Privacy Policy

How CiteFlow collects, uses, and protects your data.

Last updated:

This Privacy Policy explains how CiteFlow collects, uses, shares, and protects information when you use our AI visibility scanning and optimization service. It applies to anonymous scans, accounts created through Google or email sign-in, Standard subscriptions, add-on purchases, AI reports, email delivery, and optional GitHub workflow features.

We collect only the data we need to deliver the service, protect it from abuse, process payments, and improve product quality.

1. Who is the controller

The data controller for personal data processed through CiteFlow is CiteFlow. You can contact us at support@citeflow.io for any question or request related to this Privacy Policy.

2. Information we collect

2.1 Information you submit

  • Scanned URL. The website address you submit for an SEO/AEO/GEO scan. We treat the URL as personal data when it identifies an individual.
  • Email address. Collected when you sign in, request async scan delivery, subscribe, buy add-ons, or contact support.
  • Account profile. If you sign in with Google, we receive your name, email, and avatar from Google. We do not request additional Google scopes unless a future product feature clearly asks for them.
  • Support requests. Free-form messages and attachments you send to our support address.

2.2 Information generated by scans and reports

  • Public page content. Our scan engine fetches and analyzes the public HTML, headers, metadata, structured data, and visible content of the URL you submit. We do not attempt to access password-protected pages, private areas, or credentials.
  • Scan results. The composite AI visibility score, per-dimension breakdown, issue list, recommendations, and scan status. Scan results may be linked to your account if you are signed in.
  • AI report artifacts. Full reports, executive summaries, generated recommendations, downloadable artifacts, and delivery metadata for Standard subscribers and eligible add-on report credits.

2.3 Account, subscription, and add-on data

  • Account data. User ID, authentication method, email verification state, session state, and account lifecycle metadata.
  • Subscription data. Stripe customer ID, subscription ID, billing cycle, plan status, current period end, cancellation state, renewal state, refund state, and paid feature entitlement state.
  • Add-on data. URL slot, rescan pack, and Visibility report add-on purchases, quantities, usage, expiry, and refund state.

2.4 Information collected automatically

  • Authentication cookies. Set by Better Auth to keep you signed in. See our Cookie Policy.
  • Analytics.We use Google Analytics 4 (GA4) and Google Tag Manager (GTM) to measure aggregate site usage and conversion funnels. Analytics scripts load only after you click "Accept all" or enable Analytics in Cookie Preferences.
  • Error and performance data. Sentry captures application errors and limited request metadata to help us fix bugs.
  • Rate-limit and security signals. IP address, user agent, request metadata, and abuse-prevention signals stored briefly to prevent fraud, rate-limit scan endpoints, and protect accounts.
  • Optional CAPTCHA signals. If CAPTCHA is enabled, Cloudflare Turnstile may process device and browser signals to verify that requests are not abusive.

2.5 Connected repository data

If you use an optional GitHub or automated fix workflow, we may process the repository identifiers, installation IDs, branch names, pull request metadata, generated fix content, and related workflow status needed to create or track the requested pull request. We do not use repository content for unrelated model training.

2.6 Payment data

Payments are processed by Stripe. We never see or store your full card number or card security code. We retain Stripe identifiers, charge and invoice metadata, subscription status, add-on purchase metadata, billing cycle, current period end, and amount charged so we can deliver the service, produce receipts, and handle renewals, cancellations, disputes, and refunds.

3. Processing summary

CategorySourcePurpose
Submitted URLs and public page contentYou and the public website you submitRun scans, generate scores, create reports, and detect issues
Account and profile dataYou, Google OAuth, and Better AuthAuthenticate users, secure accounts, and deliver saved results
Subscription and add-on recordsYou and StripeProvision paid features, renewals, cancellations, and refunds
AI report inputs and outputsSubmitted URLs, scan engine, and AI processorGenerate summaries, recommendations, and report artifacts
Analytics dataYour browser after analytics consentMeasure aggregate usage, funnels, and product performance
Security, logs, and rate-limit signalsYour browser, device, and our infrastructurePrevent abuse, debug incidents, and protect the service
Support messagesYouRespond to support, billing, privacy, and legal requests

4. How we use your information

  • Run the requested SEO/AEO/GEO scan and return your score.
  • Generate full reports, audit artifacts, and AI executive summaries for Standard subscribers and eligible add-on report credits.
  • Manage Standard subscriptions, add-on purchases, renewals, cancellations, grace periods, disputes, and refunds.
  • Send transactional emails such as receipts, report delivery, renewal notices, payment-failure notices, and support responses.
  • Send optional reminders or product emails to signed-in users where permitted. You can opt out at any time.
  • Create optional GitHub pull requests or workflow artifacts when you request automated fixes.
  • Detect abuse, enforce rate limits, prevent fraud, and secure the service.
  • Measure aggregate site usage to improve the product, loaded only after analytics consent.
  • Comply with legal, tax, accounting, and regulatory obligations.

