Start a 14-day Brand Starter trial with no credit card

Legal

Privacy Policy

Last updated: July 3, 2026

How Citlyze collects, uses, shares, and protects information when you use our website and platform.

1. Overview

This Privacy Policy explains how Citlyze ("we", "us", or "our") collects, uses, and shares information when you visit our website, create an account, or use the Citlyze AI-search visibility platform (the "Service").

By using the Service, you agree to the collection and use of information in line with this policy. If you do not agree, please do not use the Service.

2. Information we collect

We collect the following categories of information:

  • Account information — your name, work email, company, and credentials, handled through our authentication provider Clerk.
  • Workspace and configuration data — the brands, competitors, prompts, locations, engines, and notification destinations (such as Slack or Microsoft Teams webhook URLs) you choose to configure.
  • Billing information — plan selection and payment details, processed by our payment provider Stripe. We don't store full card numbers.
  • Usage and device data — log data, IP address, browser type, and pages visited, used to operate and secure the Service.
  • Communications — messages you send us through demo requests, contact forms, or support channels.

3. How we use information

  • Provide, maintain, and improve the Service and your workspace.
  • Run your tracked prompts against AI engines and compute visibility, citation, and competitor metrics.
  • Deliver the reports, alerts, and exports you configure, to the recipients and channels you choose.
  • Process payments and manage subscriptions.
  • Communicate with you about your account, product updates, and (where permitted) marketing.
  • Measure how our website and marketing perform, including conversions from our advertising campaigns.
  • Detect, prevent, and respond to fraud, abuse, and security incidents.
  • Comply with legal obligations.
  • Operate and improve the Service using aggregated or de-identified data that does not identify you.

4. AI engines and how prompts are processed

The core of the Service is sending the prompts you configure to third-party AI answer engines and recording the responses. We route these requests through OpenRouter, which passes them to the model providers included in your plan — such as OpenAI, Google, Perplexity, xAI, DeepSeek, and ByteDance. Each provider processes those requests under its own terms and policies.

Prompts should describe markets, products, and buying questions — business information. Do not include personal information about identifiable people in tracked prompts or brand context; anything you place there will be transmitted to the AI providers above.

The answers, citations, and scores generated from these requests are stored in your workspace as measurement data.

5. Service providers

We share information with a small number of service providers that process it on our behalf, only as needed to run the Service. Authentication and account management are handled by Clerk; payments, subscriptions, and invoicing by Stripe; and workspace data is stored with Supabase. Tracked prompts are routed to the AI model providers in your plan through OpenRouter, transactional and report email is delivered through Resend, and the application is hosted on Vercel. Site analytics and advertising measurement rely on Google services, described in the next section and in our Cookie Policy.

Each provider processes data under its own terms and security commitments, and we review the providers we rely on as the Service evolves.

6. Analytics and advertising

We use Google Tag Manager and Google Analytics to understand how our website is used, and Google Ads to advertise the Service and measure whether those ads lead to sign-ups. These tools collect usage data such as pages visited, device and browser information, approximate location, and identifiers set in cookies. Google processes this data as described in how Google uses information from sites that use its services.

Where we use Google Ads conversion tracking or remarketing, advertising cookies are set only with your consent where the law requires it. You can opt out of personalized advertising in Google Ads Settings and opt out of Google Analytics with the browser opt-out add-on.

7. Integrations you connect

If you connect a Slack or Microsoft Teams webhook, add report recipients, or enable exports to your own tools, we send the relevant workspace data to the destinations you configure. Those platforms handle that data under their own terms, and you are responsible for choosing destinations you trust.

We don't sell your personal information.

8. International transfers

The providers above may process data in the United States, the European Union, and other countries. Where required, transfers rely on appropriate safeguards such as standard contractual clauses offered by the relevant provider.

9. Cookies and tracking

We use strictly necessary cookies to keep you signed in and to secure the Service, and limited analytics to understand how the site is used. See our Cookie Policy for details.

10. Data retention

We retain your information for as long as your account is active or as needed to provide the Service. Measurement history is retained according to your plan's history window. You can export your data or request deletion of your account at any time from your account settings, and we will delete or anonymize personal information unless we are required to retain it for legal, accounting, or security reasons.

11. Your rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal information, and to object to or restrict certain processing. You can exercise many of these rights directly in your account settings, or by contacting us at the address below.

12. Security

We use authenticated, workspace-scoped access controls and industry-standard safeguards to protect your information, and we encrypt stored webhook URLs and API credentials. No method of transmission or storage is completely secure, but we work to protect your data and to notify you of material incidents as required by law.

13. Children's privacy

The Service is a business tool and is not directed at children. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us personal information, contact us and we will delete it.

14. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the date above and, where appropriate, notify you through the Service or by email.

15. Contact us

If you have questions about this policy or your data, contact us at privacy@citlyze.com.