This Privacy Policy explains how CiteFlow collects, uses, shares, and protects information when you use our AI visibility scanning and optimization service. It applies to anonymous scans, accounts created through Google or email sign-in, Standard subscriptions, add-on purchases, AI reports, email delivery, and optional GitHub workflow features.
We collect only the data we need to deliver the service, protect it from abuse, process payments, and improve product quality.
1. Who is the controller
The data controller for personal data processed through CiteFlow is CiteFlow. You can contact us at support@citeflow.io for any question or request related to this Privacy Policy.
2. Information we collect
2.1 Information you submit
- Scanned URL. The website address you submit for an SEO/AEO/GEO scan. We treat the URL as personal data when it identifies an individual.
- Email address. Collected when you sign in, request async scan delivery, subscribe, buy add-ons, or contact support.
- Account profile. If you sign in with Google, we receive your name, email, and avatar from Google. We do not request additional Google scopes unless a future product feature clearly asks for them.
- Support requests. Free-form messages and attachments you send to our support address.
2.2 Information generated by scans and reports
- Public page content. Our scan engine fetches and analyzes the public HTML, headers, metadata, structured data, and visible content of the URL you submit. We do not attempt to access password-protected pages, private areas, or credentials.
- Scan results. The composite AI visibility score, per-dimension breakdown, issue list, recommendations, and scan status. Scan results may be linked to your account if you are signed in.
- AI report artifacts. Full reports, executive summaries, generated recommendations, downloadable artifacts, and delivery metadata for Standard subscribers and eligible add-on report credits.
2.3 Account, subscription, and add-on data
- Account data. User ID, authentication method, email verification state, session state, and account lifecycle metadata.
- Subscription data. Stripe customer ID, subscription ID, billing cycle, plan status, current period end, cancellation state, renewal state, refund state, and paid feature entitlement state.
- Add-on data. URL slot, rescan pack, and Visibility report add-on purchases, quantities, usage, expiry, and refund state.
2.4 Information collected automatically
- Authentication cookies. Set by Better Auth to keep you signed in. See our Cookie Policy.
- Analytics.We use Google Analytics 4 (GA4) and Google Tag Manager (GTM) to measure aggregate site usage and conversion funnels. Analytics scripts load only after you click "Accept all" or enable Analytics in Cookie Preferences.
- Error and performance data. Sentry captures application errors and limited request metadata to help us fix bugs.
- Rate-limit and security signals. IP address, user agent, request metadata, and abuse-prevention signals stored briefly to prevent fraud, rate-limit scan endpoints, and protect accounts.
- Optional CAPTCHA signals. If CAPTCHA is enabled, Cloudflare Turnstile may process device and browser signals to verify that requests are not abusive.
2.5 Connected repository data
If you use an optional GitHub or automated fix workflow, we may process the repository identifiers, installation IDs, branch names, pull request metadata, generated fix content, and related workflow status needed to create or track the requested pull request. We do not use repository content for unrelated model training.
2.6 Payment data
Payments are processed by Stripe. We never see or store your full card number or card security code. We retain Stripe identifiers, charge and invoice metadata, subscription status, add-on purchase metadata, billing cycle, current period end, and amount charged so we can deliver the service, produce receipts, and handle renewals, cancellations, disputes, and refunds.
3. Processing summary
| Category | Source | Purpose |
|---|---|---|
| Submitted URLs and public page content | You and the public website you submit | Run scans, generate scores, create reports, and detect issues |
| Account and profile data | You, Google OAuth, and Better Auth | Authenticate users, secure accounts, and deliver saved results |
| Subscription and add-on records | You and Stripe | Provision paid features, renewals, cancellations, and refunds |
| AI report inputs and outputs | Submitted URLs, scan engine, and AI processor | Generate summaries, recommendations, and report artifacts |
| Analytics data | Your browser after analytics consent | Measure aggregate usage, funnels, and product performance |
| Security, logs, and rate-limit signals | Your browser, device, and our infrastructure | Prevent abuse, debug incidents, and protect the service |
| Support messages | You | Respond to support, billing, privacy, and legal requests |
4. How we use your information
- Run the requested SEO/AEO/GEO scan and return your score.
- Generate full reports, audit artifacts, and AI executive summaries for Standard subscribers and eligible add-on report credits.
- Manage Standard subscriptions, add-on purchases, renewals, cancellations, grace periods, disputes, and refunds.
- Send transactional emails such as receipts, report delivery, renewal notices, payment-failure notices, and support responses.
- Send optional reminders or product emails to signed-in users where permitted. You can opt out at any time.
- Create optional GitHub pull requests or workflow artifacts when you request automated fixes.
- Detect abuse, enforce rate limits, prevent fraud, and secure the service.
- Measure aggregate site usage to improve the product, loaded only after analytics consent.
- Comply with legal, tax, accounting, and regulatory obligations.
