Privacy Policy & Data Protection Notice

1. Definitions

“Personal data” means any information relating to an identified or identifiable natural person (the “data subject”). “Processing” means any operation performed on personal data (collection, recording, storage, use, transfer, deletion). “Controller” is the party that determines the purposes and means of processing; a “processor” acts on the controller’s instructions. “Consent” means a freely given, specific and informed indication of the data subject’s wishes.

2. Data controller

Solustiq Yazılım ve Yapay Zeka Teknolojileri A.Ş. (“Solustiq”, “we”), operating the CiteLens service, MERSİS no. 0773094263800001, tax office Arda Vergi Dairesi, tax no. 7730942638, registered at the Edirne Trade Registry. Registered address: Abdurrahman Mah. Şehit Emniyet Müdürü Ertan Nezihi Turan Cad. Yaşar Atlı Plaza No: 7 İç Kapı No: 40, 22030 Merkez / Edirne, Türkiye. Contact: hello@citelens.ai.

3. Personal data we process

Depending on how you use CiteLens, we process the following categories of data:

• Identity & contact: name, surname, email address, organization name.
• Account & usage: login records, IP address, device/browser information, pages used, scan and audit activity.
• Billing: plan, subscription status and invoices. Full card data is processed by our payment provider (Stripe) and is not stored on our servers.
• Content you provide: brand names, domains, competitors, topics and prompts you configure for tracking.
• Support & communications: messages you send us and ticket history.

4. Server logs & general data

When you visit our site or app, our infrastructure automatically records general technical data such as browser type and version, operating system, referrer, IP address and access timestamps. We use this data to deliver content correctly, keep the service secure, and produce anonymous statistics. It is processed on the basis of our legitimate interest in a secure, functioning service.

5. Account registration & use

To use CiteLens you create an account with your name and email and verify your email address. We process this data to provide the service to you under our contract, and to prevent fraud and abuse. You can update or delete your data at any time from your account.

6. Subscriptions & payment (Stripe)

Paid subscriptions are processed by Stripe, Inc. (and its EU affiliate). When you subscribe, Stripe processes your name, email, billing details and payment-card data to take payment and prevent fraud; we receive only the information needed to manage your subscription and issue invoices, not your full card number. Stripe’s processing is governed by its own privacy policy (stripe.com/privacy).

7. Content & AI processing

CiteLens works by sending the prompts and brand/domain information you configure to AI answer engines and related providers, so we can measure your visibility. These providers — which may include Anthropic, Perplexity, OpenAI (accessed via our data partner DataForSEO), DataForSEO and a crawling provider (Firecrawl) for audits — process that content on our instructions to return results. The prompts you set up are generally about brands and topics, not personal data; please avoid entering personal data into prompts.

8. Email, hosting & sub-processors

We rely on a small set of processors acting on our instructions to run the service:

• Transactional email — Resend (verification, invitations, notifications).
• Hosting & database — cloud infrastructure providers (such as Railway and Vercel) that host the application and store your data.
• Payment — Stripe (see above).
• AI & data — Anthropic, Perplexity, OpenAI, DataForSEO and Firecrawl (see above).
• Embedded maps — our contact page embeds a Google Maps frame, which Google may use to set its own cookies under its policy.

9. International transfers

Some of the processors above are located outside Türkiye and the EEA (for example in the United States). Where personal data is transferred abroad, we rely on the safeguards permitted by KVKK Art. 9 and Chapter V of the GDPR (such as the data subject’s explicit consent where required, contractual safeguards, or transfers necessary to perform our contract with you). We do not sell your personal data.

10. Legal grounds

We process your data under KVKK Art. 5 and the corresponding GDPR Art. 6 bases: performance of our contract with you (Art. 6(1)(b)); compliance with a legal obligation such as tax and accounting (Art. 6(1)(c)); our legitimate interests in operating, improving and securing the service (Art. 6(1)(f)); and your explicit consent where required, for example for non-essential cookies or marketing (Art. 6(1)(a)).

11. Retention

We keep your data for as long as your account is active and as long as needed for the purposes above. After your account is closed we delete or anonymize personal data, except where a longer period is required by law (for example tax and commercial record-keeping obligations).

12. Your rights

Under KVKK Art. 11 and the GDPR (where it applies) you have the right to:

• learn whether your personal data is processed and request information about it;
• know the purpose of processing and whether data is used accordingly;
• know the third parties to whom data is transferred at home or abroad;
• request correction of incomplete or inaccurate data;
• request erasure or destruction of your data;
• request that any correction or erasure be notified to third parties;
• object to results arising solely from automated analysis;
• request data portability and withdraw consent at any time;
• claim compensation for damage caused by unlawful processing.

13. Exercising your rights

You can exercise account-level rights directly in the product — Organization → Data & privacy lets you export all of your organization’s data as JSON, or delete the organization entirely. For any other request, contact us at hello@citelens.ai; we respond within the periods set by law.

14. Security

We take appropriate technical and organizational measures to protect your data, including encryption in transit, access controls, hashing of secrets and credentials, and an audit log of security-relevant activity. No method of transmission or storage is 100% secure, but we work to protect your data and to notify you of incidents as required by law.

15. Children

CiteLens is a business tool and is not directed to children. We do not knowingly collect data from anyone under 18; if you believe a minor has provided us data, contact us and we will delete it.

16. Cookies, changes & contact

We use cookies as described in our Cookie Policy. We may update this notice; the “last updated” date below reflects the current version. For any privacy question or request, contact hello@citelens.ai.