Citingly
Sign InGet Started Free

Legal

Privacy Policy

Effective date: May 11, 2026

Citingly ("we", "our", or "us") operates citingly.com and the Citingly brand intelligence platform (the "Service"). This Privacy Policy explains what information we collect, how we use it, and your rights regarding it. By using the Service, you agree to this policy.

1. Google API Services — Limited Use Disclosure

Limited Use Compliance Statement: Citingly's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

1.1 Google Sign-In (OAuth)

If you choose to sign in using your Google account ("Sign in with Google"), we receive the following information from Google via OAuth:

  • Name — used to create and display your account profile.
  • Email address — used to identify your account, send transactional emails, and for account recovery.
  • Profile picture — displayed within the Service interface.

This information is used solely to create and manage your account and to provide the Service. It is not used for advertising, sold to third parties, or used to train AI or machine learning models. You may alternatively sign up with an email address and password without using Google Sign-In.

1.2 Google PageSpeed Insights API

The Service uses the Google PageSpeed Insights API to analyze the performance, accessibility, and SEO characteristics of URLs you submit for auditing. The only data sent to Google's PageSpeed API is the URL of the page you request to be analyzed. Google returns performance metrics for that URL, which we store and display to you within your account.

No Google account data is sent to or received from the PageSpeed Insights API. It operates on public URLs only.

1.3 Google Analytics (GA4)

We use Google Analytics 4 (a Google service) to understand how visitors use the Service. When you visit any page on citingly.com, Google Analytics automatically collects:

  • Pages visited and navigation paths through the Service.
  • Session duration and engagement metrics.
  • Device and browser information — browser type, operating system, screen resolution.
  • Approximate geographic location derived from your IP address (city/region level; your full IP address is not stored by Google Analytics).
  • Referral source — the website or search engine that referred you.

This data is collected automatically by a JavaScript tag loaded on every page. It is processed by Google and made available to us in aggregate and anonymized form. We use it solely to understand how the Service is used and to improve it — not to identify individuals or for advertising.

Google Analytics data is governed by Google's Privacy Policy. You can opt out of Google Analytics tracking at any time using the Google Analytics Opt-out Browser Add-on.

1.4 How we use Google API data

Data obtained via Google APIs is used solely to provide the specific feature you requested or to improve the Service:

  • Google Sign-In data (name, email, profile picture) is used only to create and manage your account.
  • PageSpeed performance scores are stored in your account and displayed only to you.
  • Google Analytics data is used in aggregate to understand usage patterns and improve the Service. It is not linked to individual user accounts.
  • No Google API data is shared with other users or third parties except as described in Section 5 of this policy.

1.5 Restrictions on use of Google API data

In compliance with the Google API Services User Data Policy, we confirm the following restrictions apply to all data obtained via Google APIs:

  • We do not sell Google API data to any third party.
  • We do not use Google API data for advertising, retargeting, or interest-based advertising purposes.
  • We do not transfer or disclose Google API data to data brokers or information resellers.
  • We do not use Google API data to determine creditworthiness or for lending purposes.
  • We do not use Google API data to train, improve, or develop machine learning models or artificial intelligence systems beyond the specific functionality requested by you.
  • We do not allow humans to read Google API data unless you have given us explicit permission, it is necessary for security purposes, or we are required to do so by law.

2. Information We Collect

2.1 Information you provide

  • Account information: name, email address, and profile details provided when you register via Clerk.
  • Billing information: payment card details, billing address, and transaction history, processed and stored by Stripe. We do not store raw card numbers.
  • Service data: domains, brand queries, events, and notes you enter while using the Service.
  • Communications: messages you send to our support email.

2.2 Information collected automatically

  • Usage data: pages visited, features used, timestamps, and session duration.
  • Device and browser information: IP address, browser type, operating system, and referring URL.
  • Cookies and local storage: session tokens and preferences. See Section 7.

2.3 Information from third parties

  • Clerk: authentication provider that handles sign-in and account management. Clerk may share basic profile information (name, email) with us upon successful authentication.
  • Stripe: payment processor that provides billing status and subscription data.
  • AI providers: when you run citation tracking or conversation simulations, your brand queries are sent to third-party AI APIs (OpenAI, Anthropic, Google Gemini, Perplexity). Responses are returned to you and stored in your account.
  • Google PageSpeed Insights API: as described in Section 1, we send submitted URLs to Google and receive back performance data. See Section 1 for full details of Limited Use compliance.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve the Service
  • Process payments and manage your subscription
  • Authenticate your identity and secure your account
  • Run domain crawls, schema audits, SEO/GEO analysis, PageSpeed analysis, and AI citation checks on your behalf
  • Send transactional emails (account confirmation, billing receipts, usage alerts)
  • Respond to support requests and communications
  • Monitor for abuse, fraud, and security threats
  • Comply with legal obligations

We do not sell your personal information to third parties. We do not use your domain data, brand queries, or any data obtained via Google APIs for advertising purposes.

