CiteCrawlCiteCrawl

Privacy Policy

Last updated: 18 March 2026

1. Introduction

CiteCrawl Ltd ("we", "us", "our") is committed to protecting your privacy. This policy explains how we collect, use, store, and protect your personal data when you use the CiteCrawl service ("the Service") at www.citecrawl.com.

We are the data controller for the personal data we process. If you have questions about this policy, contact us at Team@CiteCrawl.com.

2. Data We Collect

Account Data

When you create an account, we collect your email address and password (stored as a secure hash). If you provide it during signup, we also collect your full name and company name.

Audit Data

When you submit a website URL for audit, we collect the URL, the audit results (scores, check data, evidence), and the generated PDF report. We access only publicly available content on your website — we do not require or use any login credentials for your site.

Payment Data

Payment processing is handled by Stripe. We do not store your credit card number, CVV, or full card details. Stripe may share with us your card type, last four digits, and billing address for record-keeping purposes.

Usage Data

We collect standard web analytics data including IP address, browser type, pages visited, and timestamps. This data is used to improve the Service and diagnose technical issues.

3. How We Use Your Data

We use your data to:

  • Create and manage your account
  • Process payments and deliver audit reports
  • Send you audit results and report download links via email
  • Send transactional emails (account confirmation, password reset, payment receipts)
  • Improve the audit methodology and Service quality
  • Respond to support requests and contact form submissions
  • Detect and prevent fraud or abuse

We do not sell your personal data to third parties. We do not use your data for advertising purposes.

4. Third-Party Services

We use the following third-party services to operate the Service:

  • Stripe — Payment processing. Stripe processes your payment information under their own Privacy Policy.
  • Supabase — Database hosting. Your account and audit data is stored in a PostgreSQL database hosted by Supabase in the EU.
  • Amazon Web Services (AWS) — Infrastructure. We use AWS Lambda for audit processing, S3 for report storage, SES for email delivery, and SQS for job queuing. Data is processed in the EU (eu-north-1 region).
  • Google PageSpeed Insights API — We use this API to measure your website's performance metrics (TTFB, LCP, INP, page weight). Google processes the URL you submit under their own Privacy Policy.
  • Cloudflare — DNS and CDN. Cloudflare processes traffic metadata under their own Privacy Policy.

5. Cookies

We use essential cookies to maintain your authenticated session. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. The session cookie is set by Supabase Auth and is required for the Service to function.

6. Data Retention

We retain your account data for as long as your account is active. Audit results and reports are retained for 12 months from the date of generation. Payment records are retained for 7 years as required by accounting regulations.

When you delete your account, we will delete your personal data within 30 days, except where retention is required by law.

7. Your Rights

Under applicable data protection law (including GDPR and CCPA), you have the right to:

  • Access — Request a copy of the personal data we hold about you
  • Rectification — Request correction of inaccurate data
  • Erasure — Request deletion of your personal data ("right to be forgotten")
  • Portability — Request your data in a structured, machine-readable format
  • Restriction — Request that we limit processing of your data
  • Objection — Object to processing of your data for certain purposes

To exercise any of these rights, email us at Team@CiteCrawl.com. We will respond within 30 days.

8. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • All data is transmitted over HTTPS with TLS 1.2+
  • Passwords are hashed using bcrypt before storage
  • Database access is restricted by row-level security policies
  • AWS infrastructure is configured with least-privilege IAM policies
  • Payment data is handled exclusively by Stripe (PCI DSS Level 1 certified)

9. International Data Transfers

Your data is primarily processed and stored in the European Union (Supabase EU, AWS eu-north-1). Where data is transferred outside the EU (e.g. to Stripe in the US), it is protected by Standard Contractual Clauses or equivalent safeguards.

10. Children's Privacy

The Service is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the Service. The "Last updated" date at the top of this page indicates when the policy was last revised.

12. Contact

If you have questions or concerns about this Privacy Policy or our data practices, contact us at:

CiteCrawl Ltd
Email: Team@CiteCrawl.com
General: Team@CiteCrawl.com