoices, and related records are kept as long as required for financial reporting and audit (often at least 7 years, depending on tax laws), even if you delete your account. However, this data will be restricted in use (only for those legal purposes).

  • Communications: If you contact us via support or email, we may retain those communications and our responses as long as necessary to address your inquiry, provide support, and improve our services (typically at least a year, and longer if needed for legal purposes – e.g., keeping a record of customer service communications in case of future disputes).

  • Logs and Analytics: Our server logs and analytics data may be kept for a set period (for example, raw logs for 90 days, aggregated analytics indefinitely). We use these logs for security, debugging, and analytic purposes. When logs are older, we either delete them or anonymize/pseudonymize the data (removing or encrypting any identifying info) for long-term retention to track historical performance or trends without directly identifying you.

  • Legal Holds: We might need to retain information beyond the standard periods if subject to a legal obligation or an official request (e.g., preservation of data in response to a court order or investigation). In such cases, we will securely retain the data for as long as required by the obligation and solely for that purpose.



When we no longer have a legitimate need or legal obligation to keep your personal information, we will securely dispose of it. This may involve irreversible anonymization (so the data can no longer be associated with you) or secure deletion. If deletion is not immediately possible (for example, stored in backups), we will ensure the data remains securely stored, is isolated from further active use, and is deleted as soon as feasible.



6. International Data Transfers



AttentionGrab is operated from the United States, and our servers and service providers may be located in the U.S. and other countries. This means that your personal information may be transferred to, stored, or processed in a country different from your home country, including countries (like the United States) that may not provide the same level of data protection as the laws in your jurisdiction (such as the European Union).


However, we take steps to ensure that appropriate safeguards are in place to protect your personal data in accordance with this Privacy Policy and applicable law, regardless of where it is processed. These measures include:


  • Contractual Protections: If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on approved transfer mechanisms for any cross-border data transfers. This often involves using the European Commission’s Standard Contractual Clauses (SCCs) or other legally recognized mechanisms to ensure an adequate level of protection for personal data transferred outside the EEA. Our agreements with service providers include commitments to comply with these transfer frameworks where relevant.

  • Privacy Shield/Framework Compliance: While the former EU-U.S. Privacy Shield is no longer a valid transfer mechanism, some of our U.S. service providers participate in the new EU-U.S. Data Privacy Framework or similar programs which reflect commitments to protect European personal data. We consider such certifications as an additional safeguard, though we primarily rely on SCCs and direct contracts.

  • Adequacy Decisions: Where applicable, if a country has been deemed by the relevant regulatory authorities to have an “adequate” level of data protection (meaning it’s approved for transfer without additional measures), we may rely on that adequacy decision. For example, transfers to Canada or certain other countries are permitted because they are considered adequate by the EU.

  • User Consent for Transfers: In the absence of other safeguards, we may ask for your explicit consent to transfer your personal data to a jurisdiction that may have different data protection rules. You have the right to decline, though this may limit your ability to use the Service (as we might not be able to provide it without the data transfer). We will always inform you of potential risks in such a scenario and allow you to make an informed decision.



If you would like more information about our international transfer practices or need a copy of relevant contractual agreements (like the SCCs), you can contact us at our support address.



7. Your Rights and Choices



You have important rights regarding your personal information. AttentionGrab is committed to providing you with access to your data and control over how it is used, in compliance with applicable privacy laws. This section describes the rights available to users in different regions and the choices you have to manage your information.



7.1 Rights of Individuals in the European Economic Area (EEA), UK, and Other Regions (GDPR)



If you are located in the EEA, United Kingdom, Switzerland, or other jurisdictions with similar data protection laws, you have the following rights regarding your personal data, under the GDPR and related laws:


  • Right to Access: You have the right to request a copy of the personal data we hold about you, as well as information about how we process it. This is often called a “Data Subject Access Request.” We will provide you with a copy of your data in a common format (usually electronic) upon verification of your identity, free of charge (except as permitted by law for repetitive or excessive requests).

  • Right to Rectification: If any of your personal information is inaccurate or incomplete, you have the right to ask us to correct or update it. For example, if you change your email address or notice an error in your profile data, you can update it in your account settings or ask us to fix it.

  • Right to Erasure: Commonly known as the “Right to be Forgotten.” You may request that we delete or remove your personal data when it’s no longer necessary for us to retain it, or if you have withdrawn consent (where applicable) or object to our processing (and we have no overriding legitimate grounds to continue), or if we processed your data unlawfully, etc. There are some exceptions – for instance, we might retain certain information for legal obligations (see Data Retention above). But if no valid reason for retention applies, we will comply with your deletion request. Deletion of your data might mean we have to delete your account, as we cannot function without certain basics. We will inform you of the outcome.

