Privacy Policy
Last updated: 2026-06-15
This Privacy Policy describes how Safairah Technologies Private Limited (“Cited,” “we,” “us,” or “our”) collects, uses, shares, and protects personal data when you use our website (getcited.in), the Cited dashboard, our APIs, free audit tools, documentation, and related services (collectively, the “Services”).
This Policy is issued in accordance with the Digital Personal Data Protection Act, 2023 (DPDP Act); the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011; and applicable international laws (including the EU/UK General Data Protection Regulation where relevant).
Data Fiduciary / Controller:
- Legal name: Safairah Technologies Private Limited
- CIN: U62011MH2026PTC471673
- Registered Office: Flat No. 22, Building LT 31, Vijay Nagar, Marol Maroshi Road, Opp Palloti Church, Andheri East, Mumbai — 400059, Maharashtra, India
- Contact: [email protected]
1. Information We Collect
1.1 Information you provide directly
| Category | Examples |
|---|---|
| Account information | Name, email address, password, company name, role |
| Brand and configuration data | Brand name, brand description, website URL, competitors you select, queries you want tracked, integrations you connect |
| Billing information | Billing name, billing address, GSTIN (where applicable). Payment card details are collected and stored by our payment processors — not by us. |
| Communications | Messages you send to support, demo requests, survey responses, content submissions |
1.2 Information collected automatically
- Usage data: pages visited, features used, queries run, dashboard interactions, time spent
- Device and log data: IP address, browser type, operating system, referrer URLs, timestamps, crash logs
- Cookies and similar technologies: see Section 9
1.3 Information from third parties
- Authentication providers: if you sign in via Google or other SSO, we receive basic profile information you authorize them to share
- Integrations you connect: if you connect Google Analytics 4, Shopify, or similar tools, we receive the data you authorize
- Analytics services: Google Analytics and Vercel Analytics share aggregated usage data with us
1.4 Publicly available content we process
To deliver the Services, we collect and analyze content that is publicly available, including:
- Your public website and competitor public websites
- Public responses from AI search systems (ChatGPT, Perplexity, Gemini, Google AI Overviews, Google AI Mode, Claude, Grok) for queries you configure
- Public citations and references appearing in those responses
This processing operates on public content. It does not require, and we do not seek to obtain, personal data of individuals through this collection.
2. How We Use Information
We process information to:
- Provide, secure, and maintain the Services
- Run GEO audits and generate dashboards, scores, recommendations, and reports
- Authenticate users and prevent fraud or abuse
- Communicate with you about your account, support requests, transactional updates, and product changes
- Send marketing communications where permitted (you may opt out at any time)
- Process payments, issue invoices, and meet tax and accounting obligations
- Conduct research, improve algorithms and methodologies, and develop new features
- Publish de-identified, aggregated benchmarks (such as the Cited Index)
- Comply with legal obligations and respond to lawful requests
3. Legal Bases for Processing
We rely on the following lawful bases under the DPDP Act and GDPR:
- Consent — for marketing communications, optional cookies, and discretionary integrations
- Contract performance — to deliver the Services you subscribe to
- Legitimate interests — to improve and secure the Services, develop benchmarks, and prevent fraud, balanced against your rights
- Legal obligation — to comply with tax, accounting, and regulatory requirements
4. How AI Providers Process Your Data
To deliver the Services, we send queries you configure (and, in some cases, brand-related text) to third-party AI providers, including OpenAI (ChatGPT), Anthropic (Claude), Google (Gemini), Perplexity, and xAI (Grok). We do this through their commercial APIs, where each provider's data handling is governed by their enterprise/API terms.
We do not send your personal data to AI providers beyond what is required to execute the relevant query (typically, no personal data — queries are about brand visibility, not individuals).
The AI providers' processing is governed by their own terms and privacy policies, which you can review on their respective websites.
5. Sharing of Information
We do not sell personal data. We share information only as described below.
