Privacy Policy

1. Introduction

CitedHQ.com ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our text fragment tracking service (the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Data Collected from Website Owners

When you register and use CitedHQ, we collect:

• Account Information: Name, email address, and password
• Website Information: Domain names and API keys for websites you track
• Usage Data: How you interact with our dashboard and services

2.2 Data Collected from Visitors to Tracked Websites

When visitors arrive at your website via text fragment links, we collect:

• Text Fragment Data: The specific text content highlighted in the URL fragment (e.g., #:~:text=highlighted%20text)
• Referrer Information: The website or source that linked to your content (domain and URL, with sensitive query parameters removed)
• Page URL: The specific page on your website that was visited
• User Agent: Browser and device information
• Geolocation Data: Country and city (derived from IP address - IP addresses are NOT stored)
• Metadata: Screen dimensions, browser language, and traffic source classification (AI, Search, Social, etc.)
• Timestamps: When the fragment was accessed

3. How We Use Your Information

We use the collected information for the following purposes:

• Service Delivery: To provide text fragment tracking and analytics services
• Analytics: To generate reports on fragment usage, traffic sources, and geographic distribution
• Improvement: To improve and optimize our Service
• Communication: To send you updates about your account and our Service
• Legal Compliance: To comply with legal obligations and protect our rights

4. Data Storage and Security

4.1 Data Storage

• Data is stored securely in our Supabase database
• IP addresses are NOT stored - they are used temporarily for geolocation only, then discarded

4.2 Security Measures

• All API communications use HTTPS encryption
• API keys are required for all tracking requests
• Automatic data sanitization removes sensitive patterns before storage
• Regular security audits and updates

5. Data Retention

We retain your data for as long as necessary to provide our Service and comply with legal obligations:

• Tracking Events: Retained for 90 days, then automatically deleted
• Analytics Aggregations: Retained for 1 year for historical reporting
• Account Data: Retained until account deletion

You can request deletion of your data at any time by contacting us or using the account deletion feature in your dashboard.

6. Your Rights (GDPR & CCPA)

If you are located in the European Union (EU) or California, you have the following rights:

6.1 Right to Access

You can request a copy of all personal data we hold about you.

6.2 Right to Rectification

You can correct inaccurate or incomplete data through your dashboard or by contacting us.

6.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data. We will honor requests unless we have a legitimate legal reason to retain the data.

6.4 Right to Data Portability

You can request your data in a machine-readable format for transfer to another service.

6.5 Right to Object

You can object to processing of your personal data for certain purposes. Since we process data based on Legitimate Interest, you have the right to object at any time. You can opt-out by:

• Enabling Do Not Track (DNT) in your browser settings
• Contacting us at privacy@citedhq.com

6.6 Right to Opt-Out (CCPA)

California residents can opt-out of the sale of personal information (we do not sell personal information).

To exercise these rights, please contact us at privacy@citedhq.com.

7. Third-Party Services

We use the following third-party services:

• Supabase: Database hosting and authentication (Privacy Policy: supabase.com/privacy)
• ip-api.com: Geolocation service for country/city detection
• Vercel: Hosting and deployment (if applicable)

These services may have access to certain data to provide their services to us. We ensure all third-party services comply with applicable privacy laws.

8. Cookies and Tracking

We do not use cookies. Our tracking script uses browser APIs only and does not set or read cookies. We do not use persistent identifiers to track users across websites.

We respect the Do Not Track (DNT) header. If you have DNT enabled, tracking events are not sent to our servers.

9. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from those in your country. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

Changes to this Privacy Policy are effective when they are posted on this page.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

• Email: privacy@citedhq.com
• General Support: support@citedhq.com
• Website: CitedHQ.com