Privacy Policy

Who We Are

AI Citation Scan ("we," "us," or "our") operates the website intelligence platform available at www.aicitationscan.com (the "Platform"). This Privacy Policy governs the collection, use, storage, disclosure, and protection of information in connection with your access to or use of the Platform.

We act as the data controller for any personal information processed in connection with the Platform, in accordance with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and applicable data protection laws in other jurisdictions.

Scope of This Policy

This Privacy Policy applies to all visitors to aicitationscan.com and all users of the intelligence tools and features offered through the Platform. It does not apply to third-party websites linked from the Platform, each of which maintains its own independent privacy policy.

By accessing or using the Platform, you acknowledge that you have read, understood, and agree to the data practices described in this Policy. If you do not agree, please discontinue use of the Platform immediately.

Automatically Collected Data (Non-Personal, Aggregate Only)

We operate Plausible Analytics, a privacy-first, open-source analytics platform that does not use cookies, does not fingerprint users, and does not collect personally identifiable information. The following aggregate, anonymized signals may be captured:

• Page URL and page path (aggregated page view counts)
• Referrer URL (general traffic source, not individual session tracking)
• Browser type and version (general device intelligence, anonymized)
• Operating system (general, not device-specific)
• Country of origin, derived from IP address — the IP address itself is never stored
• Screen size category (mobile / tablet / desktop)
• Visit duration (anonymized aggregate only)
• Bounce rate and session count (aggregate only)

No cookies are set. No cross-site tracking occurs. All signals are processed at the aggregate level and cannot be used to identify, profile, or track any individual user.

Information You Voluntarily Provide

The Platform does not require registration, login, or account creation. You may voluntarily submit:

• Website URLs for intelligence analysis (processed transiently — see Section 4)
• Name, email address, and message via our Contact form (see Section 5)

What Plausible Does NOT Do

• Does not use cookies, localStorage, or any client-side storage for tracking
• Does not build user profiles or behavioral histories
• Does not share data with advertising networks or data brokers
• Does not enable cross-site or cross-device tracking
• Does not fingerprint browser or device characteristics
• Does not collect IP addresses — they are used momentarily for country detection and immediately discarded
• Does not process sensitive personal categories (health, religion, politics, etc.)

Legal Basis for Analytics Processing

Because Plausible processes only fully anonymized aggregate data, it does not constitute "processing of personal data" under GDPR Article 4(1). No consent banner is required and no legitimate interest assessment is needed. For CCPA purposes, no "personal information" as defined under Cal. Civ. Code § 1798.140(o) is collected or sold through our analytics system.

Plausible Data Processing Agreement

Plausible is GDPR-compliant and processes aggregate data on our behalf under its Data Processing Agreement. Plausible's servers are located in the European Union (Germany). You may review Plausible's privacy policy at plausible.io/privacy.

Transient Processing Only

When you submit a website URL for intelligence analysis through any tool on the Platform, that URL is processed in real-time to generate the requested analysis output. This processing is strictly transient: the submitted URL and resulting analysis data are not stored in any database, not associated with any user identifier, and not retained beyond the duration of the active request cycle.

The analysis pipeline may query publicly accessible third-party services (such as DNS registries, public WHOIS, HTTP header inspection, and publicly documented technology databases) using the submitted URL. These external calls do not transmit any information about you — they transmit only the target URL for technical analysis.

Nature of Analysis Data

All analysis data returned to you reflects publicly accessible information about the submitted domain or URL. AI Citation Scan does not access, collect, or process any private, authenticated, or non-public content associated with submitted websites. The intelligence engine operates exclusively on publicly observable signals.

Log Files

Standard web server access logs may capture IP addresses, browser user agent strings, request timestamps, and HTTP status codes as part of normal server operation and security monitoring. These logs are retained for a maximum of 30 days for security and debugging purposes only, after which they are automatically purged. Log data is never shared with third parties, never used for marketing, and never cross-referenced with analytics data.

Voluntary Submission

If you contact us via the Contact form at aicitationscan.com/contact.html, you voluntarily provide your name, email address, and message content. This information is collected for the sole purpose of responding to your inquiry. We do not add contact form submitters to any marketing list, newsletter, or CRM system without explicit consent.

Netlify Form Handling

Contact form submissions are processed and stored by Netlify, Inc., our web infrastructure provider. Netlify handles form data in accordance with its privacy policy, available at netlify.com/privacy. Netlify is GDPR-compliant and acts as a data processor on our behalf under a Data Processing Agreement.

Legal Basis for Contact Data Processing

Contact form data is processed under GDPR Article 6(1)(b) — processing necessary for the performance of a contract or to take steps at the request of the data subject prior to entering into a contract — and GDPR Article 6(1)(f) — legitimate interest in responding to user inquiries and maintaining operational communication channels.

Contact data is retained for a maximum of 24 months from the date of submission, or until you request deletion, whichever comes first.

Operational Purposes

• Delivering website intelligence analysis outputs requested by users
• Monitoring Platform performance, availability, and security posture
• Diagnosing and resolving technical errors and infrastructure issues
• Responding to contact form inquiries and support requests
• Understanding aggregate usage patterns to improve Platform features
• Complying with applicable legal obligations and regulatory requirements
• Protecting the rights, property, and safety of AI Citation Scan and its users

What We Do Not Do With Your Data

• We do not sell, lease, or rent data to any third party
• We do not use data for behavioral advertising or retargeting
• We do not create individual user profiles from analytics data
• We do not transfer data to data brokers or data aggregators
• We do not process data for automated decision-making affecting legal rights

Service Providers

We engage a limited number of third-party service providers who process data on our behalf under contractual data processing agreements. These include:

• Netlify, Inc. — web hosting, CDN delivery, and contact form processing
• Plausible Analytics — aggregate, anonymized web traffic analytics
• Cloudflare, Inc. — DNS, DDoS protection, and network security (where applicable)

Each provider is contractually prohibited from using data for any purpose other than providing the specified service.