We do not use any data obtained via Google APIs to train or improve AI or machine learning models. Data retrieved from Google APIs is used only to provide the specific feature you requested.

4. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area or United Kingdom, our legal bases for processing your data are:

  • Contract performance: processing necessary to deliver the Service you have subscribed to.
  • Legitimate interests: security monitoring, fraud prevention, product improvement, and analytics — balanced against your rights.
  • Legal obligation: where we are required to process data by law.
  • Consent: for marketing communications (you can withdraw at any time).

5. Data Sharing

We share your information only in the following circumstances:

  • Service providers: Clerk (authentication), Stripe (payments), cloud hosting providers, and AI API providers — each bound by data processing agreements. These providers receive only the minimum data necessary to perform their services.
  • Google APIs: URLs you submit for PageSpeed analysis are sent to Google's PageSpeed Insights API. See Section 1 for full restrictions on how that data is handled.
  • Legal requirements: if required by law, court order, or governmental authority, or to protect the rights, property, or safety of Citingly, our users, or the public.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your personal data is subject to a different privacy policy.

We do not share your data with advertisers, data brokers, or information resellers. We do not transfer or sell any data obtained via Google APIs to third parties for any purpose other than providing the Service to you.

6. Data Retention

We retain your account data and Service data for as long as your account is active. If you delete your account, we will delete or anonymize your personal data within 90 days, except where we are required to retain it by law (e.g., billing records for tax purposes, typically 7 years).

Data obtained via Google APIs (e.g., PageSpeed scores) is retained as part of your audit history and deleted along with your account data when your account is closed.

Aggregated, non-identifiable analytics data may be retained indefinitely.

To request deletion of your data before account closure, contact us at hello@citingly.com. We will respond within 30 days.

7. Cookies and Tracking

We use the following types of cookies and similar technologies:

  • Strictly necessary: session tokens and authentication cookies required to keep you logged in and use the Service.
  • Functional: preferences such as billing cycle selection stored in local storage.
  • Analytics — Google Analytics 4: we load Google Analytics (GA4) on every page via a JavaScript tag. GA4 sets cookies (including _ga and _ga_*) to distinguish users and sessions. The data collected is described in Section 1.3 above. Google Analytics cookies persist for up to 2 years. You can opt out at any time using the Google Analytics Opt-out Browser Add-on or by disabling cookies in your browser settings.

You can disable cookies in your browser settings, but some features of the Service (particularly authentication) may not function correctly without strictly necessary cookies.

8. Security

We implement industry-standard security measures to protect all data we hold, including data obtained via Google APIs:

  • Encryption in transit: all data is transmitted over TLS (HTTPS).
  • Encrypted storage: sensitive data is encrypted at rest.
  • Access controls: production systems are accessible only to authorized personnel on a need-to-know basis.
  • No human access to Google API data: data retrieved via Google APIs is not accessed by our staff except where necessary for security investigation, at your explicit request, or as required by law.

If we become aware of a data breach affecting your personal information, we will notify you in accordance with applicable law.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you.
  • Correction: request correction of inaccurate or incomplete data.
  • Deletion: request deletion of your personal data ("right to be forgotten").
  • Portability: receive your data in a structured, machine-readable format.
  • Restriction: request that we limit processing of your data in certain circumstances.
  • Objection: object to processing based on legitimate interests.
  • Withdraw consent: where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at hello@citingly.com. We will respond within 30 days.

10. Children's Privacy

The Service is not directed at children under 13, and we do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us at hello@citingly.com and we will delete it promptly.

11. International Transfers

Citingly is based in the United States. If you access the Service from outside the US, your information may be transferred to, stored, and processed in the US or other countries. By using the Service, you consent to this transfer. Where required, we implement appropriate safeguards such as Standard Contractual Clauses for transfers from the EEA.

12. Third-Party Links

The Service may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the effective date at the top. If we make changes that affect how we use data obtained via Google APIs, we will prompt you to consent to those changes before the new uses take effect. Your continued use of the Service after non-material changes take effect constitutes your acceptance of the revised policy.

14. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy — including questions about how we handle Google API data — please contact us at:

Citingly
hello@citingly.com
https://citingly.com

Terms of Service →← Back to Citingly