Citorial
Get audit

Privacy policy

A short, honest explanation of what data Citorial collects, why we collect it, how long we keep it, and how to ask us to delete it.

Last updated:

Who we are

"Citorial" refers to the company operating the website at citorial.com and the customer dashboard at app.citorial.com. Citorial is a small, independently-operated SaaS that sells AI search visibility audits and official brand page services to e-commerce brands.

For privacy questions, data-subject requests (access, correction, deletion, portability, objection), or to exercise any LGPD/GDPR right, email hello@citorial.com. We respond inside 15 calendar days.

What we collect, and why

Account data and credentials

When you buy an audit or create an account, we collect your email address and a display name. To access your dashboard we require you to set up a credential — either a password or a Google account. Lawful basis: contract performance (you cannot use the dashboard without an account).

Passwords are hashed with bcrypt (12 rounds) before storage. We never store the plaintext password, never log it, and cannot recover it for you. If you forget your password, use the "Reset password" link to receive a one-time link to set a new one.

Google Sign-In is offered as an alternative. When you use it, Google sends us a verified token containing your Google user ID, email address, and display name — we never see your Google password. The token is verified server-side against Google's OAuth public keys. We store only your Google user ID (to recognize you on future sign-ins) and the email. You can disconnect Google at any time by emailing support.

Sessions are managed by a signed JWT (JSON Web Token) issued after sign-in. The token lives in your browser's localStorage for 30 days and is sent on every protected request via the Authorization header. We never set tracking cookies for sessions — only the JWT in localStorage on your own device. Signing out clears it.

For older customers who pre-date this credential system, we issue a one-time activation link by email so they can set a password (or link Google) on their first sign-in.

Briefing data

Each audit starts with a brand briefing form. You provide your brand name, category, store URL, competitor names, target countries, languages, and a small set of customer questions. We use these answers to generate the prompts the audit probes. Lawful basis: contract performance.

Audit data

We probe ChatGPT, Claude, Perplexity, Gemini, Grok, and DeepSeek using API access to each provider. Prompts, verbatim responses, and the brand mentions we extract are stored against your audit so the report is reproducible. We do not share your audit data with any third party and we do not use it to train AI models.

Payment data

We do not store credit-card numbers. All payments are processed by Hotmart (hotmart.com), which is the merchant of record. We receive only a transaction reference, the buyer's email, the country of purchase, and the amount paid. Lawful basis: contract performance.

Email data

Citorial sends transactional emails (magic links, briefing reminders, delivery notifications, refund confirmations) via Resend. We log every email sent (recipient, subject, send timestamp, delivery status) for one year so we can diagnose deliverability issues. Lawful basis: contract performance + legitimate interest.

Server logs and security data

We log HTTP request metadata (timestamp, IP address, user-agent, path, status code) for 90 days. We use it to debug errors, detect abuse, and improve performance. We do not run analytics on these logs and we do not share them. Lawful basis: legitimate interest in operating a secure service.

Behaviour analytics (Microsoft Clarity)

On the marketing site (citorial.com) — NOT on the customer dashboard (app.citorial.com) and NOT on Brand Suite subdomains ({slug}.citorial.com) — we use Microsoft Clarity to record anonymized session replays and heatmaps. We use this to understand where visitors get stuck and fix UX problems we can't see in server logs. Sensitive form fields (email, brand name, store URL) are masked at the source — Clarity never sees their values. IP addresses are anonymized by Clarity before storage. Lawful basis: legitimate interest in improving the website (LGPD/GDPR balancing test).

You can opt out by either (a) enabling "Do Not Track" in your browser settings, which Clarity honors, (b) using a browser-level tracking blocker (uBlock Origin, Brave Shields, Firefox strict mode — all block Clarity by default), or (c) emailing us at hello@citorial.com to request manual exclusion.

AI referral analytics

On the marketing site (citorial.com) — NOT on the customer dashboard and NOT on Brand Suite subdomains — we count visits that arrived from a known AI assistant (ChatGPT, Claude, Perplexity, Google Gemini, Grok, DeepSeek, Microsoft Copilot). This lets us tell our customers how many real people are clicking through to their Brand Hub after asking an AI tool a question. The counter is hosted on our own server; no third party is involved.

