Privacy Policy

Data Controller

CiteHog.ai Oy, Helsinki, Finland. Contact: privacy@citehog.ai

Data We Collect

We collect data you provide when creating an account (email, name), workspace data (prompts, audit runs), and automatically collected data (usage analytics, error logs). We do not collect payment card data — billing is handled by Stripe.

How We Use Data

Account data is used for authentication and communication. Workspace data is used to deliver the audit and continuous-rerun service. Analytics data is used to improve product reliability.

Legal Basis

We process data based on contractual necessity (service delivery), legitimate interest (product improvement), and consent (marketing communications).

Data Storage and Residency

Core application data is stored in EU-region infrastructure. We use Supabase (EU) for the database, Vercel (EU edge) for hosting, and Stripe (EU) for payment processing. Internal inference runs on Bedrock EU.

Data Retention

Account data is retained while your subscription is active. Run data is retained for 12 months. You may request deletion at any time.

Your Rights

Under GDPR, you have the right to access, correct, delete, and port your data. You may also object to processing or request restriction. Contact privacy@citehog.ai to exercise these rights.

Cookies and Analytics

We use essential cookies for authentication. Analytics are processed through PostHog (EU-hosted). No third-party advertising cookies are used.

Changes to This Policy

We may update this policy to reflect changes in our practices or legal requirements. Material changes will be communicated via email.