CiteFoundry ("CiteFoundry", "we", "us", "our") provides an LLM brand-monitoring service. This Privacy Policy explains what personal data we collect, why, who we share it with, and the rights you have over your data. It applies to citefoundry.com, the CiteFoundry dashboard, and the CiteFoundry public API (together, the "Service").
1. Who we are
CiteFoundry is operated by the entity identified in our Terms of Service. For data-protection questions, you can reach our team at [email protected].
For users in the EU/EEA and UK, CiteFoundry acts as a "data controller" with respect to account and billing information about our customers, and as a "data processor" with respect to the content our customers submit into the Service (the prompts they monitor, the projects they configure, and the LLM responses we capture on their behalf).
2. What we collect
We collect the following categories of data:
2.1 Account & identity data
- Your name, email address, and (if you sign in with Google, Microsoft, or Apple) the basic profile claims those providers return to us through our authentication layer.
- Your organization (tenant) name, the projects you create, and your role within your tenant.
- The data residency region you select at signup ("US" or "EU").
2.2 Billing data
- Payment is processed by Stripe. We do not store your card number, CVV, or full bank details — Stripe stores those. We store your Stripe customer ID, subscription status, current plan, billing email, and invoice history.
- For EU customers, Stripe handles VAT collection and reporting on our behalf.
2.3 Service data (the content you put into CiteFoundry)
- The monitoring prompts you register, the brands and competitor domains you track, and any brand-guide context you provide to improve AI-generated prompts.
- The responses returned by third-party Large Language Model providers when we run your prompts on your behalf, including extracted mentions, sentiment classifications, and cited URLs.
- Tokens and identifiers from third-party integrations you choose to connect (e.g. Google Search Console site URLs, Google Ads customer IDs, OAuth refresh tokens). Sensitive credentials are encrypted at rest.
2.4 Usage & technical data
- Logs of API calls and dashboard interactions, including the timestamp, the route called, the response status, and the requesting IP address.
- Counts of billable activity (prompts created, runs executed, brands tracked) for plan-limit enforcement and billing.
- Error reports submitted to our error-monitoring provider when our software fails. We configure that provider to scrub sensitive fields and IP addresses where feasible.
2.5 Cookies & similar technologies
We use a small number of strictly necessary cookies to keep you signed in (a session cookie issued by our authentication layer) and to remember your data-residency region. We do not use third-party advertising cookies. We use cookieless, network-level analytics from our hosting provider. If we ever add product analytics, this policy will be updated to disclose the provider and the controls available to you.
3. Why we use this data (legal bases)
We use your data only for the purposes described below.
| Purpose | Legal basis (GDPR) |
|---|---|
| Provide the Service to you (run prompts, return analyses, render the dashboard) | Performance of contract |
| Bill you and enforce plan limits | Performance of contract; legal obligation |
| Authenticate you and prevent abuse of the Service | Legitimate interest in operating a secure service |
| Send transactional emails (sign-in, billing, security) | Performance of contract |
| Send product updates and marketing emails | Consent (you can unsubscribe at any time) |
| Debug, monitor, and improve the Service | Legitimate interest |
| Comply with our legal obligations | Legal obligation |
4. Prompts and LLM providers
CiteFoundry's core function is to send your prompts to third-party Large Language Model providers — currently OpenAI, Anthropic, and Google — and capture their responses for analysis. We do this through each provider's official API. When we call those APIs:
- The prompt text you registered is transmitted to the provider you enabled for that prompt.
- The provider's response is returned to us, persisted in our systems, and analyzed for brand mentions, sentiment, and citations.
- We use only the providers' API tier, which (per each provider's published terms at the time of writing) is not used to train their models on customer content.
If you do not want a specific provider to receive your prompts, disable that provider in your project settings before triggering a run.
5. Sub-processors
We engage a limited set of trusted sub-processors to operate the Service. We maintain a Data Processing Agreement (DPA) with each, and (where applicable) standard contractual clauses for international transfers.
The categories of sub-processors we use are listed below. Where the customer directly interacts with a provider's brand (payment processing, LLM providers you enable for your prompts), we name the provider explicitly so you can make an informed choice. For the remaining infrastructure categories, our current named sub-processor list is provided to customers on request as part of our DPA.
| Category | Purpose | Data category | Region |
|---|---|---|---|
| Hosting & infrastructure providers | Compute, storage, and content delivery for the Service | All | Region-pinned per tenant |
| Managed database providers | Primary application data store | Account, service, usage | US or EU (region-pinned per tenant) |
| Identity & authentication providers | Sign-in, single sign-on, directory sync | Account, identity | US |
| Stripe, Inc. | Payment processing, invoicing, tax handling | Billing | US, EU |
| Anthropic, PBC | LLM provider you can enable for your prompts | Prompt content you submit | US |
| OpenAI, L.L.C. | LLM provider you can enable for your prompts | Prompt content you submit | US |
| Google LLC | LLM provider you can enable for your prompts; Search Console and Ads APIs if you connect them | Prompt content; integration data you authorize | US, EU |
| Error monitoring & observability providers | Diagnostic telemetry to keep the Service running | Diagnostic logs | Region-pinned |
We will update this list as we add or change sub-processor categories. Material changes will be reflected in the "Last updated" date at the top of this page and (for material additions) notified in advance to account owners via email.
6. Data residency & international transfers
At signup you select either US or EU as the residency region for your tenant. CiteFoundry pins your database records, stored content, and primary compute to the corresponding region. We do not migrate your tenant's data to a different region without your explicit instruction.
Some sub-processors — notably the LLM providers you enable, and our identity provider — operate primarily in the United States. When we transfer personal data outside the EEA/UK, we rely on the European Commission's Standard Contractual Clauses (and the UK addendum where relevant) as the transfer mechanism.
7. How long we keep your data
- Account data: kept while your account is active, then deleted within 90 days of account closure unless we are required to retain it for legal or accounting reasons.
- Service data (prompts, runs, citations, mentions): retained for the period defined by your plan (30 days on Free, 12 months on Pro, unlimited on Business unless you instruct otherwise). Beyond the retention window, individual run records are deleted automatically.
- Billing records: retained as long as required by applicable tax and accounting law (typically 7–10 years).
- Backups: data may persist in encrypted backups for up to 35 days after deletion from the live system.
8. Your rights
Depending on where you live, you may have the right to access, correct, delete, export, or restrict the processing of your personal data, and to object to processing based on legitimate interests. To exercise these rights, write to [email protected] from the email address on your account. We will respond within 30 days.
Many of these rights can be exercised directly in the dashboard: sign-in details and emails under Settings → Account, billing details under Settings → Billing, and a full data export under Settings → Data export (when available on your plan).
If you are in the EU/EEA, you have the right to lodge a complaint with your local data-protection authority. If you are in California, we do not "sell" or "share" your personal information as those terms are defined under the CCPA/CPRA.
9. Security
We protect your data with industry-standard security measures, including strong encryption of data in transit and at rest, additional encryption of sensitive credentials, strict tenant data isolation, least-privilege access controls, regular review, and continuous monitoring. We summarize our current security program under our Data Processing Agreement, available to customers on request.
No system is perfectly secure. If you discover a vulnerability, please report it to [email protected] so we can fix it. We appreciate responsible disclosure.
10. Children
CiteFoundry is a business product not directed to children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, contact us and we will delete it.
11. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be notified via email to account owners and via a banner in the dashboard at least 30 days before they take effect. The "Last updated" date at the top of this page always reflects the current version.
12. Contact
Privacy questions, rights requests, complaints, or anything else:
- Email: [email protected]
- Security: [email protected]
- General: [email protected]