CiteReady

Privacy Policy

Last updated: April 17, 2026

What we collect

  • Account data: email address, authentication tokens (magic-link sessions managed by Supabase).
  • Billing data: payment method, billing address, and transaction history — stored by Stripe, not by us. We receive customer IDs and event summaries.
  • Audit data: URLs you submit, crawl results, dimension scores, and the generated report content.
  • Usage data: server logs, error reports, audit job telemetry — typical for SaaS operation.

How we use it

  • To provide the Service — run audits, generate reports, gate features by plan.
  • To bill you correctly for paid plans.
  • To diagnose errors, improve the scoring model, and communicate important updates.
  • To send occasional product communications you can opt out of at any time.

Where your data lives

Data is stored with our infrastructure providers: Supabase (primary database, authentication), Vercel (hosting + function logs), Stripe (billing + payment methods), Inngest (job queue telemetry), Firecrawl (crawl requests — audited URLs only), and Anthropic (AI scoring — page content passed at audit time, not retained by Anthropic under their API terms).

Audit content and third-party sites

When you submit a URL for audit, we fetch and analyze the publicly accessible content at that URL. We do not bypass authentication, paywalls, or access controls. You are responsible for only submitting URLs you own or have authorization to audit.

Public reports

Audit reports are accessible via a long random URL. Anyone with the URL can view the report. We do not index these URLs for search. You control whether to share them. You can request deletion of any audit report at any time by emailing us.

Cookies and tracking

We use first-party cookies required for authentication and session management. We use Vercel Analytics for aggregate, cookie-less page-view metrics. We do not use third-party advertising cookies.

Your rights

You have the right to request access to, correction of, or deletion of your personal data. To exercise these rights, email thejoshuasilverstone@gmail.com from the email address associated with your account. We will respond within 30 days. If you are a resident of the EU, UK, California, or Canada, you have additional rights under GDPR, UK-GDPR, CCPA, and PIPEDA respectively — which we will honor.

Email communications (CASL compliance)

If we contact you by email for marketing purposes, we will include our identity, a valid mailing address, and a clear, working unsubscribe mechanism, per Canada’s Anti-Spam Legislation (CASL). Transactional emails (billing, product notifications, support replies) may continue even after unsubscribing from marketing.

Data retention

We retain account and audit data while your account is active. If you close your account, we delete personal data within 90 days, subject to legal retention requirements (e.g. tax records).

Children

The Service is not intended for users under 18. We do not knowingly collect data from children.

Changes

We may update this Privacy Policy to reflect product or legal changes. We will notify account holders of material changes via email or in-app notice.

Contact

Questions or requests: thejoshuasilverstone@gmail.com

Terms of Service · Home