Legal
Privacy Policy
Last updated: March 16, 2026
1. Who We Are
GetCitedBy Ltd ("Company", "we", "us") operates the GetCitedBy platform at getcitedby.tech. We are the data controller responsible for your personal data. For questions, contact us at help@getcitedby.tech.
2. Data We Collect
Information you provide
- Account data: Email address, password (hashed), name.
- Company data: Company name, website URL, industry, brand information, competitors.
- Billing data: Payment is processed by Stripe. We receive your Stripe customer ID and subscription status but do not store card numbers or bank details.
- Communications: Emails you send to our support or sales addresses.
Information collected automatically
- Audit results: AI platform responses, citation data, scores, and analysis generated when we audit your brand.
- Usage data: Pages visited, features used, session duration (collected via analytics tools).
- Device data: Browser type, operating system, IP address (anonymized where possible).
3. How We Use Your Data
| Purpose | Legal basis (GDPR) |
|---|---|
| Provide and operate the Service (audits, reports, monitoring) | Contract performance |
| Process payments and manage subscriptions | Contract performance |
| Send onboarding, transactional, and service emails | Contract performance |
| Send marketing communications (you can opt out) | Legitimate interest / Consent |
| Improve and develop the Service | Legitimate interest |
| Detect fraud and ensure security | Legitimate interest |
| Comply with legal obligations | Legal obligation |
4. Data Processors and Sharing
We share your data only with the following categories of processors, all of which are bound by data processing agreements:
| Processor | Purpose | Data shared |
|---|---|---|
| Supabase (AWS) | Database, authentication | Account data, company data, audit results |
| Stripe | Payment processing | Email, billing details |
| Vercel | Website hosting | IP address, usage data |
| AI platforms (OpenAI, Anthropic, Google) | Audit queries and analysis | Company name, industry, website URL (for citation checks) |
| Google Workspace | Email delivery | Email address, name |
| PostHog | Website analytics | Anonymized usage data, device data |
We do not sell your personal data. We do not share your data with third parties for their own marketing purposes.
5. Data Retention
- Active accounts: We retain your data for as long as your account is active.
- After cancellation: We retain account and audit data for 90 days after subscription cancellation, then delete it. You may request earlier deletion.
- Free audit data: Data from free AI visibility scores is retained for 12 months, then deleted.
- Billing records: We retain billing records for 7 years as required by tax law.
- Communications: Support emails are retained for 2 years.
6. Your Rights
Under GDPR and CCPA, you have the right to:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate data.
- Erasure: Request deletion of your personal data ("right to be forgotten").
- Portability: Request your data in a machine-readable format.
- Restriction: Request that we limit processing of your data.
- Objection: Object to processing based on legitimate interest.
- Withdraw consent: Where processing is based on consent, withdraw it at any time.
To exercise any of these rights, email help@getcitedby.tech. We will respond within 30 days.
California Residents (CCPA)
California residents have additional rights under the CCPA, including the right to know what personal information is collected, the right to delete, and the right to opt out of the sale of personal information. We do not sell personal information. To make a CCPA request, email help@getcitedby.tech.
7. Security
We implement appropriate technical and organizational measures to protect your data, including:
- Encryption in transit (TLS) and at rest.
- Row-level security in our database ensuring clients can only access their own data.
- API keys and secrets stored in encrypted environment variables, never in source code.
- Regular access reviews and principle of least privilege.
No system is 100% secure. If we discover a data breach that affects your personal data, we will notify you and the relevant supervisory authority as required by law.
8. Cookies and Tracking
We use essential cookies for authentication and session management. Our analytics tool (PostHog) may use cookies or similar technologies to collect usage data. You can control cookies through your browser settings.
9. International Transfers
Your data may be processed in countries outside the UK/EEA, including the United States (where Supabase, Stripe, Vercel, and AI platform providers operate). We ensure appropriate safeguards are in place, including Standard Contractual Clauses where required.
10. Children
The Service is not intended for individuals under 18 years of age. We do not knowingly collect data from children.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last updated" date at the top indicates the most recent revision.
12. Contact
For privacy-related questions or to exercise your rights:
Email: help@getcitedby.tech
Website: getcitedby.tech