Privacy Policy

CiteLoop ("CiteLoop", "we", "us", or "our") collects information when you access https://citeloop.app, create a project, connect integrations, or use the CiteLoop dashboard, API, and related services.

• Account information such as name, email address, authentication identifiers, workspace membership, and account preferences.
• Project information such as product domains, crawl settings, brand voice, content plans, review decisions, publisher settings, and notification settings.
• Public website data such as sitemap URLs, robots rules, page titles, metadata, visible page copy, internal links, and crawl status.
• Usage and operational data such as API request logs, dashboard actions, automation events, errors, and billing or plan status.

If you connect Google Search Console, CiteLoop accesses Google Search Console data only for properties you authorize and select inside CiteLoop. This may include Search Console property identifiers, verified site URLs, query data, page data, impressions, clicks, click-through rate, average position, indexing diagnostics, sitemap status, and related metadata returned by the Search Console API.

CiteLoop stores OAuth access tokens and refresh tokens so the service can refresh authorization and update project analysis without asking you to reconnect on every run. Tokens are stored server-side and protected as credentials. We do not store Google passwords.

Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

• Provide, operate, secure, and improve the CiteLoop service.
• Build domain context, identify SEO and GEO opportunities, prioritize analysis, and generate content plans.
• Use Google Search Console data to show query, CTR, position, page, and content-decay signals inside Analysis and Results.
• Prepare evidence-backed drafts, review queues, publishing checks, and measurement diagnostics.
• Send service notifications, enforce usage limits, troubleshoot errors, and prevent abuse.

We share information only as needed to provide the service, comply with law, or protect users.

• Service providers such as Clerk for authentication, Vercel for web hosting, Railway or equivalent infrastructure providers for API hosting, and payment providers if paid billing is enabled.
• Google APIs when you choose to connect Google Search Console and authorize CiteLoop to access your selected properties.
• Publisher or CMS providers only when you connect them and instruct CiteLoop to publish, draft, or verify content.
• Legal, security, or compliance recipients when required by law or necessary to investigate abuse.

We do not sell personal data and do not share Google user data with advertisers.

• We use Google Search Console data only to provide or improve user-facing CiteLoop features shown in the dashboard.
• We do not use Google user data for advertising, retargeting, personalized ads, credit decisions, or unrelated profiling.
• We do not transfer Google user data to third parties except as necessary to provide CiteLoop features you requested, comply with law, or protect security.
• We do not allow humans to inspect raw Google user data unless needed for security, legal compliance, debugging with your permission, or aggregated internal operations.

CiteLoop uses essential cookies and similar technologies for authentication, session management, and security. We do not use advertising cookies or cross-site behavioral advertising trackers.

• Account and project data is retained while your account remains active.
• OAuth tokens are retained while an integration remains connected and are deleted or revoked when you disconnect the integration where supported.
• Operational logs are retained for a limited period for security, debugging, and reliability.
• Upon account deletion, personal data and connected credentials are deleted within a reasonable period unless retention is required by law.

We use reasonable technical and organizational safeguards, including HTTPS, access controls, credential protection, audit logs, and secret isolation. No system is perfectly secure, but we work to protect customer data against unauthorized access, disclosure, alteration, or destruction.

• You can disconnect Google Search Console or other integrations from the dashboard when available.
• You can revoke Google access from your Google Account security settings.
• You can request access, correction, export, or deletion of your personal data by contacting us.

CiteLoop is not directed to children under 16, and we do not knowingly collect personal information from children.

We may update this Privacy Policy from time to time. We will update the "Last updated" date when changes become effective. Material changes may also be communicated through the dashboard or email.

Questions about this Privacy Policy can be sent to support@citeloop.app.