CitedSite
Privacy

Privacy Policy

This policy explains what we collect, why, and the controls you have. It applies to citedsite.com and the CitedSite app.

Last updated: April 28, 2026

Privacy PolicyTerms of UseCookie PolicyData Processing Addendum

This is a working template, not legal advice. Replace bracketed placeholders and have a lawyer review before going live.

1. Who we are

CitedSite is operated by [Your Legal Entity], registered in [Country / State] ("CitedSite", "we", "us"). For any privacy question, email privacy@citedsite.com.

2. Data we collect

We collect only what we need to run the service:

  • Account data: email, display name, password hash.
  • Site data: domains and URLs you submit.
  • Billing data: handled by Stripe; we store the customer ID and plan, not your card.
  • Usage data: log events, IP, browser, device — used for security and product improvement.
  • Marketing data: if you opt in, your email is added to our Kit list for product updates.

3. Why we use it

  • To provide and operate the service (contract).
  • To process payments and prevent fraud (contract / legitimate interest).
  • To send transactional email — receipts, security alerts (contract).
  • To send product updates if you opt in (consent).
  • To measure marketing campaigns and improve the product (consent for non-essential cookies; legitimate interest for aggregate analytics where allowed).

4. Cookies and tracking

We use strictly necessary cookies for sign-in and security, and — only with your consent — analytics and advertising tags. Full list and your controls live in our Cookie Policy.

5. Subprocessors

We share data with the following processors. Each is bound by a data processing agreement and Standard Contractual Clauses where required.

ProcessorPurposeRegion
Lovable Cloud (Supabase)Database, auth, file storageEU / US
CloudflareEdge hosting, DNS, DDoS protectionGlobal
StripePayments and subscription billingUS / EU / global
Kit (formerly ConvertKit)Marketing email deliveryUS
Google Analytics 4Site analyticsUS / EU
Google AdsAdvertising measurementUS / EU
Meta (Facebook) AdsAdvertising measurementUS / EU
LinkedIn AdsAdvertising measurementUS / EU
Reddit AdsAdvertising measurementUS
Microsoft Advertising (Bing)Advertising measurementUS / EU

6. How long we keep data

  • Account data: for the life of your account, plus 30 days after deletion.
  • Submission history: per the retention window of your plan.
  • Billing records: 7 years (tax law).
  • Marketing list: until you unsubscribe.

7. Your rights

Depending on where you live (GDPR, UK GDPR, CCPA / CPRA, and similar) you can:

  • Access, correct, or delete your data.
  • Export your data.
  • Object to or restrict processing.
  • Withdraw consent at any time.
  • Opt out of "sale" or "sharing" of personal information (California).
  • Lodge a complaint with your data protection authority.

Email privacy@citedsite.com to exercise any of these. We respond within 30 days.

8. Children

CitedSite is not for users under 16. We do not knowingly collect data from children.

9. Security

We encrypt data in transit (TLS) and at rest, follow the principle of least privilege, and review access regularly. No system is perfectly secure — if we discover a breach affecting you, we will notify you and the relevant authority within the legal timeframe.

10. International transfers

Some of our processors are based in the United States. Where we transfer personal data out of the EEA or UK, we rely on the EU Standard Contractual Clauses and the UK Addendum.

11. Changes to this policy

We will post material changes here and, where required, ask you to re-consent. The "Last updated" date at the top tells you when this policy last changed.

12. Contact

Questions or complaints: privacy@citedsite.com.