Attio

Attio

Attio is a CRM platform designed for B2B companies. It operates primarily as a SaaS application with minimal browser-side presence on third-party websites. Where scripts appear, they may support embedded data collection forms or contact enrichment workflows.

Back to Vendor Library

Overview

Attio is a modern CRM platform designed for relationship-driven B2B teams. It emphasizes automatic data enrichment, real-time contact and company records synced from communication channels, and highly flexible workspace customization. Unlike legacy CRM tools, Attio is built around a structured data model that allows teams to define custom objects, attributes, and relationship graphs. Its website tracking script connects web behavior to CRM contact records.

What This Script Does

Attio Website Tracking Script

When enabled, Attio's tracking snippet loads a JavaScript library from Attio's CDN and begins monitoring page visits for identified contacts. The script is primarily used to track when known contacts (typically identified via email from form submissions or CRM integrations) return to the website and visit specific pages.

Contact Identification

The tracking script can be initialized with an identify() call passing a contact's email address. Once identified, all subsequent page visits in that browser session are linked to the CRM contact record. This enables Attio users to see a contact's web activity timeline directly within the CRM.

Cookies Set

  • attio_visitor_id — First-party persistent cookie. Stores an anonymous visitor identifier before identification occurs. Duration: 1 year.
  • attio_session — First-party session cookie. Stores the current session ID for grouping page visit events. Duration: session.

Domains Contacted

  • app.attio.com — Hosts the tracking library and receives all event beacons via its REST API.
  • cdn.attio.com — CDN serving the tracking JavaScript library.

Data Collected Per Interaction

  • Page URL and page title for every page visit
  • Browser referrer URL at session start
  • User-agent string and browser language
  • IP address at connection time
  • Contact email address when identify() is called
  • Custom event names and properties when track() is called programmatically

Consent & Compliance

GDPR / ePrivacy: Attio's website tracking script sets a persistent first-party cookie and transmits page visit data linked to individual email addresses to Attio's US-based infrastructure. This constitutes personal data processing for CRM profiling purposes. Under GDPR Article 6, this requires a lawful basis. For identified contacts, this can be justified under legitimate interest for B2B relationship management, but the persistent cookie set before identification requires ePrivacy consent. The contact identification call should only fire after the user has provided their email and was informed of this tracking.

CCPA / CPRA: Attio collects personal information (email linked to browsing history) on behalf of the merchant operating as a service provider. When used purely for the merchant's CRM, this does not constitute a sale. The merchant must disclose Attio as a service provider in their privacy policy.

EU-US Data Privacy Framework: Attio is a US-based company. EU organizations using Attio should confirm Standard Contractual Clauses are in place via Attio's DPA.

Consent Category: Functional (CRM contact tracking). No advertising or third-party data sharing.

Should You Block This Without Consent?

No. Attio's tracking script is used for internal CRM purposes — connecting a known B2B contact's web visits to their CRM record. It does not perform advertising profiling or share data with third parties. The persistent visitor cookie, however, is set before identification and requires ePrivacy consent under a strict reading. A best-practice implementation defers the attio.js load or the identify call until the user has accepted functional cookies, or relies entirely on server-side event tracking where available.

Visit website

Consent Categories

Functional

Also Known As

attio crmattio privacycrm data collection consentattio formsb2b crm tracking

Industries

Computers Electronics and TechnologyProgramming and Developer Software

Tracked Domains (1)

attio.comFunctional

Frequently Asked Questions

Is consent required for Attio on my website?

Conditional. Attio tracks known B2B contacts for CRM purposes, which is functional. However, attio_visitor_id — a 1-year persistent cookie set before contact identification — technically requires ePrivacy consent. A best-practice implementation defers the Attio script until functional consent is granted.

What data does Attio collect?

Attio sets attio_visitor_id (1-year persistent anonymous identifier) and attio_session (session cookie). It records page URLs, referrer, user-agent, and IP address on each visit. When identify() is called with a contact's email, all subsequent page visits are linked to that CRM contact record in Attio.

How does ConsentStack manage Attio consent?

ConsentStack classifies Attio as functional. The tracking script and identify() call are deferred until the visitor grants functional consent. This ensures the persistent attio_visitor_id cookie is not set before opt-in, keeping the implementation compliant with ePrivacy while preserving CRM contact tracking for known visitors.

Related Vendors

Google Maps
Google Maps
Google Maps is the dominant web mapping service used for embedded maps and location features on websites. Scripts load interactive map tiles, geocoding, and Places API functionality through the Maps JavaScript API. May set cookies to remember map preferences and manage API quota.
Google Search
Google Search
Google Search appears on websites through the Programmable Search Engine, enabling custom site-specific search functionality. Scripts load the search widget from Google's servers to render search bars and display results within the host website. Sends search queries to Google's index and may set cookies for search personalization and query history.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Microsoft Teams
Microsoft Teams
Microsoft Teams is a workplace communication and collaboration platform that can be embedded on websites for chat, meetings, and document sharing. Embedded widgets load from Microsoft's servers to enable real-time messaging, video calls, and file collaboration. Sets authentication and session cookies to verify participant identity and maintain connection state.
Apple Maps JS
Apple Maps JS
Apple Maps JS is Apple's JavaScript mapping framework for embedding interactive maps on websites. Scripts load map tiles, location pins, and routing data from Apple's MapKit servers to render navigable maps within web pages. Requires a MapKit JS token for authentication but does not set tracking cookies or collect behavioral analytics data.
Apple Business Chat
Apple Business Chat
Apple Business Chat enables direct customer messaging between websites and Apple's Messages app. Scripts load chat buttons and conversation interfaces that connect visitors to business support agents through iMessage. Sets minimal session cookies to maintain conversation context but does not track browsing behavior or collect analytics data.

Manage consent for Attio

ConsentStack automatically detects and manages Attio trackers so your site stays compliant with global privacy regulations.

Get started free