Does TrueCite sell my data to third parties?

No. TrueCite does not sell your personal data or business data to third parties under any circumstances.

Is TrueCite PIPEDA and GDPR compliant?

Yes. TrueCite is operated by AI Collective Labs Inc. in Calgary, Alberta, Canada and complies with PIPEDA (Canada's federal privacy law). For EU/EEA users, we also comply with GDPR requirements including lawful bases for processing, data subject rights, and international transfer safeguards.

How can I delete my TrueCite account and data?

You can delete your account and all associated data directly from your dashboard under Settings → Account → Delete account. All data is purged within 30 days of deletion. For assistance, contact legal@truecite.ai.

What data does TrueCite send to AI engines?

When you run a scan, TrueCite sends only your brand name, the prompts you choose, and any competitor names you have added to third-party AI engines (OpenAI, Google, Anthropic, Perplexity, xAI, DeepSeek). No personal identifying information is included in scan requests.

Privacy Policy — TrueCite

1. Introduction

TrueCite is an Answer Engine Optimization (AEO) SaaS platform that helps businesses track and improve brand visibility across AI-powered search engines. TrueCite is operated by AI Collective Labs Inc., a corporation incorporated in Alberta, Canada, headquartered in Calgary, AB, Canada.

This Privacy Policy explains how we collect, use, share, and protect personal information when you use our website at truecite.ai and all related services (collectively, the “Service”).

For privacy inquiries, contact us at legal@truecite.ai. We will respond within 30 days.

2. Information We Collect

Account information: Your name, email address, and authentication credentials, collected via Clerk (our identity provider) when you sign up.

Business data: Brand name, website URL, industry, target location, business description, and competitor names you provide during onboarding and within the dashboard.

Payment information: Billing is handled entirely by Stripe. We store only your Stripe customer ID and subscription status — we never store, see, or process raw card numbers or bank details.

Usage data: Features you use, scan results, MentionShare scores, generated content blocks, and other activity within the platform, stored to provide the Service.

Technical data: IP address, browser type and version, device type, operating system, and country (via CloudFront headers), collected for security and regional pricing.

Communications: Messages you send via support tickets, email, or chat, retained to provide support and improve the Service.

3. How We Use Your Information

To provide, maintain, and improve the TrueCite platform and its features
To run AI engine scans on your behalf and generate MentionShare reports
To generate content fix recommendations using Claude (Anthropic API)
To send transactional emails — scan complete notifications, weekly digests, billing receipts — via Resend
To process subscription payments and manage billing via Stripe
To detect fraud, abuse, and unauthorized access
To analyze aggregate usage patterns and improve the Service
To comply with applicable laws and regulations

4. AI Engine Scanning

When you run an AEO scan, TrueCite sends prompts and brand information to third-party AI engines on your behalf. The data sent to these engines is strictly limited to:

Your brand name and website domain
The prompts you have selected or created
Competitor names you have added to your account

AI engines used include: ChatGPT (OpenAI), Perplexity, Gemini (Google), Claude (Anthropic), Grok (xAI), and DeepSeek. Some engines (Microsoft Copilot, Meta AI, Google AI Overviews) are simulated using Claude rather than accessed via live API.

Each of these providers processes data under their own privacy policies. We do not include any personal identifying information in scan requests — your email, name, and account details are never transmitted to AI engines.

You should not include personal data (names, contact information, sensitive business information) in your scan prompts.

5. Data Sharing and Third-Party Processors

We do not sell your personal data. We share data only with the following service providers who process it on our behalf under contractual data processing agreements:

Clerk — Authentication and user management
Stripe — Payment processing (PCI DSS compliant)
Supabase / AWS — Database and hosting infrastructure (us-east-1, North Virginia, USA)
Resend — Transactional email delivery
Upstash — Job queue and rate limiting
Anthropic / OpenAI / Google / Perplexity / xAI / DeepSeek — AI scanning engines (brand and prompt data only)
Sentry — Error tracking (anonymized stack traces)
Google Analytics (GA4) — Aggregate page-view analytics (anonymized IP)

We may also disclose your information if required by law, court order, or to protect the rights, property, or safety of TrueCite, our users, or the public.

6. Data Retention

Account data: Retained for the lifetime of your account
Scan results and generated content: Retained for the lifetime of your account
Deleted accounts: All personal data and business data purged within 30 days of account deletion
Billing records: Retained for 7 years as required by tax and financial compliance obligations
Support communications: Retained for 2 years after resolution

7. Your Rights (PIPEDA + GDPR for EU Users)

As a Canadian company, we comply with PIPEDA (Personal Information Protection and Electronic Documents Act). EU/EEA users are also covered by GDPR. You have the following rights:

Access: Request a copy of the personal data we hold about you
Correction: Request that inaccurate or incomplete data be corrected
Deletion: Request deletion of your account and all associated personal data
Portability: Request your data in a structured, machine-readable format
Withdrawal of consent: Withdraw consent for marketing communications at any time via the unsubscribe link in emails
Objection (GDPR): Object to processing based on legitimate interests
No sale (PIPEDA/CCPA): We do not sell personal data — no opt-out required

To exercise any right, email legal@truecite.ai. We will respond within 30 days. You may also delete your account directly from Settings → Account → Delete account.

EU/EEA users have the right to lodge a complaint with their national data protection authority. Canadian users may contact the Office of the Privacy Commissioner of Canada.

For transfers of personal data from the EU/EEA to Canada, we rely on the European Commission's adequacy decision for Canada under PIPEDA. For transfers to other third countries (e.g. AWS us-east-1), we use Standard Contractual Clauses (SCCs) as approved under GDPR Article 46. Enterprise customers may request our Data Processing Addendum (DPA) by contacting legal@truecite.ai.

8. Cookies

We use essential cookies for authentication (via Clerk) and session management, a first-party cookie to remember your active project selection (truecite_active_business, 1-year expiry), and optional analytics cookies (Google Analytics 4 — anonymized page view data). We do not use advertising or third-party tracking cookies. See our Cookie Policy for full details.

9. Security

We implement industry-standard security measures: all data is encrypted in transit (TLS 1.3) and at rest (AES-256). Our database uses row-level security policies. Access to production systems is role-scoped with audit logging. All payment card data is handled exclusively by Stripe (PCI DSS compliant) — we never touch raw card numbers. However, no system is 100% secure. Use a strong, unique password and enable two-factor authentication on your account.

10. Children's Privacy

TrueCite is a professional B2B service not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact legal@truecite.ai and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by email at least 14 days before they take effect. The “Last Updated” date at the top of this page shows when it was last revised. Continued use of the Service after changes take effect constitutes acceptance.

12. Contact Us

For privacy inquiries, data access requests, or concerns, contact our privacy team at legal@truecite.ai.

Mailing address: AI Collective Labs Inc., Calgary, AB, Canada.