JUN '26 INDEXThe June 2026 Cited Index is live — See where Indian brands stand in AI search
Legal

Privacy Policy

Last updated: 2026-06-15

This Privacy Policy describes how Safairah Technologies Private Limited (“Cited,” “we,” “us,” or “our”) collects, uses, shares, and protects personal data when you use our website (getcited.in), the Cited dashboard, our APIs, free audit tools, documentation, and related services (collectively, the “Services”).

This Policy is issued in accordance with the Digital Personal Data Protection Act, 2023 (DPDP Act); the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011; and applicable international laws (including the EU/UK General Data Protection Regulation where relevant).

Data Fiduciary / Controller:

  • Legal name: Safairah Technologies Private Limited
  • CIN: U62011MH2026PTC471673
  • Registered Office: Flat No. 22, Building LT 31, Vijay Nagar, Marol Maroshi Road, Opp Palloti Church, Andheri East, Mumbai — 400059, Maharashtra, India
  • Contact: [email protected]

1. Information We Collect

1.1 Information you provide directly

CategoryExamples
Account informationName, email address, password, company name, role
Brand and configuration dataBrand name, brand description, website URL, competitors you select, queries you want tracked, integrations you connect
Billing informationBilling name, billing address, GSTIN (where applicable). Payment card details are collected and stored by our payment processors — not by us.
CommunicationsMessages you send to support, demo requests, survey responses, content submissions

1.2 Information collected automatically

  • Usage data: pages visited, features used, queries run, dashboard interactions, time spent
  • Device and log data: IP address, browser type, operating system, referrer URLs, timestamps, crash logs
  • Cookies and similar technologies: see Section 9

1.3 Information from third parties

  • Authentication providers: if you sign in via Google or other SSO, we receive basic profile information you authorize them to share
  • Integrations you connect: if you connect Google Analytics 4, Shopify, or similar tools, we receive the data you authorize
  • Analytics services: Google Analytics and Vercel Analytics share aggregated usage data with us

1.4 Publicly available content we process

To deliver the Services, we collect and analyze content that is publicly available, including:

  • Your public website and competitor public websites
  • Public responses from AI search systems (ChatGPT, Perplexity, Gemini, Google AI Overviews, Google AI Mode, Claude, Grok) for queries you configure
  • Public citations and references appearing in those responses

This processing operates on public content. It does not require, and we do not seek to obtain, personal data of individuals through this collection.

2. How We Use Information

We process information to:

  • Provide, secure, and maintain the Services
  • Run GEO audits and generate dashboards, scores, recommendations, and reports
  • Authenticate users and prevent fraud or abuse
  • Communicate with you about your account, support requests, transactional updates, and product changes
  • Send marketing communications where permitted (you may opt out at any time)
  • Process payments, issue invoices, and meet tax and accounting obligations
  • Conduct research, improve algorithms and methodologies, and develop new features
  • Publish de-identified, aggregated benchmarks (such as the Cited Index)
  • Comply with legal obligations and respond to lawful requests

3. Legal Bases for Processing

We rely on the following lawful bases under the DPDP Act and GDPR:

  • Consent — for marketing communications, optional cookies, and discretionary integrations
  • Contract performance — to deliver the Services you subscribe to
  • Legitimate interests — to improve and secure the Services, develop benchmarks, and prevent fraud, balanced against your rights
  • Legal obligation — to comply with tax, accounting, and regulatory requirements

4. How AI Providers Process Your Data

To deliver the Services, we send queries you configure (and, in some cases, brand-related text) to third-party AI providers, including OpenAI (ChatGPT), Anthropic (Claude), Google (Gemini), Perplexity, and xAI (Grok). We do this through their commercial APIs, where each provider's data handling is governed by their enterprise/API terms.

We do not send your personal data to AI providers beyond what is required to execute the relevant query (typically, no personal data — queries are about brand visibility, not individuals).

The AI providers' processing is governed by their own terms and privacy policies, which you can review on their respective websites.

5. Sharing of Information

We do not sell personal data. We share information only as described below.

