Privacy Policy
Effective Date: October 6, 2025
Last Updated: October 6, 2025
This Privacy Policy describes how Infinidatum ("we," "us," or "our") collects, uses, discloses, and protects information when you use the Causal Attribution API and SDK (the "Service").
By using the Service, you consent to the practices described in this Privacy Policy.
1. Information We Collect
1.1 Information You Provide Directly
Account Information:
- Name and email address (for API key issuance and support)
- Company name and billing address (for paid subscriptions)
- Payment information (processed by third-party payment processors; we do not store full credit card numbers)
Communications:
- Messages you send to us (support requests, inquiries, feedback)
- Survey responses or other voluntary feedback
1.2 Information Collected Automatically
Cloud API Usage Data:
- API request metadata (timestamp, endpoint accessed, HTTP status codes, request size)
- API key used (to associate requests with your account)
- IP address and user agent (for security and rate limiting)
- Error logs and diagnostic information (for debugging and service improvement)
Website Analytics:
- Pages visited, time spent, and navigation paths (via Google Analytics)
- Device type, browser, operating system, and screen resolution
- Referral source (how you found our website)
Cookies and Tracking Technologies:
- Essential cookies for authentication and session management
- Analytics cookies (Google Analytics) for website usage statistics
- You can control cookies through your browser settings
1.3 Data You Submit to the Service (Cloud API)
Customer Attribution Data:
- Touchpoint data (timestamps, channels, conversion events, revenue amounts)
- Customer identifiers (pseudonymous IDs, not personally identifiable unless you include them)
- Campaign and marketing metadata
Important: We process this data solely to provide attribution analysis. We do not use your customer data for any other purpose (marketing, analytics, model training, etc.) without your explicit consent.
1.4 SDK Usage (Minimal Data Collection)
When you use the Local SDK:
- License validation data: License key, server identifier, SDK version, timestamp (sent to control plane for license verification)
- No customer data: Your attribution data is processed 100% locally and never transmitted to Infinidatum
- Offline mode: No data is collected if you use offline/air-gapped mode
2. How We Use Your Information
2.1 To Provide the Service
- Process your API requests and return attribution results
- Authenticate and authorize access to the API/SDK
- Monitor usage for billing and quota enforcement
- Provide customer support and respond to inquiries
2.2 To Improve the Service
- Analyze aggregated, anonymized usage patterns to improve algorithms and performance
- Debug errors and fix bugs
- Develop new features and attribution models
2.3 For Security and Compliance
- Detect and prevent fraud, abuse, and security threats
- Enforce our Terms of Service
- Comply with legal obligations and respond to lawful requests
2.4 For Marketing (With Your Consent)
- Send you product updates, newsletters, and promotional offers (you can opt out at any time)
- Notify you of new features, pricing changes, or important service updates
We do NOT:
- Sell or rent your personal information to third parties
- Use your customer attribution data to train models for other customers
- Share your data with advertisers or data brokers
3. How We Share Your Information
3.1 Service Providers
We may share information with trusted third-party service providers who help us operate the Service:
- Cloud hosting providers: AWS, Google Cloud (for Cloud API infrastructure)
- Payment processors: Stripe, PayPal (for subscription billing)
- Analytics providers: Google Analytics (for website analytics)
- Email service providers: For sending transactional emails and support communications
These providers are contractually obligated to protect your data and use it only for the specified purposes.
3.2 Legal Requirements
We may disclose information if required by law or in good faith belief that disclosure is necessary to:
- Comply with legal obligations (subpoenas, court orders, government requests)
- Protect our rights, property, or safety
- Prevent fraud or security threats
- Protect the safety of users or the public
3.3 Business Transfers
If Infinidatum is acquired, merges with another company, or undergoes a business restructuring, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.
3.4 With Your Consent
We may share information with third parties when you explicitly consent (e.g., integrations with third-party tools you authorize).
4. Data Security
4.1 Security Measures
We implement industry-standard security measures to protect your information:
- Encryption in transit: All API communications use TLS 1.3 encryption
- Encryption at rest: Cloud API data is encrypted on disk using AES-256
- Access controls: Role-based access controls and multi-factor authentication for internal systems
- Regular audits: Security audits and penetration testing (annually for Cloud API)
- Monitoring: 24/7 security monitoring and intrusion detection
4.2 Data Isolation (Cloud API)
- Your data is logically isolated from other customers' data
- API keys are hashed and stored securely
- Access logs are encrypted and retained for security audits
4.3 SDK Security
- SDK processes data entirely on your infrastructure—you control security
- License keys are transmitted over encrypted channels
- Offline mode eliminates all external network dependencies
4.4 Your Responsibility
- Keep your API keys and license keys confidential
- Use strong, unique passwords for your account
- Notify us immediately of any unauthorized access or security breaches
No Security is Perfect: While we implement strong security measures, no system is 100% secure. We cannot guarantee absolute security.
