GDPR Compliance
Your data, your rights. CitedSpy is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR).
Our commitment to GDPR
The General Data Protection Regulation (GDPR) is a comprehensive data privacy regulation enacted by the European Union to protect the personal data of individuals. At CitedSpy, we respect your privacy and are committed to handling personal data responsibly and transparently. We do not track users without consent, we do not sell personal data, and we give you full control over the data you share with us.
Whether you are located in the EU or elsewhere, we apply the same high standards of data protection to every CitedSpy user.
Your rights under GDPR
As a data subject, you have the following rights. We honor all requests within 30 days.
Right to access
You can request a copy of all the personal data we hold about you. We will provide it in a commonly used, machine-readable format.
Right to rectification
If any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct it promptly.
Right to erasure
Also known as the right to be forgotten. You can request the deletion of your account and all associated personal data at any time.
Right to data portability
You can export your data in JSON or CSV format at any time from your account settings, or request a full data export from us.
Right to restrict processing
You can request that we temporarily stop processing your personal data while a concern is being resolved.
Right to object
You have the right to object to the processing of your personal data for specific purposes, including direct marketing.
Right to withdraw consent
Where processing is based on your consent, you can withdraw that consent at any time. Withdrawal does not affect the lawfulness of prior processing.
Data we collect
We collect only the minimum data necessary to provide and improve CitedSpy. Here is a summary of what we collect:
Account information
Name, email address, company name, website URL, and hashed password. Billing details are processed securely by Stripe - we never store full card numbers.
Usage data
Pages visited, features used, browser type, IP address (anonymized after 30 days), session duration, and error logs. Collected via first-party analytics with your consent.
Brand tracking data
Tracking prompts you configure, AI engine responses, brand mention analysis results, competitor comparisons, and visibility scores. This data belongs to you and can be exported or deleted at any time.
How we protect your data
We implement robust technical and organizational measures to keep your data safe.
Data processing
We are transparent about how and why we process your data.
Service delivery
We process your data to provide and improve CitedSpy - running tracking prompts, generating reports, and delivering insights. This is based on contractual necessity.
We do not sell your data
We have never sold personal data to third parties and have no plans to do so. Your data is used solely to provide the CitedSpy service.
We do not train AI on your data
Your brand tracking data, prompts, and analysis results are never used to train AI models. The data belongs to you.
Third-party processors
We share data with a limited set of processors (Stripe for billing, AI engine providers for prompt execution, Cloudflare for CDN and security). Each is contractually bound to protect your data. Only tracking prompts are sent to AI providers - no personal data.
Cookie consent
We use PostHog for product analytics, which is only activated with your explicit consent. Essential cookies (session management and CSRF protection) are strictly necessary for the application to function and do not require consent. No third-party advertising cookies are used on CitedSpy. You can manage your cookie preferences at any time through your browser settings.
Contact our Data Protection Officer
For any GDPR-related requests, questions, or concerns, please contact us. We respond to all data protection inquiries within 5 business days.
GDPR requests
For data access, deletion, portability, or any GDPR-related request:
[email protected]We respond within 5 business days.
Data Protection Officer
Our DPO oversees all GDPR compliance matters and can be reached directly:
[email protected]CitedSpy · India
Your privacy is not an afterthought.
CitedSpy is built with privacy at its core. Start your free trial and see how we put your data rights first.