Privacy Policy

Last updated: January 30, 2026

Quick Summary

  • • We collect only what we need to provide our SEO and AEO services
  • • AI features send data to providers (OpenAI, Anthropic, Google) for processing
  • • GSC integration requires your explicit OAuth consent
  • • We use DataForSEO for keyword research and backlink data
  • • We never sell your personal data to third parties
  • • You can request deletion of your data at any time
  • • We comply with GDPR and CCPA requirements

At Citedly, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered SEO and Answer Engine Optimization platform.

1. Information We Collect

Account Information

  • Registration Data: Name, email address, and password when you create an account
  • OAuth Profile: If you sign in with Google or GitHub, we receive your name, email, and profile picture from those services
  • Payment Information: Billing address and payment method (processed securely by Stripe - we do not store full card numbers)

Website and SEO Data

  • Sites You Add: URLs, domain names, and site configurations for websites you choose to analyze
  • Crawl Data: Page content, meta tags, headings, links, images, structured data, and other SEO elements from crawled pages
  • SEO Issues: Detected issues, health check results, and diagnostic reports
  • Crawl History: Historical crawl data to track changes and improvements over time

Google Search Console Data

  • OAuth Tokens: Encrypted access and refresh tokens for GSC API access
  • Indexed URLs: List of URLs indexed by Google for your connected properties
  • Coverage Data: Indexing status, errors, and warnings from Google
  • Performance Data: Clicks, impressions, and position data when used for analysis

Chat and AI Data

  • Conversations: Messages you send to our SEO Chat assistant and AI responses
  • URL Analysis: SEO data extracted from URLs you share in chat (meta tags, headings, schema markup)
  • Conversation History: Chat history stored for continuity and context

Keyword Research Data

  • Search Queries: Keywords and phrases you research
  • Research Results: Keyword metrics, search volumes, difficulty scores, and related keywords from DataForSEO
  • Content Briefs: AI-generated content outlines and recommendations

Automatically Collected Data

  • Device Information: Browser type, operating system, device identifiers
  • Usage Analytics: Pages visited, features used, and interaction patterns via Vercel Analytics
  • Error Data: Application errors and performance issues captured by Sentry for debugging
  • Log Data: IP address, access times, referring URLs
  • Cookies: As described in our Cookie Policy

2. How We Use Your Information

We use the information we collect to:

  • Provide SEO analysis, crawling, and diagnostic services
  • Generate AI-powered recommendations and content briefs
  • Connect to and retrieve data from Google Search Console
  • Fetch keyword data and backlink information from DataForSEO
  • Process transactions and manage your subscription
  • Send you technical notices, updates, and support messages
  • Respond to your comments, questions, and requests
  • Monitor and analyze usage trends to improve our service
  • Detect, investigate, and prevent fraudulent or unauthorized activity
  • Debug errors and improve application performance
  • Personalize your experience based on your usage patterns
  • Send you marketing communications (with your consent)

3. Information Sharing

We do not sell your personal information. We share your information with the following third-party service providers who assist in operating our platform:

AI Providers

SEO Data Providers

  • DataForSEO: Provides keyword metrics and backlink data - Privacy Policy
  • Google Search Console: Indexing and search performance data (with your OAuth consent) - Privacy Policy

Infrastructure Providers

Other Circumstances

  • Legal Requirements: When required by law or to respond to legal process
  • Protection: To protect the rights, property, or safety of Citedly, our users, or others
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you have given us explicit permission

4. AI Data Processing

Our AI-powered features process your data through third-party AI providers. Here's how this works:

  • What's Sent: When you use chat features or generate content briefs, your prompts and relevant context (including URL content you've shared) are sent to AI providers for processing.
  • Model Selection: We use models from OpenAI, Anthropic, and Google. The specific model used depends on the feature and your configuration.
  • Data Retention by AI Providers: AI providers may retain data according to their own policies. We encourage you to review their privacy policies linked above.
  • Training: We do not use your data to train our own AI models. Third-party providers may have their own policies regarding model training.
  • Sensitive Information: Avoid sharing sensitive personal information, passwords, or confidential business data in AI chat conversations.

5. Website Crawling Data

When you use our Site Crawler, we collect and process data from the websites you choose to analyze:

  • What's Crawled: Publicly accessible pages, including HTML content, meta tags, headings, links, images, and structured data.
  • Storage: Crawl data is stored in our database to provide analysis, historical comparisons, and reporting.
  • Access: Crawl data is only accessible to you (the site owner) and our systems for analysis. We do not share your crawl data with other users.
  • Deletion: You can delete individual sites and their associated crawl data at any time through your dashboard.
  • Robots.txt: Our crawler respects robots.txt directives and does not crawl pages that disallow our user agent.

6. Google Search Console Data

If you choose to connect Google Search Console to use our Indexing Doctor feature:

  • OAuth Consent: Connection requires explicit OAuth authorization through Google. You control which properties to share.
  • Scope: We request read-only access (webmasters.readonly) and cannot modify your Search Console settings.
  • Token Storage: OAuth tokens are encrypted at rest and automatically refreshed when needed for API calls.
  • Data Synced: We sync indexed URLs, coverage status, and related metrics from the properties you authorize.
  • Disconnection: You can disconnect GSC at any time through your dashboard. This revokes our access and deletes stored tokens.
  • Google's Policies: Your GSC data remains subject to Google's Terms of Service and Privacy Policy.

7. Cookies and Tracking

We use cookies and similar tracking technologies to collect and track information about your use of our service. You can control cookies through your browser settings.

For detailed information about the cookies we use, please see our Cookie Policy.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Encryption of data in transit (TLS) and at rest
  • Secure password hashing using industry-standard algorithms
  • OAuth token encryption for third-party integrations
  • Regular security assessments and updates
  • Access controls and authentication measures
  • Infrastructure security provided by Vercel

However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

9. Data Retention

We retain different types of data for different periods:

  • Account Data: Retained while your account is active. Deleted within 30 days of account deletion request.
  • Crawl Data: Retained based on your plan limits and until you delete the associated site.
  • Chat History: Retained until you delete conversations or close your account.
  • Keyword Research: Retained while your account is active for historical reference.
  • GSC Data: Retained while connected. Deleted when you disconnect GSC or close your account.
  • Payment Records: Retained for 7 years as required for tax and legal compliance.
  • Error Logs: Retained by Sentry for 90 days for debugging purposes.
  • Analytics Data: Retained by Vercel Analytics according to their retention policies.

10. Your Rights

Depending on your location, you may have the following rights:

For All Users

  • Access and receive a copy of your personal data
  • Correct inaccurate personal data
  • Delete your personal data
  • Withdraw consent for marketing communications
  • Export your data in a portable format
  • Disconnect third-party integrations (GSC)

Additional Rights (EU/UK - GDPR)

  • Restrict processing of your personal data
  • Data portability
  • Object to processing
  • Lodge a complaint with a supervisory authority

California Residents (CCPA)

  • Know what personal information is collected
  • Know whether personal information is sold or disclosed
  • Say no to the sale of personal information
  • Equal service and price (non-discrimination)

To exercise any of these rights, please contact us using the information provided below.

11. Children's Privacy

Our service is not directed to children under 13 (or 16 in the EU). We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us.

12. International Transfers

Your information may be transferred to and processed in countries other than your own, including the United States where our infrastructure providers and AI services are located. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses approved by relevant authorities.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. For material changes, we will notify you via email or through a notice on our service. We encourage you to review this policy periodically.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@www.citedly.io

For GDPR-related inquiries, you may also contact our Data Protection Officer at the same email address.

Terms of Service →Cookie Policy →