Privacy policy

This Privacy Policy describes how CitedRank(“we”, “us”) collects, uses, and protects information when you use the website at https://citedrank.co(the “Service”). We follow data-minimization principles: we collect the smallest amount of personal data we can to operate the Service.

1. Information we collect

1.1 Information you provide

• Account information — if you sign in via Google, we receive your email address, name, and Google profile picture URL. We do not receive your Google password.
• URLs you submit — the third-party URLs you ask the Service to analyze are processed and may be cached for performance (typically 24-72 hours, longer for design-system extracts).
• Optional contact — if you email us at hello@citedrank.co, we keep the email for the purpose of replying.

1.2 Information collected automatically

• Request metadata — IP address, user agent, requested URL, timestamp, and HTTP response code, retained in rotating server logs for up to 30 days for security and rate limiting.
• Auth cookies — when signed in, we set a single encrypted session cookie issued by NextAuth/Auth.js. It expires after 30 days of inactivity.
• No third-party analytics — at the time of this policy, we do not run Google Analytics, Mixpanel, Segment, Facebook Pixel, or any cross-site tracker. We use no advertising cookies. If this changes we will update this policy and re-display a cookie banner where required by law.

2. How we use information

• To operate, secure, and improve the Service.
• To return analysis results for URLs you submit. The output is stored against your account for retrieval via the Library.
• To enforce rate limits and detect abuse (e.g., automated bulk scraping that violates third-party Terms).
• To respond to support requests you initiate.
• To comply with legal obligations.

We do not sell your data, share it with advertisers, or use it to train AI models.

3. Legal basis (EU / UK users)

If GDPR applies to you, the legal bases are:

• Contract — to provide the Service you requested.
• Legitimate interests — to keep the Service secure, prevent abuse, and improve features. We balance these interests against your rights.
• Consent — for non-essential cookies or new uses we may introduce later.
• Legal obligation — to comply with lawful requests from authorities.

4. Data sharing

We share personal data only with the following categories of recipients, and only as needed to operate the Service:

• Infrastructure providers — our server hosting provider; the Postgres database lives on the same private network. Hosting providers may store backup data in their own regions.
• Google— for Sign-In, per Google’s privacy policy.
• Legal — if compelled by valid legal process.

We do not transfer personal data outside the operator’s principal jurisdiction except as required to operate cloud infrastructure. Where international transfers occur, they are protected by Standard Contractual Clauses or equivalent safeguards where required.

5. Data retention

• Account data — kept for the life of your account; deleted on request.
• Captured pages and extracted data — retained indefinitely against your account for retrieval in the Library; deletable on request.
• Server logs — up to 30 days, then automatically rotated.
• Backup snapshots — up to 90 days.

6. Your rights

Depending on your jurisdiction (GDPR, UK GDPR, CCPA/CPRA, LGPD, PIPL, etc.), you may have rights to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Request deletion (“right to erasure” / “right to delete”).
• Object to or restrict processing.
• Receive a portable copy of your data (e.g., as JSON / CSV).
• Withdraw consent at any time where processing relies on consent.
• Lodge a complaint with your local data-protection authority.

To exercise any right, email hello@citedrank.co. We aim to respond within 30 days.

7. Children

The Service is not directed to children under 16. We do not knowingly collect data from children under that age. If you believe a child has provided us with personal data, contact us and we will delete it.

8. Security

We use industry-standard measures — TLS in transit, encrypted storage at rest, principle-of-least-privilege access controls — to protect personal data. No system is perfectly secure. If we discover a breach involving your personal data, we will notify affected users without undue delay where required by law.

9. Changes to this policy

We may update this policy as the Service evolves. Material changes will update the “Effective” date and, where required, be notified to you in-app or by email.

10. Contact

Privacy questions, access requests, or complaints: hello@citedrank.co. See also our Terms of Service.

This policy is a good-faith draft intended to be replaced by counsel-reviewed terms before commercial launch. It is not legal advice.