Who we are

CiteLevel is an AI visibility platform that tracks how often your brand appears in answers from ChatGPT, Claude, Gemini, and Perplexity. We are based in Germany and operate under EU data protection law (GDPR).

Contact: support@citelevel.com

What data we collect

When you use CiteLevel, we collect the following:

• Your name and email address (when you sign up)
• Your brand name, competitors, product category, and website domain (needed to run your visibility analysis)
• Payment information (processed by Stripe — we never see or store your card details)
• Session data for authentication (a secure login cookie)
• Your IP address (used for basic security)

We do not collect any data about your end customers. The brand names and prompts we send to AI models contain no personal information about third parties.

How we use your data

We use your data only for the following purposes:

• Running your AI visibility scans and generating your weekly reports
• Managing your account and subscription
• Sending you weekly email reports and product updates
• Processing your payments via Stripe
• Improving our platform

We never sell your data. We never use your data for advertising.

Legal basis (GDPR)

• Contract performance (Art. 6(1)(b)) — running the service you signed up for
• Legitimate interests (Art. 6(1)(f)) — security and fraud prevention
• Legal obligation (Art. 6(1)(c)) — tax and accounting records

Third-party services

Cloudflare

Our infrastructure runs on Cloudflare Workers and Cloudflare D1. Cloudflare processes data as part of hosting and DDoS protection. Cloudflare Privacy Policy →

Stripe

Payments are handled by Stripe, Inc. Stripe processes payment data under PCI-DSS standards. We only receive a subscription status — never your full card details. Stripe Privacy Policy →

Resend

We send transactional emails (weekly reports, login links) via Resend. Resend Privacy Policy →

OpenAI, Anthropic, Google, Perplexity

To run your AI visibility analysis, we send prompts containing your brand name and category to these AI providers. No personal data about you or your customers is included in these prompts. Each provider processes data under their own privacy policy.

Cookies

We use exactly one cookie: a strictly necessary authentication cookie that keeps you logged in for 30 days. It is HttpOnly and Secure, meaning it cannot be accessed by JavaScript and is only sent over HTTPS.

We use no advertising cookies, no tracking cookies, and no third-party analytics cookies.

How long we keep your data

• Account data: until you delete your account
• Scan and analysis data: 24 months after your last activity
• Billing records: 10 years (required by German tax law)

Your rights

Under GDPR, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data ("right to be forgotten")
• Restrict or object to processing
• Data portability

To exercise any of these rights, email us at support@citelevel.com. We will respond within 30 days.

You also have the right to lodge a complaint with a data protection authority. In Germany, the relevant authority is the Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI).

Security

We take data security seriously. Passwords are stored as SHA-256 hashes — never in plain text. All data is transmitted over HTTPS. Access is controlled via secure session tokens. Our infrastructure uses Cloudflare's global security and DDoS protection.

Changes to this policy

If we make material changes to this policy, we will notify you by email before the changes take effect. The current version is always available at this URL.