Privacy Policy

Effective April 27, 2026

1. Who we are

AI CiteRank is a product of BrandBoard. For privacy questions or to exercise your rights, contact legal@brandboard.me.

2. Data we collect

  • Account data: email address, display name, hashed password (or OAuth identifier if you sign in with a provider).
  • Billing data: we store only the subscription and customer identifiers returned by our payment processor. We never see or store your card number.
  • Scan data: URLs you submit, the public HTML/content fetched from those URLs, computed scores, recommendations, and scan history.
  • Usage data: IP address, user-agent, device and browser type, pages viewed, actions taken, error logs.

3. How we use your data

  • To deliver the Service (run scans, render reports, manage your account).
  • To process payments and manage subscriptions.
  • To provide support and respond to inquiries.
  • To detect, prevent and address fraud, abuse and security incidents.
  • To improve the Service in aggregate, non-identifiable ways.
  • To send essential transactional emails (receipts, security alerts, policy updates).

4. Legal bases (EEA/UK)

If you are in the EEA or UK, we process your data under the following bases: performance of our contract (to deliver the Service), legitimate interests (security, abuse prevention, product improvement), legal obligation (tax, accounting), and consent (where required, such as for optional marketing communications).

5. Sharing

We share data only with service providers strictly necessary to operate the Service:

  • AI model providers, to compute scores and generate recommendations.
  • Our payment processor, to handle subscriptions and invoices.
  • Hosting and database providers, to run and store the Service.
  • Email infrastructure, to deliver transactional messages.

We do not sell your personal data, and we do not share it with advertisers. We may disclose data when required by law, valid legal process, or to protect rights, safety, or property.

6. International transfers

The Service is operated from the United States. If you access it from outside the US, your data will be transferred to and processed in the US. Where required, we rely on Standard Contractual Clauses or equivalent safeguards for cross-border transfers.

7. Retention

  • Account data is kept while your account is active and for up to 90 days after deletion.
  • Scan history is retained per the limits of your plan.
  • Billing records are kept for the period required by tax and accounting law.
  • Backups are retained for a limited operational window and then overwritten.

8. Your rights

Depending on your jurisdiction, you may have the right to access, correct, delete, export, or restrict the processing of your personal data, and to object to certain uses. To exercise any of these rights, email legal@brandboard.me. We respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

9. Cookies

We use only essential cookies and equivalent local storage required for authentication and session management. We do not use third-party advertising or cross-site tracking cookies.

10. Children

The Service is not intended for anyone under 18. We do not knowingly collect data from minors.

11. Security

We use industry-standard safeguards, including TLS encryption in transit, encryption at rest via our hosting provider, row-level security on our database, and least-privilege access for staff. No system is perfectly secure; you use the Service at your own risk.

12. Changes

We may update this Policy. Material changes will be announced by email or in-product notice at least 14 days before they take effect.

13. Contact

Questions or requests? Email legal@brandboard.me.