Privacy Policy

Last updated: April 2026

Learn how CitationGraph protects your account, analytics, connected GA4, and AI traffic data.

TrustPrivacyGoogle data useCompliance

1. Data We Collect

  • Account Data: Email, name, hashed password (PBKDF2/Argon2)
  • Analytics Data: Page views, sessions, referrers, user agent, anonymized IP (country/city only)
  • Bot Detection: UA string, IP prefix (not full IP), and bot-classification signals
  • GA4 Integration Data: Read-only Google Analytics 4 reporting data for the GA4 property you connect, including property id, sessions, users, source breakdowns, daily trends, engagement metrics, and ecommerce totals when available through the GA4 Data API

2. How We Use Data

Data is used exclusively for analytics, AI traffic attribution, GEO Score, SOV, citation analysis, diagnostics, and product support. We do not sell, share, or transfer personal data to third parties for advertising.

Google Analytics access uses only the read-only scope https://www.googleapis.com/auth/analytics.readonly.

GA4 access is read-only. CitationGraph uses GA4 data to compare first-party telemetry with after-click analytics, validate AI traffic attribution, and populate customer dashboards. OAuth refresh tokens are encrypted at rest and can be disconnected from Settings.

We do not sell GA4 data or share connected GA4 reporting data with third parties. Customers can disconnect GA4 and request deletion of imported reporting snapshots from Settings or by contacting privacy support.

3. Data Retention

  • Analytics events: 90 days (auto-purged unless a paid data retention term says otherwise)
  • Session data: 24 hours (JWT expiry)
  • Account data: Until account deletion
  • GA4 OAuth tokens and imported reporting snapshots: Until the GA4 connection is disconnected or deletion is requested
  • Buffered events: 7 days (auto-cleanup)

4. Your Rights (GDPR / CCPA)

  • Access: Request a copy of your data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of account, site, or connected integration data
  • Portability: Export your data (CSV/JSON)
  • Object: Opt out of optional analytics tracking

To exercise these rights, contact: privacy@citationgraph.ai

5. Cookies

We use essential cookies for authentication. Optional analytics (including GA4 on CitationGraph-owned properties) activates only after explicit consent.

6. Security

Passwords are hashed with PBKDF2/Argon2. OAuth tokens are encrypted at rest. API endpoints are protected by rate limiting, CSRF validation on state-changing requests, and TLS encryption in transit.

CitationGraph