Legal

Privacy Policy

Effective July 9, 2026

1. Introduction and scope

Cited provides AI citation monitoring software. We preserve Evidence from the AI answers you choose to monitor.

This Policy covers account holders, Authorized Users, free-scan visitors, and visitors to public pages.

Depending on the context, Cited may act as a controller of account and website data, and as a processor of Customer Content and Evidence processed on behalf of a customer organization. Where a Data Processing Addendum is executed, that DPA controls for the processing it covers.

2. Information we collect

We collect information customers provide, information generated by monitoring and product use, and limited automatically collected technical information needed to operate, secure, bill, and support the Service.

We do not require you to provide more personal information than is reasonably needed for the purposes described in this Policy.

3. Information customers provide

Account data may include name, email, and authentication identifiers from Clerk where available.

Workspace data may include workspace name, members, roles, settings, plan, and billing state.

Domain data may include verified domains, DNS verification status, and brand aliases.

Notification preferences, Slack connection status, Notebook notes, annotations, and support requests are also customer-provided or customer-configured.

4. Workspace and monitoring data

Monitoring data may include prompts, AI surfaces, locations, schedules, scan runs, citation sources, Evidence, and occurrences.

Cited monitors only the prompts, surfaces, schedules, locations, and verified domains you configure.

5. AI response and citation evidence data

Cited stores monitored response snapshots and Evidence so customers can review historical citation records.

Evidence may include prompt text, response excerpts or snapshots, source URLs, classification labels, and first-seen history from configured monitoring runs.

Evidence is customer workspace data. It is not used to train public foundation models operated by Cited, because Cited does not operate such models.

6. Notebook and annotation data

Notebook entries, revisions, visibility settings, and annotations are stored so teams can keep working context alongside citation Evidence.

You control who you invite into a workspace. Cited is not responsible for member access you grant.

7. Billing data

Billing data includes Stripe customer and subscription references, plan, billing status, and invoice or payment records handled by Stripe.

Cited does not store payment card numbers. Stripe processes card and payment-method data under Stripe’s terms and privacy policy.

8. Authentication data

Clerk manages authentication sessions and related account identifiers. Cited stores the workspace membership and role mappings needed to authorize access.

9. Free scan data

Free scan requests may include domain, brand context, prompts, submitted email, terms or consent status, and a tokenized result link.

Free scan submissions are rate-limited and stored as needed to deliver results, prevent abuse, communicate about the request, and improve Service reliability.

10. Automatically collected information

We may collect feature usage signals, system events, error logs, security logs, device or browser metadata, IP address, and redacted diagnostics.

Logs are designed to avoid storing secrets, full prompt or response bodies, note bodies, annotation bodies, or raw provider payloads in normal operation.

11. Cookies and similar technologies

Cited and its providers use cookies and similar technologies for authentication, security, billing sessions, and limited analytics. Details are in the Cookie Policy at /cookies.

12. How we use information

We use information to:

  • Provide, operate, maintain, and secure the Service
  • Run configured monitoring and store Evidence
  • Deliver alerts, digests, and support communications
  • Process billing, prevent fraud, and enforce plan limits
  • Investigate abuse, security incidents, and Terms violations
  • Improve reliability, performance, and product quality
  • Comply with law and respond to lawful requests

14. How we share information

We share information only as described in this Policy:

  • With service providers (subprocessors) that help us operate Cited under contractual confidentiality and security obligations
  • With your direction, including Slack webhooks or destinations you configure
  • With professional advisors under confidentiality obligations
  • In connection with a merger, acquisition, financing, or sale of assets, subject to appropriate confidentiality
  • When required by law, legal process, or governmental request
  • To protect the rights, safety, and security of Cited, our users, or the public

15. No sale of personal information

We do not sell personal information. We do not sell personal contact information.

We do not knowingly “share” personal information for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act, as amended by the CPRA, in the ordinary operation of the Service.

If our practices change in a way that requires additional notices or opt-outs, we will update this Policy and provide required mechanisms.

