Privacy Policy
Last updated: July 12, 2026
Attune IT LLC ("Attune", "we", "us") operates Attune Smart Forms, a forms, documents, and workflow platform for small businesses. This policy explains what we collect, why, and the controls you have.
1. Data we collect
- Account data — your name, email address, password (stored only as a salted bcrypt hash), and organization name.
- Billing data — handled by Stripe, our payment processor. We never see or store full card numbers; we keep subscription status, plan, and invoice records.
- Customer content — the forms you build, documents you upload, and submissions your respondents send. This content belongs to you.
- Usage data — metered counters (submissions, document fills, storage) used to enforce plan limits, plus standard server logs with IP addresses.
- Trial-abuse signals — a one-way hash of your email domain, retained to prevent repeated free trials. It cannot be reversed into your address.
2. How we use it
- To provide the service: hosting your forms, storing submissions, sending emails.
- To bill you and enforce the plan limits you have paid for.
- To secure the platform: fraud prevention, abuse detection, audit logging.
- To notify you about usage limits, billing events, and service changes.
We do not sell your data. We do not use your customer content to train AI models.
3. Respondent data
When someone fills out a form you published, their submission is stored on your behalf. You (the workspace owner) are the data controller for that content; we are the processor. Respondents should direct access or deletion requests to the business that published the form; we assist our customers in fulfilling them.
4. Data retention and deletion
- Active accounts — your content is retained while your subscription or trial is active.
- Expired trials — data is retained read-only for 30 days after expiry, then permanently purged.
- Canceled subscriptions — data is retained read-only for 60 days after the paid period ends, then permanently purged. Resubscribing within the window restores everything.
- Deletion requests — you may request deletion at any time; verified requests are completed within 30 days. Billing records we are legally required to keep survive deletion.
5. Subprocessors
We use a small set of infrastructure providers to run the service: cloud hosting for compute and storage, Stripe for payments, and a transactional email provider for notifications. Each is bound by data-processing terms.
6. Security
Passwords are hashed with bcrypt; third-party credentials you store (such as SMTP passwords) are encrypted with AES-256-GCM; traffic is encrypted in transit with TLS. Access to production data is restricted and logged.
7. Your rights
Depending on where you live (including under GDPR and CCPA), you may have the right to access, correct, export, or delete your personal data, and to object to certain processing. Contact us at privacy@attuneitus.com and we will respond within 30 days.
8. Changes
We will notify account owners by email of material changes to this policy at least 14 days before they take effect.
9. Contact
Attune IT LLC — privacy@attuneitus.com