← Back
Legal
Privacy Policy
Last updated: April 2026

Who we are

CiteLevel is an AI visibility platform that tracks how often your brand appears in answers from ChatGPT, Claude, Gemini, and Perplexity. We are based in Germany and operate under EU data protection law (GDPR).

Contact: support@citelevel.com

What data we collect

When you use CiteLevel, we collect the following:

We do not collect any data about your end customers. The brand names and prompts we send to AI models contain no personal information about third parties.

How we use your data

We use your data only for the following purposes:

We never sell your data. We never use your data for advertising to third parties. We never share your data except with the service providers listed below.

Legal basis (GDPR)

Third-party services

Cloudflare

Our infrastructure runs on Cloudflare Workers and Cloudflare D1. Cloudflare processes data as part of hosting, DDoS protection, and performance optimization. Data is stored in the EU region. Cloudflare Privacy Policy →

Stripe

Payments are handled by Stripe, Inc. Stripe processes payment data under PCI-DSS standards and acts as a data processor. We only receive subscription status and customer ID — never your full card details. Stripe Privacy Policy →

Resend

We send transactional emails (weekly reports, password resets) via Resend. Resend acts as a data processor and only processes email data necessary to deliver messages. Resend Privacy Policy →

AI Model Providers (OpenAI, Anthropic, Google, Perplexity)

To run your AI visibility analysis, we send prompts containing your brand name and category to these AI providers. No personal data about you or your customers is included in these prompts. Each provider processes data under their own privacy policy:

We use API access with these providers and do not send them any personally identifiable information about you.

Slack (Optional)

If you configure Slack webhook integration, we send weekly reports to your specified Slack channel. This is optional and requires your explicit configuration. We do not access your Slack workspace data. Slack Privacy Policy →

Cookies

We use exactly one cookie: a strictly necessary authentication cookie (session_token) that keeps you logged in for 30 days. It is HttpOnly, Secure, and SameSite=Lax, meaning it cannot be accessed by JavaScript, is only sent over HTTPS, and provides CSRF protection.

We use no advertising cookies, no tracking cookies, no third-party analytics cookies, and no social media cookies.

How long we keep your data

When you delete your account, we delete all your personal data within 30 days, except billing records which must be retained for tax compliance.

Your rights under GDPR

Under the General Data Protection Regulation (GDPR), you have the following rights:

To exercise any of these rights, email us at support@citelevel.com. We will respond within 30 days (or 60 days for complex requests, with notification).

You also have the right to lodge a complaint with a data protection authority. In Germany, the relevant authority is the Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI).

Security

We take data security seriously and implement the following measures:

While we implement industry-standard security measures, no internet transmission is 100% secure. We cannot guarantee absolute security but work continuously to protect your data.

International data transfers

Our primary infrastructure is hosted in the EU (Cloudflare EU region). Some third-party services (Stripe, OpenAI, Anthropic, Google, Perplexity) may process data outside the EU. These transfers are protected by:

We only work with processors that provide adequate data protection guarantees.

Children's privacy

CiteLevel is not intended for use by individuals under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it immediately.

Changes to this policy

If we make material changes to this policy, we will notify you by email at least 30 days before the changes take effect. The current version is always available at this URL with the "Last updated" date at the top.

Continued use of the service after changes take effect constitutes acceptance of the updated policy.

Contact and data protection officer

For any questions about this privacy policy or to exercise your GDPR rights, contact us at:

Email: support@citelevel.com
Subject line: "Privacy Request" or "GDPR Request"

We will respond within 30 days.