NEW14-day free trial — AI search monitoring from $24/month

Last updated: April 19, 2026

Privacy Policy

DRAFT — This document requires legal review before production use.

CiteHawk ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the CiteHawk platform and services (the "Service").

1. Information We Collect

Account Data

When you create an account, we collect your name, email address, and authentication credentials. If you sign in using a third-party provider (such as Google), we receive basic profile information from that provider.

Billing Data

Payment information is collected and processed by Stripe, our payment processor. We do not store your full credit card number on our servers. We receive from Stripe your subscription status, billing history, and the last four digits of your payment method for display purposes.

Usage Data

We collect information about how you interact with the Service, including pages visited, features used, queries configured, and timestamps of activity. This helps us improve the Service and troubleshoot issues.

AI Platform Query Data

CiteHawk queries AI search platforms (ChatGPT, Gemini, DeepSeek, and Grok) on your behalf to monitor brand visibility. We store the queries you configure, the responses received from AI platforms, and analysis results including citation data, model versions, and visibility scores. This data is associated with your account and workspace.

2. How We Use Your Data

We use the information we collect to:

  • Provide, maintain, and improve the Service.
  • Process your subscription and billing through Stripe.
  • Monitor AI platforms and generate visibility reports for your configured queries.
  • Send you transactional communications (account confirmations, billing receipts, service updates).
  • Respond to your support requests.
  • Analyse usage patterns to improve the Service.
  • Comply with legal obligations.

3. Data Sharing

We do not sell your personal information. We share data with the following third parties only as necessary to provide the Service:

  • Stripe — for payment processing and subscription management.
  • Supabase — for database hosting, authentication, and data storage.
  • Vercel — for application hosting and delivery.
  • AI Platform APIs — we send your configured queries to AI platforms to retrieve monitoring data. These queries do not contain your personal information.

4. Cookies and Tracking

We use essential cookies to maintain your session and preferences. We may use analytics tools to understand how the Service is used. You can control cookie preferences through the cookie consent banner displayed on your first visit. For more details, see our cookie consent notice.

5. Data Retention

We retain your account data and associated monitoring data for as long as your account is active. If you request account deletion, we implement a 90-day soft-delete period during which your data is retained but your account is deactivated. After the 90-day period, your data is permanently and irreversibly deleted from our systems, including all backups.

6. Your Rights (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of Access — You can request a copy of the personal data we hold about you.
  • Right to Rectification — You can request correction of inaccurate or incomplete personal data.
  • Right to Erasure — You can request deletion of your personal data. We will process this through our account deletion flow with a 90-day retention period.
  • Right to Data Portability — You can request your data in a structured, commonly used, machine-readable format.
  • Right to Restrict Processing — You can request that we limit the processing of your personal data under certain circumstances.
  • Right to Object — You can object to the processing of your personal data for direct marketing purposes.

To exercise any of these rights, please contact us at support@citehawk.com. We will respond to your request within 30 days.

7. Account Deletion

You can delete your account at any time through your account settings. When you request deletion:

  • Your active Stripe subscription is cancelled immediately.
  • Your account is deactivated and you are signed out.
  • Your data is retained for 90 days in case you change your mind.
  • After 90 days, all personal data is permanently deleted.

8. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that information promptly.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this page. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at support@citehawk.com.