  • Right to Restrict Processing: You have the right to request that we limit the processing of your personal information in certain circumstances. This could apply if you contest the accuracy of data (we would restrict use while verifying accuracy), or if processing is unlawful but you prefer restriction over deletion, or if you just need us to retain data for you to establish/exercise a legal claim while we would otherwise delete it. When processing is restricted, such data will be marked accordingly and only processed for the specific reason (e.g., legal claims) or with your consent.

  • Right to Data Portability: You have the right to obtain your personal data that you provided to us in a structured, commonly used, machine-readable format, and to have that data transmitted to another controller, where technically feasible. This typically applies to data we process by automated means on the basis of your consent or to perform a contract. If you request, and it’s feasible, we can directly transfer to another service at your direction. For example, you might want an export of all content or social posts you aggregated through AttentionGrab. We will provide that if required by law.

  • Right to Object: You have the right to object to our processing of your personal data in certain situations. You can object to direct marketing at any time (and we will stop sending marketing immediately). If we are processing your data based on legitimate interests, you can object if you believe it impacts your rights and freedoms. If you object, we will consider whether our legitimate grounds override your interests; if not, we will cease or limit processing your data. For example, you can object to some profiling or analytics we do – if it’s not essential, we’d stop at your request.

  • Right not to be subject to Automated Decision-Making (including profiling): AttentionGrab does not make any legally significant decisions about you solely by automated means without human involvement. However, if in future we were to use algorithms to, say, decide something with legal or similarly significant effect, you have the right to request human review of such decision and to contest it. Currently, any profiling we do (like to personalize content) is not legally significant and you can always opt out by adjusting settings or contacting us.



To exercise any of these rights, please contact us at support@attentiongrab.io with your request. We may need to verify your identity before fulfilling the request (to ensure we don’t disclose or delete data to the wrong person). We will respond within one month of receiving a request, or inform you if we need more time (we can extend by an additional two months for complex requests, but we will let you know). There is generally no fee, but repetitive or excessive requests may incur a reasonable fee as permitted by law.


You also have the right to lodge a complaint with your local data protection authority if you believe we have infringed your privacy rights. We encourage you to contact us first, so we can address your concerns directly.



7.2 Rights of California Residents (CCPA/CPRA and CalOPPA)



If you are a resident of California, you have specific privacy rights under California law. The California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you rights regarding your personal information. Additionally, the California Online Privacy Protection Act (CalOPPA) requires us to make certain disclosures. Below is a summary of your California privacy rights and how to exercise them:


  • Right to Know: You have the right to request that we disclose what personal information we collect, use, disclose, and sell/share about you. This includes the categories of personal information, specific pieces of information, the categories of sources from which the information is collected, the business or commercial purpose for collecting or selling/sharing, and the categories of third parties with whom we share personal information. We provide much of this information in this Privacy Policy. You can also request a more detailed report of your own information collected in the past 12 months.

  • Right to Delete: You have the right to request deletion of personal information that we have collected from you and retained, subject to certain exceptions. For example, if the information is necessary to complete a transaction or provide the Service you requested, to detect security incidents, to comply with a legal obligation, or other such exceptions under CCPA, we may deny deletion of those specific pieces of data. Otherwise, we will delete (and direct our service providers to delete) your personal information from our records.

  • Right to Correct: Under CPRA, you have the right to request correction of inaccurate personal information that we maintain about you. If you find that any of your data is incorrect, you can ask us to rectify it, and we will take into account the nature of the personal information and the purposes of processing to ensure it is accurate.

  • Right to Opt-Out of Sale or Sharing: California law gives you the right to opt-out of the “sale” of your personal information, or the “sharing” of your personal information for cross-context behavioral advertising. AttentionGrab does not sell your personal information for money. We also do not share data for cross-context advertising in the sense of providing your personal data to third-party advertisers to target you on unrelated services without your consent. If we ever engage in practices that fall under “sale” or “share” as defined by CCPA/CPRA, we will implement a “Do Not Sell or Share My Personal Information” link or mechanism for you to opt-out. We also recognize opt-out preference signals, such as the Global Privacy Control (GPC), as a valid request to opt-out of sale/sharing – if you have GPC enabled in your browser, our site will treat that as you having opted out.

