— Privacy

Privacy policy.

Last updated: June 2026 · citeOS by Emergence Media

citeOS provides AI citation auditing, content generation, and a Concierge dashboard at citeos.io. This page describes what data we collect, why, and your rights over it.

What we collect

Email or Telegram handle — you give us this when you run a free audit, sign in, or pay for Audit Plus. We use it to deliver your dashboard link, your weekly memo, and payment receipts.
Domain you're auditing — the URL you submit to our scan. Stored against your account so the dashboard can show your history.
Audit results — every AI engine response we collect about your brand, every cited URL, every sentiment classification. Stored against the domain.
Account metadata — when you sign in with Google, we receive your name and email from Google's OAuth. We don't request access to your Gmail, Drive, or any other Google data.
Payment metadata — for paid plans, NOWPayments handles the crypto transaction directly. We receive your transaction ID and amount for invoice tracking, never private keys or wallet addresses other than what you choose to share.
Server logs — standard request logs (IP, user agent, timestamp) for rate-limiting and abuse prevention. Logs are rotated after 30 days.

What we don't collect

We don't sell, rent, or share your audit data with third parties.
We don't use your audit data to train models.
We don't track you across other websites.
We don't use third-party advertising trackers.

How we use it

Operating citeOS — running scans, generating reports, sending Friday memos to subscribers.
Improving the product — anonymized aggregate metrics (e.g., median citation rate per vertical) help us calibrate the score. Your specific audit is never identifiable in these metrics.
Notifying you — about your audit completing, your subscription renewing, or significant changes to your scoring weights or methodology.

Who we share with

AI providers (OpenAI, Anthropic, Google, Perplexity) — to run the audit prompts. They see the prompt (which contains your brand name) but not your account or contact details.
DataForSEO — for Google AI Overview surfacing and keyword volume data. They receive the search query string only.
Supabase + Vercel + Fly — our infrastructure providers. Standard DPA / sub-processor agreements apply.
NOWPayments + Stripe (when added) — payment processors. They handle the financial transaction; we receive a status callback.
Google (OAuth) — Google sees the sign-in but not your audit data.

Your rights

You can request a copy of your audit data at any time — email sagar@citeos.io from the account email and we'll send a JSON export within 7 days.
You can request deletion of your account and all associated audits — same email, same SLA. Some logs may persist for up to 30 days for fraud prevention before automated rotation.
You can unsubscribe from the Friday memo by replying to any memo email.

Cookies

We use one essential cookie for authentication (Supabase session). No analytics or advertising cookies. If we add PostHog analytics in the future we'll update this page and add a banner.

Children

citeOS is a B2B tool. We don't knowingly collect data from anyone under 16.

Changes to this policy

We'll post any material changes here with a new "Last updated" date. If you're a paid subscriber we'll also email you.

Contact

Questions: sagar@citeos.io. Operator: Emergence Media, Gurgaon, India.