Privacy Policy
Introduction
Citerion is an AI visibility platform that audits, diagnoses, and defends brand citations across major AI engines. This Privacy Policy explains what information Citerion collects, how it is used, who it is shared with, and the rights you have over your data.
Citerion is operated by Ummehaani Kapasi, a sole proprietor based in Suwanee, Georgia, United States. Throughout this policy, "Citerion," "we," "us," and "our" refer to this operator. "You" refers to anyone who visits citerion.ai, runs an audit, or holds a Citerion account.
By using Citerion, you agree to the practices described below.
Information we collect
We collect three categories of information.
Information you provide directly
When you sign up for a Citerion account, you give us your name, email address, and a password (stored as a one-way hash, never in plain text). When you subscribe to a paid plan, our payment processor (Stripe) collects your billing details. We never see or store your full payment card number.
Brand and audit data
When you run an audit, you provide a brand name, website URL, and category. Citerion uses this information to query AI engines on your behalf, retrieve their responses, and analyze the results. We store your audit history so you can track changes over time.
Technical and usage information
We collect basic technical data automatically when you use the site: IP address, browser type, device type, pages visited, and timestamps. This is used for security, debugging, and service reliability. We do not currently run third-party analytics tools (Google Analytics, PostHog, etc.).
How we use your information
We use the information we collect to:
- Run audits and deliver results to you
- Operate, maintain, and improve the Citerion service
- Process payments and manage subscriptions
- Send transactional emails (account confirmations, billing receipts, password resets, audit completion notifications)
- Respond to support requests
- Enforce our Terms of Service and prevent abuse
- Comply with legal obligations
We do not sell your personal information. We do not use your audit data to train AI models. We do not share your information with advertisers.
How AI engines process your audit data
Citerion's core service depends on querying third-party AI engines on your behalf. When you run an audit, the brand information you provide is sent to Anthropic (Claude) and Perplexity through their official APIs. These providers process your queries to generate responses, which Citerion then analyzes.
Per the API terms of both Anthropic and Perplexity at the time of this policy's publication, audit queries sent through their APIs are not used to train their AI models. API providers may retain query logs for limited operational and abuse-prevention purposes as described in their own privacy policies.
If you want to review how each AI provider handles API data, see Anthropic's privacy policy at anthropic.com/legal/privacy and Perplexity's at perplexity.ai/hub/legal/privacy-policy.
Third-party service providers
Citerion uses the following third-party processors to operate the service. Each processor is contractually bound to handle data in accordance with applicable privacy laws.
- Supabase — authentication and database (your account and audit data)
- Vercel — application hosting and content delivery
- Stripe — payment processing and subscription management
- Anthropic — AI analysis (audit response interpretation)
- Perplexity — AI engine queries (audit execution)
- Resend — transactional email delivery
- Google OAuth — optional sign-in via Google account
- Cloudflare — DNS, content delivery, and email forwarding for citerion.ai inbound mail
Cookies
Citerion uses a small number of cookies, all functional. These include authentication cookies (so you stay logged in), session cookies, and a CSRF protection cookie. We do not currently use advertising cookies, behavioral tracking cookies, or third-party analytics cookies. If we add any in the future, we will update this policy and (where required by law) ask for your consent.
Data retention
We retain your account information and audit history for as long as your account is active. If you cancel your subscription, your data is retained for 90 days in case you reactivate. After 90 days of inactivity, we will delete your account data permanently, except where we are required to retain certain records (for example, billing records for tax compliance).
You can request immediate deletion at any time by emailing privacy@citerion.ai.
Your rights
Depending on where you live, you may have the following rights over your personal data:
- Access. You can request a copy of the personal data we hold about you.
- Correction. You can ask us to correct inaccurate data.
- Deletion. You can ask us to delete your data, subject to legal retention requirements.
- Portability. You can request your data in a machine-readable format.
- Objection. You can object to certain types of processing.
- Withdrawal of consent. Where we rely on your consent, you can withdraw it at any time.
To exercise any of these rights, email privacy@citerion.ai with your request and the email address associated with your Citerion account. We will respond within 30 days.
If you are in the European Union, you also have the right to lodge a complaint with your local data protection authority. If you are a California resident, you have additional rights under the California Consumer Privacy Act, including the right to know what personal information we collect and the right to opt out of the sale of personal information (we do not sell personal information).
International data transfers
Citerion's servers and most service providers are located in the United States. If you access Citerion from outside the United States, your information will be transferred to and processed in the United States. By using Citerion, you consent to this transfer.
Security
We use industry-standard security practices to protect your data, including encryption in transit (HTTPS), encrypted storage of authentication credentials, and access controls on our backend systems. No system is perfectly secure, and we cannot guarantee absolute security. If we ever discover a data breach affecting your information, we will notify you and the relevant authorities as required by law.
Children
Citerion is not intended for anyone under the age of 18. We do not knowingly collect data from children. If you believe a child has provided personal data to Citerion, contact privacy@citerion.ai and we will delete it.
Changes to this policy
We may update this Privacy Policy as the service evolves. When we make changes, we will update the "Last updated" date at the top of this page. Your continued use of Citerion after changes are posted means you accept the updated policy.
Contact
If you have questions about this policy or your data, email privacy@citerion.ai or write to:
CiterionSuwanee, Georgia, USA