Last updated: 2026-05-01

Privacy Policy

What we collect

Audit data. When you submit a URL, we fetch the public HTML and run six checks (robots.txt, llms.txt, schema.org, technical, SPA detection, E-E-A-T). We store the resulting score and a redacted snapshot for up to 30 days so it can be shared via a public link.

Account data. If you create an account, we store your email, account creation date, last login, subscription tier, and (when applicable) a Stripe customer identifier. We never store passwords; authentication is via single-use email links.

Watchlist data. If you opt in to weekly monitoring, we store the email + domain pair until you unsubscribe.

Logs. We keep request logs (IP, path, status, latency) for up to 30 days for abuse prevention and rate limiting. Logs are not used for advertising.

Third parties

Cloudflare hosts the application, stores data in KV, and provides DDoS / bot protection.
Stripe processes subscription payments. We never see your card details.
Resend delivers transactional email (login links, audit alerts).
Anthropic provides the Claude model used by Tier 2/3/4 features. Your queries are sent through Anthropic's API per their terms.

What we don't do

We don't sell your data.
We don't run third-party advertising trackers.
We don't store the full HTML of audited pages — only the audit verdict.

Your rights

You can delete your account or any audit/watchlist entry at any time by emailing hello@citeai.io. We honor GDPR and CCPA requests within 30 days.

Cookies

We set one essential cookie (citeai_session) when you log in, signed and HTTP-only. Theme preference is stored in localStorage. We don't use third-party tracking cookies.

Contact

For privacy questions, write to hello@citeai.io.