Privacy Policy

1. Information We Collect

Scan data: When you scan a domain, we store the domain URL, extracted company information, AI model responses, and computed visibility scores.

Account data: If you sign in with Google, we receive your name, email address, and profile picture from Google OAuth. We do not access your Google password.

Payment data: Payments are processed by Stripe. We do not store credit card numbers. We retain the Stripe session ID and purchase record for order fulfillment.

2. How We Use Your Information

We use your data to provide the Service: running scans, generating reports, processing payments, and sending report delivery emails. We do not sell your data to third parties.

3. Third-Party Services

We share data with the following services as necessary:

• Stripe for payment processing
• Google OAuth for authentication
• AI model providers (OpenAI, Anthropic, Google, xAI) to run visibility queries
• Neon for database hosting
• Resend for transactional email delivery

4. Data Retention

Scan results are retained to provide historical comparison and to improve the Service. You may request deletion of your data by contacting us. Account data is retained for as long as your account is active.

5. Cookies

We use session cookies for authentication. We do not use third-party tracking cookies or advertising pixels.

6. Security

We use encryption in transit (TLS) and at rest. Database access is restricted and credentials are stored as environment variables, not in source code.

7. Your Rights

You may request access to, correction of, or deletion of your personal data at any time by emailing privacy@cited.report.

8. Changes to This Policy

We may update this policy from time to time. We will notify registered users of material changes by email.