For each AI-referred visit we store: the page URL on citorial.com, the AI surface that sent the visit (e.g. "chatgpt", "claude"), the visit timestamp, and an irreversible cryptographic hash of your IP address and user-agent string (HMAC-SHA256, salted with a server secret, truncated to 16 hex characters). The hash exists only so we can deduplicate repeat visits from the same browser in the same day; it cannot be reversed to recover your IP. We do not store the plaintext IP, we do not store the plaintext user-agent, and we do not set any cookies for this tracker. A short-lived per-session random token lives in sessionStorage only (gone when you close the tab) so the beacon fires at most once per session. Lawful basis: legitimate interest in measuring the effectiveness of our service for our customers (LGPD/GDPR balancing test).

Opting out works the same way as for Clarity above — any browser-level tracking blocker will also block the AI referral beacon. Email hello@citorial.com if you want manual exclusion.

What we deliberately do NOT collect

  • We do not run Google Analytics, Meta Pixel, or any third-party advertising tracker on this site.
  • We do not collect cookies for advertising purposes. The only cookies we use are essential session tokens for the dashboard plus the anonymized Clarity cookie on the marketing site.
  • We do not sell, rent, or share customer data with third parties for marketing.
  • Clarity is never loaded on the customer dashboard or on Brand Suite subdomains — only on the marketing site.
  • The AI referral beacon does not set any cookies, does not store your plaintext IP or user-agent, and does not run on the customer dashboard or Brand Suite subdomains.

Sub-processors

Citorial uses a small number of third parties as sub-processors. As of the last-updated date above, the active list is:

  • Hotmart — payment processing.
  • Resend — transactional email delivery.
  • Microsoft Clarity — anonymized session replays and heatmaps on the marketing site only (not on the dashboard or Brand Suite subdomains). Sensitive fields masked at source.
  • OpenAI, Anthropic, Perplexity AI, Google, xAI, DeepSeek — LLM API access used to probe the six AI search engines during audit execution. Only the prompts we generate (which are derived from your briefing) are sent to these providers; we do not forward your raw briefing answers.
  • VPS infrastructure provider — hosts our database and API.

We will update this list when sub-processors change. Material changes will be announced by email to active customers at least 14 days before they take effect.

How long we keep your data

  • Account data — for as long as your account exists, plus 90 days after deletion to handle refunds and disputes.
  • Briefing + audit data — 24 months from delivery, so you can revisit the report. Earlier deletion on request.
  • Email logs — 12 months.
  • Server logs — 90 days.
  • Payment records — 5 years (Brazilian tax law) for invoicing/auditing purposes.

Your rights (LGPD + GDPR)

Regardless of where you are located, you can ask Citorial to:

  • Confirm whether we process your personal data and provide a copy.
  • Correct inaccurate or incomplete data.
  • Delete your personal data (subject to the retention windows above where they reflect a legal obligation).
  • Export your data in a portable format.
  • Object to processing where the lawful basis is legitimate interest.
  • Withdraw consent for any processing that relies on consent (and stop the related processing prospectively).

To exercise any of these rights, email hello@citorial.com from the address associated with your account. We may ask for additional verification if the request comes from an unfamiliar address.

International data transfers

Citorial is operated from Brazil. Some sub-processors (e.g. OpenAI, Anthropic) are based in the United States. Transfers to the US rely on the standard contractual clauses published by the European Commission and on each provider's own data-protection framework (DPF certifications, etc.). If you would like a copy of the relevant SCCs, ask at the email above.

Security

We use industry-standard practices: TLS 1.3 in transit, encrypted volumes at rest, bcrypt password hashing (12 rounds) for customer + operator passwords, signed JWTs for session tokens (no server-side session table — stateless), Google's OAuth public-key verification for Google Sign-In, principle-of-least-privilege access for staff and contractors, and a deny-by-default policy on third-party integrations. We will notify affected customers within 72 hours of becoming aware of any data breach that creates a material risk to their rights.

Children

Citorial is a B2B service. We do not knowingly market to or accept account creation from people under 18. If you believe a minor has created an account, contact us and we will delete it.

Changes to this policy

We update this page when our data practices change. The "last updated" date at the top reflects the most recent revision. Material changes (new sub-processors, new categories of data, expanded purposes) are also announced by email to active customers and posted on our blog.