Attio

Attio

Attio is a CRM platform designed for B2B companies. It operates primarily as a SaaS application with minimal browser-side presence on third-party websites. Where scripts appear, they may support embedded data collection forms or contact enrichment workflows.

Overview

Attio is a modern CRM platform designed for relationship-driven B2B teams. It emphasizes automatic data enrichment, real-time contact and company records synced from communication channels, and highly flexible workspace customization. Unlike legacy CRM tools, Attio is built around a structured data model that allows teams to define custom objects, attributes, and relationship graphs. Its website tracking script connects web behavior to CRM contact records.

What This Script Does

Attio Website Tracking Script

When enabled, Attio's tracking snippet loads a JavaScript library from Attio's CDN and begins monitoring page visits for identified contacts. The script is primarily used to track when known contacts (typically identified via email from form submissions or CRM integrations) return to the website and visit specific pages.

Contact Identification

The tracking script can be initialized with an identify() call passing a contact's email address. Once identified, all subsequent page visits in that browser session are linked to the CRM contact record. This enables Attio users to see a contact's web activity timeline directly within the CRM.

Cookies Set

  • attio_visitor_id — First-party persistent cookie. Stores an anonymous visitor identifier before identification occurs. Duration: 1 year.
  • attio_session — First-party session cookie. Stores the current session ID for grouping page visit events. Duration: session.

Domains Contacted

  • app.attio.com — Hosts the tracking library and receives all event beacons via its REST API.
  • cdn.attio.com — CDN serving the tracking JavaScript library.

Data Collected Per Interaction

  • Page URL and page title for every page visit
  • Browser referrer URL at session start
  • User-agent string and browser language
  • IP address at connection time
  • Contact email address when identify() is called
  • Custom event names and properties when track() is called programmatically

Consent & Compliance

GDPR / ePrivacy: Attio's website tracking script sets a persistent first-party cookie and transmits page visit data linked to individual email addresses to Attio's US-based infrastructure. This constitutes personal data processing for CRM profiling purposes. Under GDPR Article 6, this requires a lawful basis. For identified contacts, this can be justified under legitimate interest for B2B relationship management, but the persistent cookie set before identification requires ePrivacy consent. The contact identification call should only fire after the user has provided their email and was informed of this tracking.

CCPA / CPRA: Attio collects personal information (email linked to browsing history) on behalf of the merchant operating as a service provider. When used purely for the merchant's CRM, this does not constitute a sale. The merchant must disclose Attio as a service provider in their privacy policy.

EU-US Data Privacy Framework: Attio is a US-based company. EU organizations using Attio should confirm Standard Contractual Clauses are in place via Attio's DPA.

Consent Category: Functional (CRM contact tracking). No advertising or third-party data sharing.

Should You Block This Without Consent?

No. Attio's tracking script is used for internal CRM purposes — connecting a known B2B contact's web visits to their CRM record. It does not perform advertising profiling or share data with third parties. The persistent visitor cookie, however, is set before identification and requires ePrivacy consent under a strict reading. A best-practice implementation defers the attio.js load or the identify call until the user has accepted functional cookies, or relies entirely on server-side event tracking where available.

Visit website

Consent Categories

Also Known As

attio crmattio privacycrm data collection consentattio formsb2b crm tracking

Industries

Computers Electronics and TechnologyProgramming and Developer Software

Tracked Domains (1)

attio.comFunctional

Frequently Asked Questions

Is consent required for Attio on my website?

Conditional. Attio tracks known B2B contacts for CRM purposes, which is functional. However, attio_visitor_id — a 1-year persistent cookie set before contact identification — technically requires ePrivacy consent. A best-practice implementation defers the Attio script until functional consent is granted.

What data does Attio collect?

Attio sets attio_visitor_id (1-year persistent anonymous identifier) and attio_session (session cookie). It records page URLs, referrer, user-agent, and IP address on each visit. When identify() is called with a contact's email, all subsequent page visits are linked to that CRM contact record in Attio.

How does ConsentStack manage Attio consent?

ConsentStack classifies Attio as functional. The tracking script and identify() call are deferred until the visitor grants functional consent. This ensures the persistent attio_visitor_id cookie is not set before opt-in, keeping the implementation compliant with ePrivacy while preserving CRM contact tracking for known visitors.

Related Vendors

Gorgias
Gorgias
Gorgias is a helpdesk platform built specifically for ecommerce brands, with deep Shopify integration. Scripts embed chat and contact widgets on storefront pages. Customer support agents see full order history alongside conversations, enabling order edits and refunds directly from the helpdesk.
Kameleoon
Kameleoon
A/B testing and personalization platform used by enterprise e-commerce and marketing teams. Kameleoon's script fetches experiment and personalization configurations and injects page modifications for targeted users. Tracks goal events to measure conversion impact of experiments.
Hopin
Hopin
Hopin is a virtual events and webinar platform. Embedded registration widgets and livestream players collect attendee information and track viewing activity. Scripts may set cookies to maintain session state and measure engagement during live and recorded events.
Pipedream
Pipedream
Pipedream is a serverless workflow automation and API integration platform. It operates primarily as a backend service with no direct browser-side script presence on third-party websites. Where embedded, it may surface lightweight webhook trigger interfaces or automation status widgets.
Bird
Bird
Bird (formerly MessageBird) is a cloud communications platform providing messaging, email, voice, and WhatsApp APIs. Scripts power in-page chat widgets and email open tracking pixels. Cookies identify contacts and track message engagement across channels.
Dixa
Dixa
Dixa is a customer service and conversation routing platform. Scripts embed a live chat and support widget on websites, enabling real-time visitor conversations with support teams. Cookies identify returning visitors, maintain chat session continuity, and may log prior interaction history.

Manage consent for Attio

ConsentStack automatically detects and manages Attio trackers so your site stays compliant with global privacy regulations.