Legal Compulsion

We may disclose information if we are required to do so by law, court order, subpoena, governmental authority, or to enforce our Terms of Use or protect our legal rights. We will notify affected users of any such request where legally permissible prior to compliance.

Business Transactions

In the event of a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, any information we hold may be transferred to the successor entity, subject to the same privacy commitments described in this Policy.

Cross-Border Processing

AI Citation Scan is operated from the United States. If you access the Platform from outside the United States, including from the European Economic Area (EEA), United Kingdom, or Switzerland, your information may be transferred to and processed in the United States. The United States may not provide the same level of data protection as your home jurisdiction.

Where required by applicable law, we rely on the following transfer mechanisms: Standard Contractual Clauses (SCCs) approved by the European Commission; and adequacy decisions where applicable. Plausible processes analytics data within the EU (Germany), and no cross-border transfer of analytics data occurs.

Security Measures

We implement industry-standard technical and organizational security measures to protect information against unauthorized access, loss, alteration, or disclosure. These include:

• TLS 1.2+ encryption for all data in transit between your browser and our servers
• HTTPS enforcement across all Platform endpoints with HSTS headers
• Infrastructure hosted on security-hardened cloud environments
• CDN-level DDoS protection and rate limiting
• Honeypot fields on contact forms to mitigate automated abuse
• Regular security reviews of third-party service dependencies

Limitations

No method of transmission over the internet or electronic storage system is 100% secure. While we employ commercially reasonable security measures, we cannot guarantee absolute security. In the event of a data breach affecting personal information, we will notify affected individuals and relevant supervisory authorities as required by applicable law within 72 hours of becoming aware.

Retention Schedules

• URL submission data: Not retained — processing is transient and terminates with request completion
• Plausible analytics: Retained in aggregate, anonymized form for up to 24 months for trend analysis
• Server access logs: Maximum 30 days, then automatically purged
• Contact form submissions: Retained for up to 24 months or until deletion is requested

Deletion Policy

Upon expiration of the applicable retention period, data is permanently deleted from all systems and is not recoverable. You may request earlier deletion of contact form data at any time via contact.html. Requests are processed within 30 calendar days.

GDPR Rights (EEA, UK, Switzerland)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights under the GDPR and UK GDPR:

• Right of Access (Article 15): Request a copy of the personal data we hold about you
• Right to Rectification (Article 16): Request correction of inaccurate or incomplete data
• Right to Erasure (Article 17): Request deletion of your personal data where no legal obligation to retain exists
• Right to Restriction (Article 18): Request that we restrict processing of your data
• Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format
• Right to Object (Article 21): Object to processing based on legitimate interest
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time
• Right to Lodge a Complaint: File a complaint with your national supervisory authority (e.g., ICO in the UK, CNIL in France, BfDI in Germany)

CCPA Rights (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Request disclosure of the categories and specific pieces of personal information collected
• Right to Delete: Request deletion of personal information we have collected
• Right to Opt-Out of Sale: AI Citation Scan does not sell personal information. A dedicated opt-out page is available at do-not-sell-my-data.html
• Right to Non-Discrimination: You will not receive different pricing or service quality for exercising your CCPA rights
• Right to Correct: Request correction of inaccurate personal information
• Right to Limit Use of Sensitive Personal Information: Not applicable — we do not collect sensitive categories of personal information

How to Exercise Your Rights

Submit a data rights request via our contact form at contact.html. Please include "Data Rights Request" in the subject line and specify the right you wish to exercise. We will respond within 30 calendar days (or 45 days where an extension is required and notified). Identity verification may be required before processing deletion or access requests.

Minimum Age Requirement

AI Citation Scan is a professional intelligence platform designed for use by adults, SEO professionals, developers, and enterprise teams. We do not knowingly collect personal information from children under the age of 13 (United States) or under the age of 16 (European Economic Area), in accordance with the Children's Online Privacy Protection Act (COPPA) and GDPR Article 8.

If we become aware that we have collected personal information from a child below the applicable age threshold without verifiable parental consent, we will take immediate steps to delete that information. If you believe we may have collected data from a child, please contact us immediately at contact.html.

Modification Rights

We reserve the right to update, modify, or replace this Privacy Policy at any time. When we make material changes, we will update the "Effective Date" at the top of this page and, where appropriate, provide notice via a prominent banner on the Platform homepage. Material changes affecting the legal basis for processing, the categories of data collected, or your rights will be communicated with at least 14 days' notice before taking effect.

Your continued use of the Platform following the publication of any changes constitutes your acceptance of the revised Policy. If you do not agree to the revised Policy, you should discontinue use of the Platform.

Version History

• Version 1.0 — Effective January 1, 2025 — Initial release

Privacy Inquiries

All privacy-related inquiries, data rights requests, and questions about this Policy should be submitted through our contact form. We aim to respond to all requests within 5 business days and to fulfill all data rights requests within 30 calendar days.