Privacy Policy
Last updated: December 27, 2024
1. Introduction
Cited AI ("we", "us", or "our") operates the Cited AI service available at getcitedai.com (the "Service").
Cited AI is a document analysis platform that provides accurate, verifiable answers from your documents through AI-powered inline citations that link directly to source material.
This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service. By using our Service, you agree to the collection and use of information in accordance with this policy.
We are committed to protecting your privacy and handling your data transparently and securely.
2. Information We Collect
Account Information
When you create an account, we collect:
- Name
- Email address
- Password (stored in encrypted form)
User Content
When you use our Service, we collect documents and content you upload, paste, or otherwise provide to us. This includes files, text, web pages, and any other materials you submit for analysis.
You are responsible for the content you provide. We advise against including sensitive personal information, confidential business information, or trade secrets in your uploads unless necessary for your intended use.
Usage Information
We collect information about how you interact with our Service, including:
- Questions and queries you submit
- Features you use
- Preferences and settings
- Frequency and timing of use
Technical Information
When you access our Service, we automatically collect:
- IP address
- Browser type and version
- Device type and operating system
- Pages visited and time spent
- Referring URLs
Payment Information
If you purchase a subscription, our payment processor (Stripe) collects and processes your payment details. We do not store your full payment card information on our servers. We retain only the information necessary for billing administration, such as transaction history and billing address.
3. How We Use Your Information
We use your information for the following purposes:
Providing the Service: To operate, maintain, and deliver the features and functionality of our Service, including processing your documents and generating AI-powered responses with citations.
Processing Payments: To process transactions, manage your subscription, and handle billing administration.
Improving the Service: To understand how users interact with our Service, identify issues, and develop new features and improvements.
Communication: To send you service-related notices, updates, security alerts, and respond to your support requests.
Security and Fraud Prevention: To detect, prevent, and address fraud, abuse, security issues, and technical problems.
Legal Compliance: To comply with applicable laws, regulations, and legal processes.
4. Legal Bases for Processing
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal information based on the following legal grounds:
Performance of a Contract: Processing necessary to provide you with the Service and fulfill our contractual obligations to you. This includes creating your account, processing your documents, and managing your subscription.
Legitimate Interests: Processing necessary for our legitimate interests, such as improving our Service, ensuring security, preventing fraud, and communicating with you about our Service. We rely on this basis only where these interests are not overridden by your rights.
Legal Obligations: Processing necessary to comply with our legal obligations, such as tax and accounting requirements, or responding to lawful requests from authorities.
Consent: Where you have given us explicit consent to process your personal information for a specific purpose. You may withdraw consent at any time, though this will not affect the lawfulness of processing before withdrawal.
5. AI Processing and Your Data
Our Service uses AI technology provided through Google Cloud (Vertex AI) to process your documents and generate responses with citations.
How It Works: When you submit a question, your documents and query are sent to our AI provider for processing. The AI analyzes your content and generates a response with citations linking to relevant passages in your source materials.
Temporary Storage: Your content may be temporarily stored by our AI provider for abuse monitoring and safety purposes. This data is deleted shortly after processing and is not retained long-term by the AI provider.
No Training on Your Data: Your documents, questions, and the generated responses are not used to train or improve AI models. We use API configurations that prevent your content from being used for model training purposes.
6. Cookies and Analytics
What Are Cookies
Cookies are small text files stored on your device when you visit a website. They help the website function properly and provide information about how you use the site.
Cookies We Use
Functional Cookies: We use essential cookies to operate our Service. These include authentication cookies from Supabase that keep you logged in and remember your session. These cookies are necessary for the Service to function and cannot be disabled.
Analytics Cookies: We use Mixpanel to understand how users interact with our Service. Mixpanel collects information such as pages visited, features used, and general usage patterns. This helps us improve the Service and fix issues. Analytics data is aggregated and does not identify you personally.
Managing Cookies
You can control cookies through your browser settings. Most browsers allow you to refuse cookies or delete existing cookies. However, disabling functional cookies may prevent you from using certain features of our Service or may require you to log in repeatedly.
