1. 収集する情報

We collect the following categories of information when you use our Service:

(a) Account Information — Email address, display name, full name, phone number (optional), company name (optional), job title (optional), and authentication provider details (e.g., Google OAuth).

(b) Usage Data — URLs submitted for analysis, analysis results and scores, generated optimization assets, tracked URLs and schedules, bot detection logs you upload, and interaction timestamps.

(c) Technical Data — Browser type and version, operating system, device type, IP address (for rate limiting and security purposes only; not stored long-term), referring pages, and pages visited within the Service.

(d) Payment Data — Subscription plan, billing cycle, and payment status. All sensitive payment information (credit card numbers, etc.) is processed and stored exclusively by Stripe, Inc. and is never stored on our servers.

(e) Cookies & Similar Technologies — Session cookies, authentication tokens, and locale/language preferences. See Section 3 for details.

2. 情報の利用目的

We use the information we collect for the following purposes:

(a) Service Delivery — To provide, maintain, and improve the GEO analysis Service, including processing your URL analyses, generating optimization assets, and storing your analysis history.

(b) Account Management — To create and manage your account, authenticate your identity, and process subscription changes.

(c) Security & Abuse Prevention — To enforce usage quotas, rate limiting, detect fraudulent activity, and protect the integrity of the Service.

(d) Communication — To send Service-related notifications, including quota warnings, subscription confirmations, terms updates, and security alerts. We do not send marketing emails without your explicit consent.

(e) Analytics — To generate aggregated, anonymized usage statistics to improve the Service. Individual user data is never shared in these analytics.

(f) Legal Compliance — To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

3. Cookie とトラッキング技術

We use the following types of cookies and similar technologies:

(a) Essential Cookies — Required for authentication, session management, and security. These cannot be disabled.

(b) Preference Cookies — Store your language/locale selection and theme preference (light/dark mode).

(c) Analytics Cookies — Help us understand how users interact with the Service to improve performance and user experience.

We do not use advertising or cross-site tracking cookies. You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent you from using the Service.

4. データの共有と開示

We do not sell, rent, or trade your personal data to third parties for marketing or advertising purposes. We may share your data only in the following circumstances:

(a) Service Providers — With trusted third-party service providers who process data on our behalf, including:

– Supabase (database hosting and authentication)

– Stripe (payment processing)

– Google Cloud (AI analysis via Gemini API)

– Vercel (application hosting)

These providers are contractually bound to protect your data and may only use it for the purposes we specify.

(b) Legal Requirements — When required by law, court order, subpoena, or other legal process, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

(c) Business Transfers — In connection with a merger, acquisition, reorganization, or sale of assets, your data may be transferred to the successor entity.

(d) With Your Consent — We may share your data with third parties when you have given us explicit consent to do so.

5. 国際データ移転

Your data may be processed and stored in locations outside of your country of residence, including the United States, where our service providers operate. When your data is transferred internationally, we ensure appropriate safeguards are in place, including:

(a) Contractual protections with our service providers.

(b) Compliance with applicable data protection regulations.

(c) Encryption of data in transit and at rest.

By using the Service, you consent to the transfer field of your data to countries that may have different data protection laws than your country of residence.

6. データ保持

We retain your personal data for as long as your account is active or as needed to provide the Service. Specifically:

(a) Account Data — Retained until you delete your account.

(b) Analysis History — Retained for the duration of your account. Free plan users' analysis history may be subject to retention limits.

(c) Server Logs (uploaded by you) — Stored as long as your account is active.

(d) Technical Logs (IP addresses, access logs) — Retained for a maximum of 90 days for security purposes, then automatically purged.

(e) Payment Records — Retained as required by applicable tax and accounting regulations.

Upon account deletion, your personal data will be permanently deleted within 30 days, except where retention is required by law.

7. データセキュリティ

We implement industry-standard technical and organizational measures to protect your personal data, including:

(a) Row Level Security (RLS) — Our PostgreSQL database enforces row-level security policies ensuring complete data isolation between users. No user can access another user's data.

(b) Encryption — All data in transit is encrypted via HTTPS/TLS. Authentication tokens are encrypted at rest.

(c) Access Controls — Internal access to user data is strictly limited to authorized personnel on a need-to-know basis.

(d) Regular Audits — We conduct periodic security reviews and vulnerability assessments.

(e) Incident Response — We maintain procedures for detecting, reporting, and responding to data breaches in accordance with applicable laws.

Despite these measures, no system is completely secure. In the event of a data breach affecting your personal data, we will notify you in accordance with applicable law.

8. 未成年者の保護

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children under 18. If we become aware that we have collected data from a minor, we will take steps to delete such data promptly.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us at ahwayhsieh@gmail.com so we can take appropriate action.

9. 台湾個人情報保護法に基づくお客様の権利

In accordance with the Personal Data Protection Act of the Republic of China (Taiwan) (個人資料保護法), you have the following rights regarding your personal data:

(a) Right to Access — You may request access to the personal data we hold about you.

(b) Right to Correction — You may request correction of any inaccurate or incomplete personal data.

(c) Right to Deletion — You may request deletion of your personal data by deleting your account.

(d) Right to Cease Collection — You may request that we stop collecting your personal data.

(e) Right to Cease Processing or Use — You may request that we stop processing or using your personal data.

(f) Right to Data Portability — You may export your analysis history in JSON format.

To exercise any of these rights, please contact us at ahwayhsieh@gmail.com. We will respond to your request within 30 days.

10. 第三者リンク

The Service may contain links to third-party websites, services, or content that are not owned or controlled by CiteLayer. We are not responsible for the privacy practices or content of these third-party sites.

We encourage you to review the privacy policies of any third-party websites you visit. This Privacy Policy applies only to information collected through our Service.

11. プライバシーポリシーの変更

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:

(a) Update the "Last updated" date at the top of this policy.

(b) Notify registered users via email or through the Service interface.

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

12. 準拠法

This Privacy Policy shall be governed by and construed in accordance with the laws of the Republic of China (Taiwan), including the Personal Data Protection Act (個人資料保護法). Any disputes arising from this Privacy Policy shall be submitted to the exclusive jurisdiction of the Taiwan Taipei District Court (臺灣臺北地方法院) as the court of first instance.

13. お問い合わせ

If you have any questions, concerns, or requests regarding this Privacy Policy or data protection, please contact us at ahwayhsieh@gmail.com