Privacy policy

When you sign in we receive your email address and a hashed user ID from Supabase Auth. When you start a scan we store the domain, the prompts we generated, the URLs cited by ChatGPT, Perplexity, and Gemini, and any drafts we generated for those URLs.

We don't collect payment details. Stripe processes all payments and we receive only the customer ID, subscription state, and billing-period dates.

To run scans, surface results in your dashboard, send the weekly digest, and bill you. We don't sell or share data with third parties for advertising. We send anonymous product analytics to PostHog (page views, button clicks) and you can opt out via the browser's Do Not Track signal.

• Supabase — auth, Postgres database (US East)
• Cloudflare — Workers, KV, queues, Durable Objects (global)
• Stripe — payments (US)
• OpenRouter / Anthropic — LLM calls for citation discovery + drafting
• Jina AI — page-content extraction for outreach drafts
• Resend — transactional email delivery
• PostHog — anonymous product analytics

Scan history and drafts are kept while your account is active and for 30 days after cancellation. Email logs are kept for 90 days. Stripe holds payment records per US tax law (typically 7 years).

Email privacy@citegrove.com to request export or deletion of your data. We'll action it within 30 days.