For more information on managing cookies, consult your browser's help documentation.
7. Sharing Your Information
We do not sell your personal information.
We may share your information in the following circumstances:
Service Providers: We share information with third-party service providers who perform services on our behalf. These providers are contractually obligated to protect your information and use it only for the purposes we specify.
Legal Requirements: We may disclose your information if required by law, regulation, legal process, or governmental request. We may also disclose information to protect the rights, property, or safety of Cited AI, our users, or the public.
Business Transfers: If Cited AI is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
Subprocessors
We use the following third-party service providers to operate our Service:
| Provider | Purpose |
|---|---|
| Google Cloud | Cloud infrastructure and AI processing |
| Hetzner | Cloud infrastructure |
| Vercel | Hosting and deployment |
| Supabase | Database and authentication |
| Stripe | Payment processing |
| Resend | Transactional email |
| Mixpanel | Analytics |
8. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence, including the United States and Germany, where data protection laws may differ.
When we transfer personal information outside the European Economic Area, United Kingdom, or Switzerland, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions where applicable
- Other legally valid transfer mechanisms
9. Data Retention
We retain your information only for as long as necessary to fulfill the purposes described in this policy.
Account Information: Retained until you delete your account. When you delete your account, your personal information is deleted within 30 days.
User Content: Retained until you delete your account. You may also delete individual documents or conversations at any time.
Payment Records: Retained as required by tax and accounting laws, typically 7 years.
Technical and Usage Data: Retained for a reasonable period for security, analytics, and service improvement purposes, then deleted or anonymized.
When information is no longer needed, we delete it or anonymize it so it can no longer be associated with you.
10. Security
We implement reasonable technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit and at rest, access controls, and regular security assessments.
However, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your information, we cannot guarantee its absolute security.
You are responsible for keeping your account credentials confidential and for any activity that occurs under your account. We recommend using a strong, unique password and enabling any additional security features we offer.
11. Third-Party Links
Our Service may contain links to external websites or services that are not operated by us, including source URLs you provide and links in generated content.
We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policy of every site you visit.
12. Your Rights
Depending on your location, you may have certain rights regarding your personal information.
For EEA, UK, and Swiss Users (GDPR)
You have the following rights:
- Access: Request a copy of the personal information we hold about you.
- Correction: Request correction of inaccurate or incomplete information.
- Deletion: Request deletion of your personal information.
- Restriction: Request that we restrict processing of your information.
- Portability: Request a copy of your information in a structured, machine-readable format.
- Objection: Object to processing based on legitimate interests.
- Withdraw Consent: Withdraw consent where processing is based on consent.
You also have the right to lodge a complaint with your local data protection authority. For the UK, this is the Information Commissioner's Office (ICO). For EU countries, you can find your local authority at ec.europa.eu/justice/article-29/structure/data-protection-authorities.
For California Users (CCPA)
You have the following rights:
- Right to Know: Request information about the categories and specific pieces of personal information we have collected about you.
- Right to Delete: Request deletion of your personal information.
- Right to Opt-Out: Opt out of the sale of your personal information. Note: We do not sell your personal information.
- Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
Do Not Track
Some browsers offer a "Do Not Track" (DNT) setting that signals to websites that you do not wish to be tracked. We do not currently respond to DNT signals. However, you can manage your cookie preferences through your browser settings as described in Section 6.
Exercising Your Rights
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.
We may need to verify your identity before processing your request to protect your privacy and security.
13. Children
Our Service is not intended for users under the age of 18. We do not knowingly collect personal information from children under 18.
If you become aware that a child has provided us with personal information, please contact us at [email protected]. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information promptly.
14. Changes to This Policy
We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this policy.
For significant changes, we will notify you by email or by posting a prominent notice on our Service prior to the change becoming effective.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
15. Contact Us
If you have any questions about this Privacy Policy or our privacy practices, please contact us at:
Email: [email protected]