5. Data Retention
5.1 Cloud API Data
- Attribution request data: Retained for 30 days for debugging and support, then permanently deleted
- Aggregated analytics: Anonymized, aggregated statistics may be retained indefinitely for service improvement
- Account information: Retained while your account is active and for 1 year after account closure (for compliance and billing records)
- Billing records: Retained for 7 years as required by tax and accounting regulations
5.2 SDK Data
- Your attribution data: Not retained by Infinidatum (processed locally on your infrastructure)
- License validation logs: Metadata retained for up to 2 years for compliance and audit purposes
5.3 Data Deletion
You can request deletion of your data at any time by emailing cm-privacy@infinidatum.net. We will delete your data within 30 days, except where retention is required by law.
6. Your Privacy Rights
6.1 General Rights
You have the right to:
- Access: Request a copy of the personal information we hold about you
- Correction: Request correction of inaccurate or incomplete information
- Deletion: Request deletion of your personal information (subject to legal retention requirements)
- Portability: Request export of your data in a machine-readable format
- Opt-out: Unsubscribe from marketing emails (click "unsubscribe" in any email)
6.2 GDPR Rights (EU Residents)
If you are in the European Union, you have additional rights under the General Data Protection Regulation (GDPR):
- Right to restriction: Request temporary restriction of processing
- Right to object: Object to processing based on legitimate interests
- Right to withdraw consent: Withdraw consent for processing at any time
- Right to lodge a complaint: File a complaint with your local data protection authority
Legal Basis for Processing (GDPR):
- Contract: Processing necessary to provide the Service you requested
- Legitimate interests: Security, fraud prevention, service improvement
- Consent: Marketing communications (you can withdraw consent anytime)
Data Processing Agreement: Available upon request for Cloud API customers processing EU personal data.
6.3 CCPA Rights (California Residents)
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):
- Right to know: Request disclosure of personal information collected, sources, purposes, and third parties we share it with
- Right to delete: Request deletion of personal information (subject to exceptions)
- Right to opt-out: Opt out of the "sale" of personal information (we do not sell personal information)
- Right to non-discrimination: We will not discriminate against you for exercising your rights
We do NOT sell personal information. We have not sold personal information in the past 12 months.
6.4 How to Exercise Your Rights
To exercise any of these rights, email us at: cm-privacy@infinidatum.net
We will respond to your request within 30 days. We may ask you to verify your identity before processing your request.
7. International Data Transfers
7.1 Cloud API Data Location
Cloud API servers are located in the United States. If you are located outside the U.S., your data will be transferred to and processed in the U.S.
7.2 EU-U.S. Data Transfers
For EU customers, we use Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection for your data when transferred to the U.S.
7.3 SDK Data Location
SDK processes data entirely on your infrastructure, so you control the data location. License validation requests may be sent to our U.S.-based control plane.
8. Children's Privacy
The Service is not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately, and we will delete it.
9. Cookies and Tracking Technologies
9.1 Types of Cookies We Use
| Cookie Type |
Purpose |
Duration |
| Essential Cookies |
Authentication, session management |
Session or 30 days |
| Analytics Cookies |
Google Analytics (website usage statistics) |
2 years |
| Preference Cookies |
Remember your settings and preferences |
1 year |
9.2 Managing Cookies
You can control cookies through your browser settings:
- Block all cookies: Most browsers allow you to block all cookies (may impact functionality)
- Delete cookies: Clear cookies from your browser history
- Third-party cookies: Block third-party cookies (e.g., Google Analytics)
Google Analytics Opt-Out: Install the Google Analytics Opt-out Browser Add-on
9.3 Do Not Track
We do not currently respond to Do Not Track (DNT) browser signals, as there is no industry standard for DNT compliance.
10. Third-Party Links
Our website may contain links to third-party websites (e.g., GitHub, payment processors). We are not responsible for the privacy practices of these third parties. Please review their privacy policies before providing any information.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Material changes will be notified via:
- Email to your registered email address (30 days' advance notice for material changes)
- Prominent notice on our website
- Update to the "Last Updated" date at the top of this page
Continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.
12. Contact Us
If you have questions about this Privacy Policy or our data practices, contact us:
Infinidatum
Email: cm-privacy@infinidatum.net
Website: https://causalmma.com
For GDPR-related inquiries: Email "GDPR Request" in the subject line
For CCPA-related inquiries: Email "CCPA Request" in the subject line
13. Data Protection Officer (EU)
For GDPR compliance inquiries, you can contact our Data Protection Officer at: cm-privacy@infinidatum.net (Subject: "DPO - GDPR Inquiry")
14. Summary of Key Points
- Cloud API: We process your attribution data solely to provide the Service. Data is deleted after 30 days.
- SDK: Your data is processed 100% locally and never sent to Infinidatum (except license validation metadata).
- We do NOT sell your data: We never sell, rent, or share your personal information with third parties for marketing purposes.
- Your rights: You can access, correct, delete, or export your data at any time.
- Security: We use industry-standard encryption, access controls, and security monitoring.
- EU/California residents: You have additional rights under GDPR and CCPA. Contact us to exercise them.
Return to Home
View Terms of Service