Privacy Policy

Last updated: June 26, 2026

This Privacy Policy explains how Online Growth AS ("we") handles personal data for CiteRadar (the "Service"). We are the data controller. We aim to comply with the EU/EEA GDPR and Norwegian data protection law.

Data we collect

• Account data: your email address and a hashed password.
• Usage data you enter: brand, domain, competitors, keywords, category and location used to run checks.
• Report data: the generated scores, answers and reports, stored to show your history and trends.
• Billing data: handled by Stripe; we store your subscription status and a Stripe customer ID, not your card details.
• Technical data: basic logs and, for abuse prevention, limited IP-based rate-limiting.

How we use it

To provide and operate the Service (run checks, generate and store reports), to handle authentication and billing, to send you reports and service emails, to prevent abuse, and to improve the Service. Our legal bases are performance of our contract with you, our legitimate interests in running and securing the Service, and your consent where required.

Sub-processors

We share data with providers strictly to run the Service:

• AI & search APIs (Anthropic, OpenAI, Perplexity, Google) — your buyer-intent prompts are sent to generate results. We do not send your account credentials.
• Stripe — payments and subscription management.
• Resend — transactional and report emails.
• Vercel — application hosting.
• Neon — database hosting.
• Google (Analytics & Ads) — usage analytics and ad measurement, only with your consent.

Some providers may process data outside the EEA under appropriate safeguards (e.g., Standard Contractual Clauses).

Retention

We keep account and report data while your account is active and as needed to provide the Service or meet legal obligations. You can request deletion of your account and associated data at any time.

Your rights

Under GDPR you may request access, correction, deletion, restriction, portability, or object to certain processing, and you may lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet). To exercise any right, contact us.

Security

Passwords are stored hashed, secrets are kept in server-side configuration, and access is limited. No system is perfectly secure, but we take reasonable measures to protect your data.

Cookies & consent

We use an essential cookie to keep you signed in (always on, required for the Service). With your consent, we also use analytics and advertising cookies via Google Analytics and Google Ads to understand usage and measure marketing. These are off by default — we use Google Consent Mode v2, so no analytics or ad cookies are set until you accept them in our cookie banner. You can change or withdraw your choice anytime via "Cookie settings" in the footer. You can also opt out of Google Analytics with Google's browser add-on.

Contact

Data requests and privacy questions: support@citeradar.io (Online Growth AS).