← Back to CiteLyra

Privacy Policy

TEMPLATE — not yet legal advice. Review by qualified counsel (and a DPO where required) and complete the bracketed details before launch. CiteLyra is operated by an EU entity, so this draft is written around the GDPR.

Controller: SCAILE Technologies GmbH, [REGISTERED ADDRESS] Data protection contact: [DPO / PRIVACY EMAIL] Version: 2026-06-25 · Effective: [EFFECTIVE DATE]

1. Scope

This policy explains what personal data we process when you use CiteLyra, why, on what legal basis, who we share it with, and your rights.

2. Data we collect

3. Why we process it (purposes and legal bases)

Purpose Legal basis (GDPR Art. 6)
Provide the service (accounts, generation, downloads) Contract (6(1)(b))
Billing and credit accounting Contract (6(1)(b))
Security, abuse prevention, cost control Legitimate interests (6(1)(f))
Service emails (verification, password reset, transactional) Contract (6(1)(b))
Legal/accounting obligations Legal obligation (6(1)(c))

4. AI and search providers (what content leaves us)

To generate a draft, your topic and related content are sent to the configured AI provider and to search/citation providers, and artifacts are stored with our object-storage provider. The current providers, what they receive, and whether they may retain content are listed in Subprocessors. You should not submit sensitive personal data of others in your topics.

5. Sharing

We share data only with the subprocessors needed to run the service (AI, search, hosting, storage, email, payments, error monitoring) and where required by law. We do not sell personal data.

6. International transfers

Some providers process data outside the EEA. Where they do, transfers rely on appropriate safeguards (e.g. EU Standard Contractual Clauses). See Subprocessors.

7. Retention

8. Your rights

Subject to applicable law, you can request access, rectification, erasure, restriction, portability, and object to certain processing. You can delete your account and its generations from within the app (Account → Delete), and contact [DPO / PRIVACY EMAIL] for other requests. You may lodge a complaint with your supervisory authority.

9. Security

Passwords are hashed (PBKDF2). Sessions use secure, HTTP-only cookies. Transport is encrypted (TLS). Provider keys are server-side secrets, never exposed to the browser. See our Security Policy and report issues to [SECURITY EMAIL].

10. Children

CiteLyra is not directed to children under 16, and we do not knowingly process their data.

11. Changes

We will update the version above and notify you of material changes.

12. Contact

[DPO / PRIVACY EMAIL] · SCAILE Technologies GmbH, [REGISTERED ADDRESS].