Effective date: [DATE] · Last updated: [DATE]
This Privacy Policy explains how [COMPANY LEGAL NAME] ("ChatCited", "we", "us"), with registered offices at [ADDRESS], processes personal data when you visit chatcited.com, request an audit, book a call, or work with us. We are the data controller for the processing described here. This policy is written to comply with the EU General Data Protection Regulation (GDPR).
Data you give us. When you request a Free Citation Audit, contact us, or book a Citation Strategy Session, we collect your name, work email address, company website, business category, and anything you write in a message field.
Data collected automatically. Server logs record your IP address, browser type, pages viewed, and referral source. See our Cookie Policy for details on cookies and similar technologies.
Client data. If you become a client, we additionally process business contact details, contract and billing information, and the visibility data our Maark platform gathers about your brand's presence in AI search results. That visibility data concerns your brand, not private individuals.
We process personal data to: respond to your enquiries and deliver requested audits (Art. 6(1)(b) GDPR — steps prior to a contract); perform our services under a client agreement (Art. 6(1)(b)); send service updates and, with your consent, marketing emails (Art. 6(1)(a) — you can withdraw consent at any time); operate, secure, and improve our website (Art. 6(1)(f) — legitimate interest); and comply with legal obligations such as accounting rules (Art. 6(1)(c)).
We do not sell personal data, and we do not use it for automated decision-making that produces legal effects.
We use a small set of processors to run our business: website hosting, email, scheduling (e.g. Calendly), CRM, and payment providers. Each is bound by a data processing agreement. Where a provider is located outside the EEA, transfers rely on an adequacy decision or the European Commission's Standard Contractual Clauses. We never share your data with third parties for their own marketing.
Enquiry and audit data: up to 24 months after our last contact. Client contract and billing data: for the duration of the engagement plus statutory retention periods (typically 7 years for accounting records). We delete or anonymize data when it is no longer needed.
Under the GDPR you have the right to access, rectify, and erase your personal data; to restrict or object to processing; to data portability; and to withdraw consent at any time without affecting prior processing. To exercise any right, email hello@chatcited.com. We respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority or ours: [SUPERVISORY AUTHORITY].
We apply appropriate technical and organizational measures: encryption in transit, access controls, least-privilege access to client data, and vendor due diligence. No system is perfectly secure; if a breach affects your rights, we will notify you and the supervisory authority as required by law.
Our services are for businesses. We do not knowingly collect data from anyone under 16.
We may update this policy; material changes will be flagged on this page with a new effective date. Questions? Contact us at hello@chatcited.com or write to [COMPANY LEGAL NAME], [ADDRESS].