5. Legal bases (GDPR / UK GDPR)
We rely on the lawful bases set out in Article 6 of the EU General Data Protection Regulation (GDPR). The table below maps each processing activity to its lawful basis.
| Processing | Legal basis |
|---|---|
| Running scans and delivering reports | Contract - Art. 6(1)(b) |
| Managing Standard subscriptions and add-ons | Contract - Art. 6(1)(b) |
| Account creation and authentication | Contract - Art. 6(1)(b) |
| Optional GitHub workflow features | Contract - Art. 6(1)(b) |
| Security, abuse prevention, rate limiting, and debugging | Legitimate interest - Art. 6(1)(f) |
| Analytics (Google Analytics 4, Google Tag Manager) | Consent - Art. 6(1)(a) |
| Marketing and re-engagement emails | Consent or legitimate interest, where permitted by law |
| Legal, tax, accounting, and dispute handling | Legal obligation - Art. 6(1)(c); legitimate interest - Art. 6(1)(f) |
6. AI processing
We use AI service providers to generate executive summaries and recommendations from scan results and public page content. We send only the inputs needed to produce the requested report. We do not ask AI providers to use customer data for unrelated training, and we do not intentionally send private credentials or password-protected content.
7. Data retention
- Anonymous scan results. Retained for up to 90 days for abuse prevention, debugging, and product quality, and may be deleted earlier at our discretion.
- Authenticated scans and account data. Retained for the lifetime of your account, then deleted or de-identified after account closure unless a longer period is required for security, legal, tax, accounting, or dispute purposes.
- Report artifacts. Retained while your account remains active so you can re-download them, subject to feature availability and your deletion requests.
- Subscription and add-on records. Retained for as long as needed to deliver paid features, manage refunds, support billing disputes, and satisfy audit obligations.
- Payment records. Retained as long as required for tax, accounting, chargeback, and refund obligations.
- Error logs. Sentry error logs use the retention configured in Sentry, currently expected to be 90 days unless changed in the Sentry project.
- Security and rate-limit records. Retained only as long as needed to protect the service, investigate abuse, and apply rate limits.
8. Sub-processors
We share data with the third-party providers listed below to operate the service. Some providers are conditional and process data only when the corresponding feature is enabled or used.
| Provider | Purpose |
|---|---|
| Stripe | Payment processing, recurring billing, add-ons, disputes, and refunds |
| Anthropic (Claude) | AI executive report generation |
| Google OAuth + Better Auth | Authentication and session management |
| Resend | Transactional email delivery |
| Google Analytics 4 / Google Tag Manager | Aggregate analytics and funnel measurement after analytics consent |
| Sentry | Error monitoring and performance diagnostics |
| Inngest | Background jobs, scan orchestration, and workflow retries |
| Upstash | Rate limiting, queue state, and short-lived security data |
| Vercel / Railway / Supabase | Application hosting, databases, storage, and infrastructure logs |
| Cloudflare Turnstile | Conditional CAPTCHA and abuse prevention when enabled |
| GitHub | Conditional repository connection, pull request, and workflow features |
9. International transfers
We and our providers may process information in countries other than your own. Where required, we rely on appropriate safeguards such as standard contractual clauses, data processing agreements, and provider transfer mechanisms.
10. Your privacy rights
Depending on where you live, you may have rights to access, correct, delete, export, restrict, or object to processing of your personal data. You may also withdraw consent for analytics or marketing where processing is based on consent. To exercise these rights, contact support@citeflow.io.
EEA and UK users may also lodge a complaint with their local data protection authority. If we rely on legitimate interests, you may object to that processing where applicable law gives you that right.
11. US state privacy notice
Residents of certain US states, including California, may have rights to know, access, correct, delete, and obtain a portable copy of personal information, to opt out of sale, sharing, or targeted advertising, to limit certain sensitive personal information uses, to appeal a denied request, and to use an authorized agent where permitted by law.
Based on the current product configuration, we do not sell personal information, share personal information for cross-context behavioral advertising, or process personal information for targeted advertising. We do use analytics after consent. If your browser sends a Global Privacy Control signal, we treat it as a rejection of analytics cookies and do not load analytics scripts.
We do not knowingly collect sensitive personal information for the purpose of inferring characteristics. If you use an authorized agent, we may request proof of authorization and may verify your identity before acting on the request.
12. Security
We use technical and organizational safeguards designed to protect personal data, including HTTPS, authentication controls, rate limiting, least-privilege access, monitoring, and provider security controls. No online service is completely secure, and you are responsible for protecting your account credentials.
13. Children
CiteFlow is not directed to children under 16, and we do not knowingly collect personal data from children under 16.
14. Changes to this policy
We will update this Privacy Policy when our practices change. The "Last updated" date at the top reflects the most recent revision. Material changes will be communicated through the product or by email where appropriate.
15. Contact
Questions or privacy requests? Contact CiteFlow at support@citeflow.io.