5.1 Sub-processors
We use trusted vendors (“sub-processors”) to operate the Services. Categories include:
- Cloud infrastructure and hosting (e.g., DigitalOcean, Vercel, Cloudflare, Neon)
- AI providers (e.g., OpenAI, Anthropic, Google, Perplexity, xAI)
- Data collection infrastructure (e.g., Bright Data)
- Authentication (e.g., Clerk)
- Payments (e.g., Razorpay, Stripe)
- Communications (e.g., Resend for email)
- Analytics (e.g., Google Analytics, Vercel Analytics)
- Documentation hosting (e.g., Mintlify)
We contractually require sub-processors to handle personal data only as needed to perform their services and in a manner consistent with this Policy. An updated sub-processor list is available on request from [email protected]. We will provide it in a current public page when our enterprise customer base or applicable contracts require it.
5.2 Legal disclosures
We may disclose information if required by law, court order, regulator request, or to protect our rights, safety, or property, or those of our users or the public.
5.3 Business transfers
If we are involved in a merger, acquisition, financing, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.
6. International Data Transfers
We operate from India and use vendors in the United States, European Union, Singapore, and other jurisdictions. By using the Services, you acknowledge that your information may be transferred to and processed in countries with data protection laws different from your own.
For personal data transferred from the European Economic Area, United Kingdom, or Switzerland, we rely on appropriate safeguards including Standard Contractual Clauses where applicable.
7. Data Retention
We retain information for as long as needed to:
- Provide the Services (active accounts: retained while active, plus 90 days after closure)
- Meet legal, tax, and accounting obligations (typically 7 years for financial records under Indian law)
- Resolve disputes and enforce agreements
You may request deletion at any time (see Section 8). Some data may be retained in aggregated, de-identified form for analytical and benchmarking purposes.
8. Your Rights
Subject to applicable law, you have the right to:
- Access the personal data we hold about you
- Correct inaccurate or incomplete data
- Erase your data (subject to legal retention obligations)
- Withdraw consent where processing is based on consent
- Object to processing based on legitimate interests
- Restrict processing in certain circumstances
- Portability — receive your data in a structured, machine-readable format
- Nominate an individual to exercise your rights in the event of death or incapacity (under DPDP Act)
- Complain to the Data Protection Board of India or your local supervisory authority
To exercise these rights, email [email protected]. We will respond within the timeframes required by applicable law (typically 30 days).
9. Cookies and Similar Technologies
We use cookies and similar technologies for:
- Essential cookies — required for Services functionality (authentication, session, security)
- Analytics cookies — to understand how the Services are used
- Preference cookies — to remember your settings
We are working on implementing a cookie consent banner for visitors in the EU/UK and other jurisdictions requiring it. Until then, you can control cookies through your browser settings. Disabling essential cookies will limit functionality.
10. Security
We implement administrative, technical, and physical safeguards including encryption in transit (TLS), access controls, audit logging, and secure cloud infrastructure. No system is fully secure, and we cannot guarantee absolute security.
If we become aware of a personal data breach affecting your information, we will notify you and applicable regulators as required by law.
11. Children's Privacy
The Services are not directed to individuals under 18, and we do not knowingly collect personal data from minors. If you believe a minor has provided us personal data, contact [email protected] for prompt deletion.
12. Third-Party Links
The Services may contain links to third-party websites or services we do not operate. We are not responsible for their privacy practices. Review their privacy policies before submitting information.
13. Changes to This Policy
We may update this Policy from time to time. Material changes will be notified by email or in-product notice. The “Last updated” date at the top of this Policy indicates when it was last revised.
14. Grievance Officer (IT Act and DPDP Act)
- Name: Salman Shaikh
- Designation: Data Protection / Grievance Officer
- Email: [email protected]
- Address: Safairah Technologies Private Limited, Flat No. 22, Building LT 31, Vijay Nagar, Marol Maroshi Road, Opp Palloti Church, Andheri East, Mumbai — 400059, Maharashtra, India
The Grievance Officer will acknowledge receipt of complaints within 48 hours and resolve them within the time period prescribed by law.
15. Contact
Questions about this Policy or our data practices: [email protected]
See also our Terms of Service and Refund Policy.