16. Third-party service providers

Current subprocessors and categories are listed at /subprocessors and may include Clerk, Supabase, Stripe, Resend, DataForSEO, Vercel, DataFast, optional Slack destinations, and analytics or observability providers when configured.

Those providers process information only as needed to provide their services to Cited, subject to their own terms and our agreements with them.

17. Data retention

We retain data for as long as reasonably necessary to provide the Service, comply with legal obligations, resolve disputes, enforce agreements, and maintain security. Specific retention periods may vary by data type.

Account and workspace data are generally retained while the account is active. Evidence is retained while the subscription or workspace exists, subject to plan access and history windows.

Billing records may be retained as needed for legal and accounting purposes. Logs are retained for a limited operational and security period. Unsubscribe records are retained to honor opt-out requests.

Deleted or canceled accounts may be retained in backups or for legal, security, and business purposes for a reasonable period, after which data is deleted or anonymized in the ordinary course of operations.

18. Data export and deletion requests

Authorized users can export certain Evidence from the product subject to role and plan limits.

You may request access, correction, export, or deletion by contacting privacy or support channels listed at /contact.

Deletion requests are handled after identity and workspace verification. Some billing, security, and legal records may be retained where required. Cited does not currently offer one-click irreversible workspace destruction from the public product UI.

If you are an Authorized User of a customer organization, we may redirect your request to the workspace owner or admin, who controls Customer Content for that workspace.

19. U.S. state privacy rights

Residents of certain U.S. states (including California, Virginia, Colorado, Connecticut, and others with similar laws) may have rights to request access, correction, deletion, portability, and information about our processing practices, subject to verification and legal exceptions.

California residents may also have the right to know categories of personal information collected, sources, purposes, and disclosures, and to not be discriminated against for exercising privacy rights.

To exercise applicable rights, contact the privacy email listed in this Policy. We will verify your request using information associated with your account or submission and respond within the time required by law.

Authorized agents may submit requests where permitted by law, subject to verification of authority.

20. International data transfers

Cited and its providers may process information in the United States and other countries where they operate.

If you access the Service from another country, your information may be transferred to and processed in those locations, which may have different data-protection laws than your jurisdiction.

Where required, we use appropriate transfer mechanisms available under applicable law (such as contractual safeguards with providers).

21. Security

Cited uses workspace-scoped authorization, server-side secret handling, signed webhook verification, encrypted Slack webhook storage, hashed unsubscribe tokens, and related controls described at /security.

No method of transmission or storage is perfectly secure. You are responsible for using strong account protections and for promptly reporting suspected issues.

This Policy does not create a warranty of absolute security beyond the commitments in our Terms.

22. Your choices

You can update notification preferences, disconnect Slack, unsubscribe from applicable emails, export Evidence where permitted, and contact support for privacy requests.

Cookie and analytics behavior is described in the Cookie Policy.

You may close your account by canceling through the billing portal and requesting deletion under this Policy.

23. Children’s privacy

Cited is not directed to children under 16, and we do not knowingly collect personal information from children under 16.

If we learn that we have collected personal information from a child under 16, we will delete it promptly. Contact the privacy email below if you believe a child has provided information.

24. Do Not Track

Some browsers offer a “Do Not Track” signal. The Service does not currently respond to Do Not Track signals in a differentiated way because there is no consistent industry standard. See the Cookie Policy for analytics practices.

25. Changes to this policy

We may update this Privacy Policy as the product or legal requirements change. The effective and last-updated dates appear on this page.

Material changes will be posted on this page and, where required by law, communicated by additional notice. Continued use after the effective date constitutes acknowledgment of the updated Policy where permitted by law.

26. Contact

Privacy requests: hello@cited.cc.

General support: hello@cited.cc.

See /contact for additional channels.

© 2026 Cited. All rights reserved.

Cited · The citation inbox for AI search

Cited. Citation inbox for AI search. Built for people who want the receipt. Citation evidence on file. Source ledger. Know when you are cited. Selected prompts. Supported surfaces.