CiteRank AI
Legal · Privacy

Privacy Policy

Last updated: May 26, 2026. This policy explains what CiteRank AI ('we', 'us', 'CiteRank') collects from you, why we collect it, who we share it with, and the rights you have under India's Digital Personal Data Protection Act 2023 (DPDP) and the EU General Data Protection Regulation (GDPR).

1. Who we are

CiteRank AI is operated from Karnataka, India. For any data-related request, write to legal@citerank.ai.

2. Data we collect

  • Account data: name, work email, company, website.
  • Usage data: pages viewed, prompts submitted, features used, browser and device metadata.
  • Billing data (paid plans): billing name, billing address, last four digits of payment card.
  • Communications: emails, support tickets, demo requests.

3. Why we collect it

  • To provide, secure and improve the CiteRank AI product.
  • To process payments and prevent fraud.
  • To send transactional and (with consent) product-update emails.
  • To comply with applicable law and respond to lawful requests.

4. Lawful basis

For EU users we rely on contract performance (Art. 6(1)(b) GDPR) for account and billing data, legitimate interest (Art. 6(1)(f)) for product analytics and abuse prevention, and consent (Art. 6(1)(a)) for marketing emails. Under the DPDP Act we rely on consent and the "legitimate use" basis defined in s.7.

5. Sub-processors

We use the following processors to run the service:

  • Supabase — managed Postgres and authentication (hosted in EU).
  • Resend — transactional email delivery.
  • PostHog — product analytics (self-hosted in EU).
  • Stripe — payment processing (PCI DSS Level 1).

A current list is maintained in our Data Processing Addendum.

6. Retention

  • Active account data: retained for the life of the account.
  • Closed accounts: deleted within 90 days, except where retention is required by law.
  • Server logs: 30 days.
  • Billing records: 7 years (Indian tax law).

7. Your rights

You have the right to access, correct, port and erase your personal data, to withdraw consent, and to nominate a representative under s.14 DPDP. EU users additionally have the right to object to processing and to lodge a complaint with their supervisory authority. Email legal@citerank.ai and we will respond within 30 days.

8. International transfers

Where personal data is transferred outside India or the EEA, we rely on the EU Standard Contractual Clauses (2021) and the India-specific addendum.

9. Cookies

We use first-party cookies for authentication and a single first-party analytics cookie (no advertising IDs). EU visitors are shown a consent banner before any non-essential cookie is set.

10. Children

CiteRank AI is not directed at users under 18 and we do not knowingly collect their data.

11. Changes

We will post material changes to this policy at this URL and, for account holders, notify by email at least 14 days before they take effect.

12. Contact

Data protection queries: legal@citerank.ai. Postal address available on request.

← Back to home