Is Attio GDPR Compliant?
Attio privacy and compliance overview. Last scanned: 1 months ago.
Attio scored 56/100 (grade D), indicating significant privacy issues. Key issues found: 22 tracking requests detected before consent. No CCPA/CPRA opt-out signals detected. CCPA/CPRA compliance requires more than disclosures. This score reflects observable signals only, not legal compliance. This is an automated technical assessment, not a legal compliance certification.
56/100
Privacy and compliance score
Scanned May 17, 2026 in browser mode.
Pre-consent tracking
0/2322 tracking requests detected before consent.
CCPA / CPRA disclosures
0/8No CCPA/CPRA opt-out signals detected. CCPA/CPRA compliance requires more than disclosures. This score reflects observable signals only, not legal compliance.
Cookie consent banner
8/12Consent banner detected (Unknown) with partial reject effectiveness.
Accessibility (WCAG 2.x AA)
11/152 accessibility violations detected (0 critical, 2 serious, 0 moderate).
Security headers
7/101 security header missing: Strict-Transport-Security (max-age >= 31536000).
Privacy policy
8/10Privacy policy found but may be incomplete or outdated.
AI training stance
5/5No AI training disclosure found.
COPPA signal
5/5No COPPA language detected.
DPA and sub-processor list
7/7DPA reference and sub-processor list both found.
Hosting region disclosure
5/5Data hosting region disclosed in privacy policy.
Does Attio self-report SOC 2, HIPAA, or PCI compliance?
The following is based on Attio's public documentation. ComplianceCheckup has not independently audited these claims.
Frequently asked questions about Attio compliance
Is Attio GDPR compliant?
Attio received a privacy grade of D (56/100) in our automated scan. 22 tracking requests detected before consent. No CCPA/CPRA opt-out signals detected. CCPA/CPRA compliance requires more than disclosures. This score reflects observable signals only, not legal compliance. For a complete GDPR assessment, consult a qualified privacy professional.
Does Attio offer a Data Processing Agreement (DPA)?
No DPA link was found in our directory for Attio. Check their legal or trust center page, or contact their sales team to request a DPA under GDPR Article 28.
Is Attio SOC 2 certified?
No SOC 2 certification was found in our directory for Attio. Check their trust center or security page for current status.
What pre-consent tracking did we find on Attio?
22 tracking requests detected before consent. Pre-consent tracking means scripts or cookies run before users accept or decline the cookie banner, which may violate GDPR Article 5(1)(a). ComplianceCheckup detected this via an automated headless browser scan.
What are Attio's biggest privacy risks?
Based on our automated scan, the top areas of concern are: Pre-consent tracking, Cookie consent banner, CCPA / CPRA disclosures. 22 tracking requests detected before consent. These findings are automated and may not capture all risks.
How does Attio handle CCPA?
No CCPA/CPRA opt-out signals detected. CCPA/CPRA compliance requires more than disclosures. This score reflects observable signals only, not legal compliance. CCPA requires businesses handling California residents' data to disclose data practices, honor opt-out requests, and support the Global Privacy Control (GPC) signal. Our scan checks for GPC support and CCPA-relevant cookie disclosures.
Not legal advice. The scan grade is an automated technical assessment and does not constitute legal or compliance advice. Self-reported claims have not been independently verified. Results may contain false positives or miss issues that cannot be detected programmatically. Consult a qualified attorney or compliance professional for your specific situation.