  • Right to Limit Use of Sensitive Personal Information: CPRA provides that California residents can direct businesses to limit the use of “sensitive personal information” to only what is necessary to perform the services. Sensitive personal info under CPRA includes things like account logins with credentials, precise geolocation, racial/ethnic origin, etc. AttentionGrab’s use of any sensitive info (for example, precise geolocation or contacts, if you provided them) is already limited to the necessary purpose (to provide you the feature). We do not use sensitive data for secondary purposes like inferring characteristics about you. If you still wish to ensure limitation, you have the right to request that we continue to restrict any sensitive info usage to only what’s required. In practice, our default is to do so, but we will certainly honor any request in this regard.

  • Right of Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. This means we will not deny you our services, charge you a different price, or provide a different level of quality just because you exercised your rights. If we offer any financial incentives (like a discount or rewards program in exchange for personal info), we will present the terms of such incentive and you can choose to participate or withdraw.



Exercising Your California Rights: To make a request to know, delete, or correct, you (or your authorized agent) can contact us at support@attentiongrab.io or through our website contact form. Please indicate that you are a California resident making a “CCPA/CPRA request,” and specify the nature of your request. We will need to verify your identity (or authority, if through an agent) before processing the request, which may involve asking you to provide information matching what we have on file (we will use information only for verification). We aim to respond to your request within 45 days as required by law (with a possible 45-day extension if necessary, which we would communicate to you).


For requests to opt-out of sale/sharing or to limit use of sensitive info, since we currently do not engage in those activities beyond necessary service use, you can simply refrain from enabling any features that involve sensitive data, or contact us to double-check. If in the future we introduce broader use of data that qualifies, we will provide a clear opt-out method (such as a web form or link in the app and on our site).


California “Shine the Light”: California Civil Code § 1798.83 (the “Shine the Light” law) permits California users to request certain information about our disclosure of personal information to third parties for their own direct marketing purposes. As noted above, it is our policy not to share your personal information with third parties for direct marketing without your consent. If you have questions about our practices in this regard or would like to make a request under Shine the Light, you can contact us and we will respond as required by law.


CalOPPA - Do Not Track: Our website honors browser “Do Not Track” (DNT) signals to the extent feasible. However, there is currently no universal standard for DNT signals. Given the state of the industry, we treat DNT signals as an opt-out of cookies that are not strictly necessary. If your browser sends a DNT signal, we will attempt to limit tracking (especially third-party tracking) on our site. Regardless of DNT, you can always adjust cookie preferences manually on our site’s cookie banner or by using browser settings and other opt-out tools as described in Section 3.2. We will continue to monitor developments around DNT standards and update our policy accordingly.



7.3 Rights of Other International Users



We strive to uphold privacy rights for all our users, not just those in the EU or California. Other countries and states may have laws that provide their residents with specific rights regarding personal data. For example, Brazil’s Lei Geral de Proteção de Dados (LGPD), Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial laws, Australia’s Privacy Act, and others. Our approach is to grant and honor privacy rights in a universal manner as far as possible.


This means even if you are not in one of the jurisdictions listed above, you can still contact us to:


  • Access a copy of your data we hold,

  • Request correction of inaccurate information,

  • Request deletion of your data (if applicable),

  • Object to or restrict certain processing, or

  • Opt out of marketing communications.



We will do our best to accommodate such requests in line with applicable laws and our capabilities. If you have any privacy questions or requests, please reach out to us and we will respond in a timely manner.


For residents of some regions:


  • Nevada: Nevada law (SB 220) allows consumers to opt out of the sale of personal information. As noted, we do not sell personal information. If you are a Nevada resident, you can still send a verified request to opt-out of any future sale of your information by emailing us, and we will record your preference.

  • Canadian Users: By using the Service, you acknowledge that your information may be processed outside of Canada (as described in International Transfers). We comply with Canada’s PIPEDA and applicable provincial laws; we will obtain your consent for collection, or rely on other lawful bases as allowed (e.g., your use of the service constitutes implied consent for necessary data). You have similar rights to access and correction as described above. Additionally, if you wish to withdraw consent to some processing (for example, marketing), we will accommodate that.

  • Other Regions: If any local law requires additional provisions (for example, EU ePrivacy regarding cookies, or specific disclosures under Singapore’s PDPA, etc.), we intend to comply with those requirements. This Privacy Policy is meant to be globally applicable, and where there are stricter requirements, we align with those in practice.




7.4 Your Choices: Access, Update, and Opt-Out



In addition to formal rights, we provide various user controls so you can manage your information easily:


  • Account Profile: You can access and update much of your personal information directly in your account settings. This includes your contact details, profile info, and preferences. We encourage you to keep this information up-to-date.

  • Email Preferences: If you have an account, you may have settings to manage which communications you receive (e.g., opting out of newsletters while still receiving important account alerts). You can also always use the “unsubscribe” link in any promotional email to stop receiving it. Transactional or service-critical emails may not have an opt-out as they are necessary for service (e.g., billing receipts, security alerts).