5. Legal bases (GDPR / UK GDPR)

We rely on the lawful bases set out in Article 6 of the EU General Data Protection Regulation (GDPR). The table below maps each processing activity to its lawful basis.

ProcessingLegal basis
Running scans and delivering reportsContract - Art. 6(1)(b)
Managing Standard subscriptions and add-onsContract - Art. 6(1)(b)
Account creation and authenticationContract - Art. 6(1)(b)
Optional GitHub workflow featuresContract - Art. 6(1)(b)
Security, abuse prevention, rate limiting, and debuggingLegitimate interest - Art. 6(1)(f)
Analytics (Google Analytics 4, Google Tag Manager)Consent - Art. 6(1)(a)
Marketing and re-engagement emailsConsent or legitimate interest, where permitted by law
Legal, tax, accounting, and dispute handlingLegal obligation - Art. 6(1)(c); legitimate interest - Art. 6(1)(f)

6. AI processing

We use AI service providers to generate executive summaries and recommendations from scan results and public page content. We send only the inputs needed to produce the requested report. We do not ask AI providers to use customer data for unrelated training, and we do not intentionally send private credentials or password-protected content.

7. Data retention

  • Anonymous scan results. Retained for up to 90 days for abuse prevention, debugging, and product quality, and may be deleted earlier at our discretion.
  • Authenticated scans and account data. Retained for the lifetime of your account, then deleted or de-identified after account closure unless a longer period is required for security, legal, tax, accounting, or dispute purposes.
  • Report artifacts. Retained while your account remains active so you can re-download them, subject to feature availability and your deletion requests.
  • Subscription and add-on records. Retained for as long as needed to deliver paid features, manage refunds, support billing disputes, and satisfy audit obligations.
  • Payment records. Retained as long as required for tax, accounting, chargeback, and refund obligations.
  • Error logs. Sentry error logs use the retention configured in Sentry, currently expected to be 90 days unless changed in the Sentry project.
  • Security and rate-limit records. Retained only as long as needed to protect the service, investigate abuse, and apply rate limits.

8. Sub-processors

We share data with the third-party providers listed below to operate the service. Some providers are conditional and process data only when the corresponding feature is enabled or used.

ProviderPurpose
StripePayment processing, recurring billing, add-ons, disputes, and refunds
Anthropic (Claude)AI executive report generation
Google OAuth + Better AuthAuthentication and session management
ResendTransactional email delivery
Google Analytics 4 / Google Tag ManagerAggregate analytics and funnel measurement after analytics consent
SentryError monitoring and performance diagnostics
InngestBackground jobs, scan orchestration, and workflow retries
UpstashRate limiting, queue state, and short-lived security data
Vercel / Railway / SupabaseApplication hosting, databases, storage, and infrastructure logs
Cloudflare TurnstileConditional CAPTCHA and abuse prevention when enabled
GitHubConditional repository connection, pull request, and workflow features

9. International transfers

We and our providers may process information in countries other than your own. Where required, we rely on appropriate safeguards such as standard contractual clauses, data processing agreements, and provider transfer mechanisms.

10. Your privacy rights

Depending on where you live, you may have rights to access, correct, delete, export, restrict, or object to processing of your personal data. You may also withdraw consent for analytics or marketing where processing is based on consent. To exercise these rights, contact support@citeflow.io.

EEA and UK users may also lodge a complaint with their local data protection authority. If we rely on legitimate interests, you may object to that processing where applicable law gives you that right.

11. US state privacy notice

Residents of certain US states, including California, may have rights to know, access, correct, delete, and obtain a portable copy of personal information, to opt out of sale, sharing, or targeted advertising, to limit certain sensitive personal information uses, to appeal a denied request, and to use an authorized agent where permitted by law.

Based on the current product configuration, we do not sell personal information, share personal information for cross-context behavioral advertising, or process personal information for targeted advertising. We do use analytics after consent. If your browser sends a Global Privacy Control signal, we treat it as a rejection of analytics cookies and do not load analytics scripts.

We do not knowingly collect sensitive personal information for the purpose of inferring characteristics. If you use an authorized agent, we may request proof of authorization and may verify your identity before acting on the request.

12. Security

We use technical and organizational safeguards designed to protect personal data, including HTTPS, authentication controls, rate limiting, least-privilege access, monitoring, and provider security controls. No online service is completely secure, and you are responsible for protecting your account credentials.

13. Children

CiteFlow is not directed to children under 16, and we do not knowingly collect personal data from children under 16.

14. Changes to this policy

We will update this Privacy Policy when our practices change. The "Last updated" date at the top reflects the most recent revision. Material changes will be communicated through the product or by email where appropriate.

15. Contact

Questions or privacy requests? Contact CiteFlow at support@citeflow.io.