5.1 Sub-processors

We use trusted vendors (“sub-processors”) to operate the Services. Categories include:

  • Cloud infrastructure and hosting (e.g., DigitalOcean, Vercel, Cloudflare, Neon)
  • AI providers (e.g., OpenAI, Anthropic, Google, Perplexity, xAI)
  • Data collection infrastructure (e.g., Bright Data)
  • Authentication (e.g., Clerk)
  • Payments (e.g., Razorpay, Stripe)
  • Communications (e.g., Resend for email)
  • Analytics (e.g., Google Analytics, Vercel Analytics)
  • Documentation hosting (e.g., Mintlify)

We contractually require sub-processors to handle personal data only as needed to perform their services and in a manner consistent with this Policy. An updated sub-processor list is available on request from [email protected]. We will provide it in a current public page when our enterprise customer base or applicable contracts require it.

5.2 Legal disclosures

We may disclose information if required by law, court order, regulator request, or to protect our rights, safety, or property, or those of our users or the public.

5.3 Business transfers

If we are involved in a merger, acquisition, financing, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

6. International Data Transfers

We operate from India and use vendors in the United States, European Union, Singapore, and other jurisdictions. By using the Services, you acknowledge that your information may be transferred to and processed in countries with data protection laws different from your own.

For personal data transferred from the European Economic Area, United Kingdom, or Switzerland, we rely on appropriate safeguards including Standard Contractual Clauses where applicable.

7. Data Retention

We retain information for as long as needed to:

  • Provide the Services (active accounts: retained while active, plus 90 days after closure)
  • Meet legal, tax, and accounting obligations (typically 7 years for financial records under Indian law)
  • Resolve disputes and enforce agreements

You may request deletion at any time (see Section 8). Some data may be retained in aggregated, de-identified form for analytical and benchmarking purposes.

8. Your Rights

Subject to applicable law, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Erase your data (subject to legal retention obligations)
  • Withdraw consent where processing is based on consent
  • Object to processing based on legitimate interests
  • Restrict processing in certain circumstances
  • Portability — receive your data in a structured, machine-readable format
  • Nominate an individual to exercise your rights in the event of death or incapacity (under DPDP Act)
  • Complain to the Data Protection Board of India or your local supervisory authority

To exercise these rights, email [email protected]. We will respond within the timeframes required by applicable law (typically 30 days).

9. Cookies and Similar Technologies

We use cookies and similar technologies for:

  • Essential cookies — required for Services functionality (authentication, session, security)
  • Analytics cookies — to understand how the Services are used
  • Preference cookies — to remember your settings

We are working on implementing a cookie consent banner for visitors in the EU/UK and other jurisdictions requiring it. Until then, you can control cookies through your browser settings. Disabling essential cookies will limit functionality.

10. Security

We implement administrative, technical, and physical safeguards including encryption in transit (TLS), access controls, audit logging, and secure cloud infrastructure. No system is fully secure, and we cannot guarantee absolute security.

If we become aware of a personal data breach affecting your information, we will notify you and applicable regulators as required by law.

11. Children's Privacy

The Services are not directed to individuals under 18, and we do not knowingly collect personal data from minors. If you believe a minor has provided us personal data, contact [email protected] for prompt deletion.

12. Third-Party Links

The Services may contain links to third-party websites or services we do not operate. We are not responsible for their privacy practices. Review their privacy policies before submitting information.

13. Changes to This Policy

We may update this Policy from time to time. Material changes will be notified by email or in-product notice. The “Last updated” date at the top of this Policy indicates when it was last revised.

14. Grievance Officer (IT Act and DPDP Act)

  • Name: Salman Shaikh
  • Designation: Data Protection / Grievance Officer
  • Email: [email protected]
  • Address: Safairah Technologies Private Limited, Flat No. 22, Building LT 31, Vijay Nagar, Marol Maroshi Road, Opp Palloti Church, Andheri East, Mumbai — 400059, Maharashtra, India

The Grievance Officer will acknowledge receipt of complaints within 48 hours and resolve them within the time period prescribed by law.

15. Contact

Questions about this Policy or our data practices: [email protected]

See also our Terms of Service and Refund Policy.