Privacy Policy.

Last updated: May 2026

Find me Cited is a tool that checks whether your content is being cited by AI models. This policy explains what data we collect, why, and how we handle it. We keep it short and plain — no legalese.

What we collect

Account data

When you sign up, we store your email address and a hashed password (managed by Supabase Auth). We also track which plan you are on and your billing status.

Run history

Every citation check you run — the query, the AI models selected, and the results — is saved to your account. Free plan history is kept for 7 days. Pro plan history is kept for as long as your account is active.

API keys (BYOK)

If you add your own API keys for Claude, GPT, Gemini, or Perplexity, they are stored encrypted in our database. They are used only to make requests on your behalf and are never logged in plaintext or shared. You can delete them at any time from Settings.

Usage counters

We track how many citation checks you have run in the current billing period to enforce plan limits. This resets on the 1st of each month for Free accounts.

Billing data

Payments are processed by Stripe. We store your Stripe customer ID and subscription status. We never see or store your card number — that stays with Stripe.

Analytics

We use Google Analytics to understand aggregate traffic patterns (page views, referrers, geography). No personally identifiable information is tied to these events.

How we use your data

  • To run citation checks and show you the results
  • To enforce plan usage limits
  • To process payments and send billing emails (upgrade confirmation, payment failure)
  • To improve the product based on aggregate usage patterns
  • To contact you about your account if something needs attention

We do not sell your data. We do not use it for advertising.

Third-party services

When you run a check, your query is sent to the AI providers you select (Anthropic, OpenAI, Google, Perplexity). Their standard API terms and privacy policies apply to those requests. We recommend reviewing them if you are processing sensitive content.

A full list of sub-processors: Supabase (database & auth), Stripe (payments), Anthropic / OpenAI / Google / Perplexity (AI inference), Google Analytics (analytics), Vercel (hosting).

Data retention

  • Run history — 7 days on Free, indefinite on Pro while account is active
  • Account data — retained until you delete your account
  • API keys — deleted immediately when you remove them or close your account
  • Billing records — retained as required by financial regulations (typically 7 years), held by Stripe

Your rights

You can export your run history as CSV (Pro plan) or request a full data export by contacting us. You can delete your account at any time from Settings, which removes all personal data we hold except billing records required by law.

If you are in the EU or UK, you have additional rights under GDPR / UK GDPR: access, rectification, erasure, portability, and objection to processing. To exercise any of these, email us at alerts@findmecited.com.

Cookies

We use a single session cookie to keep you signed in (set by Supabase Auth). We also use Google Analytics cookies for aggregate traffic measurement. We do not use advertising or tracking cookies.

Security

All data is encrypted in transit (TLS) and at rest. API keys are encrypted before storage. Access to production data is restricted to the minimum required. We use row-level security on our database so each user can only access their own data.

Changes to this policy

If we make material changes, we will notify you by email at least 14 days before they take effect. The “last updated” date at the top will always reflect the current version.

Contact

Questions about this policy? Use our contact form or email alerts@findmecited.com directly.