  • Third-Party Account Connections: Through our app’s settings or dashboard, you can review which third-party accounts you have connected. You have the ability at any time to disconnect any integration. This will stop further data syncing from that source. You can also go to the third-party service itself (for example, Google’s account security settings, Facebook’s app permissions, etc.) and revoke our app’s access. We recommend doing both if you no longer want integration.

  • Cookie Controls: On our website, when you first visit, we present a cookie consent banner (for jurisdictions that require it). You can choose which categories of cookies to accept (e.g., you might disable analytics or advertising cookies). Even after making a choice, you can usually find a “Cookie Preferences” link on our site to adjust your selection. Additionally, your browser settings allow you to delete or refuse cookies. Keep in mind disabling cookies might affect some functionalities (like staying logged in). For mobile, you can typically control tracking via your device settings (e.g., resetting your advertising ID, or toggling “Allow apps to request to track” on iOS). You may also request to review, update, or remove your stored location information at any time by updating by contacting our support team or managing your profile settings within the app.

  • Opt-Out of Targeted Ads: As described earlier, if we engage in targeted advertising, we will provide an easy opt-out. This might be a toggle in the app’s privacy settings or a link titled “Do Not Sell or Share My Personal Info” on the website footer. Use these if available, or contact us for assistance. Also consider using industry opt-out sites (NAI, DAA) or browser GPC signals which we respect.

  • Push Notifications: If our mobile or web app provides push notifications or system alerts, you can opt out or adjust these by changing the settings on your device or browser (for example, turning off notifications for the AttentionGrab app). We may send notifications for things like new messages or reminders; control them as you prefer.

  • Withdrawal of Consent: If we are processing your data based on consent (for instance, accessing your device’s contacts, or sending marketing emails), you have the right to withdraw that consent at any time. You can do so by disabling the feature (e.g., turning off a permission in your phone or unsubscribing from emails) or contacting us. Note that withdrawal does not affect the lawfulness of processing that happened prior to the withdrawal.




8. Children’s Privacy



Protecting children’s privacy is extremely important to us. AttentionGrab is not intended for use by children under the age of 13. We do not knowingly solicit or collect personal information from children under 13 years old. If you are under 13, please do not use our Service or provide any information about yourself, including your name, address, phone number, or email.


Parents or guardians: if you become aware that your child under 13 has provided us with personal information without your consent, please contact us immediately at support@attentiongrab.io. We will promptly take steps to delete the child’s information from our records in compliance with the Children’s Online Privacy Protection Act (COPPA) and other applicable laws.


For users between 13 and 18 (the age of majority in most jurisdictions), we advise using the Service with parental guidance and supervision. If you are a minor in your jurisdiction, you should review this Policy with your parent or guardian to make sure you both understand it. Some regions have higher age thresholds (for example, under GDPR, children under 16 in certain countries need parental consent for data processing) – we endeavor to comply with those requirements. If we learn we have collected personal data from a minor without proper consent or authorization, we will delete it. We also do not use any personal data of minors for marketing or profiling inconsistent with youth privacy regulations.



9. Changes to This Privacy Policy



We may update or revise this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, and other factors. When we make changes, we will:


  • Post the updated Privacy Policy on our website (and within the app). The “Last Updated” date at the top will be revised to indicate the date of the latest changes.

  • In the case of significant changes, we may provide a more prominent notice or notify you directly. For example, we might display a notice on our homepage or send you an email notification if we have your email address. Significant changes could include any material alterations in how we collect or use personal information, or changes in your rights.

  • If required by law, we will also seek your consent for certain changes. For instance, if we plan to use your personal data for a new purpose that requires consent, we will obtain consent before doing so.



We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of AttentionGrab after any changes to this Privacy Policy constitutes your acceptance of the updated terms (to the extent permitted by law). If you do not agree to any updates or changes, you should stop using the Service and may request deletion of your data.



10. Contact Us



If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us:


  • By Email: support@attentiongrab.io

  • By Contact Form: Visit our official website’s contact page at attentiongrab.io/contact to submit a query.

  • By Mail: Privacy Officer, Income Outcome LLC (DBA AttentionGrab), 5830 E 2nd St, Ste 7000, Casper, WY 82609, USA.



We will do our best to respond promptly to your inquiries. If you contact us to exercise a privacy right, please include sufficient information for us to verify your identity (for example, the email associated with your account) and a clear description of your request.


Thank you for trusting AttentionGrab with your information. We are dedicated to protecting your privacy and providing a safe and secure experience.