Legal

Imprint, privacy & terms.

Last updated: 21 May 2026 . Version 1.0

01 . Imprint & operator

Citetome is a trade name operated by Yossra Benzad, an independent service provider based in Denmark. This site does not represent a registered limited company. A Danish ApS (Citetome ApS) is in formation; this notice will be updated with the company registration number (CVR) once incorporation completes.

OperatorYossra Benzad (sole trader), trading as Citetome
Registered forInformation society services, software-as-a-service
Place of businessCopenhagen, Denmark
Contact emailhello@citetome.com
VATBelow DKK 50,000 threshold; VAT exemption under Danish momsloven § 48 applies until registration becomes mandatory.
HostingMarketing site: GitHub Pages (San Francisco, US, served via global CDN). API service: Fly.io (London region, lhr), with EU data residency for all customer-identifiable records.
StatusLive in production at api.citetome.com

02 . Privacy policy

Citetome processes personal data only to the extent necessary to deliver the service. We operate under the EU General Data Protection Regulation (Regulation 2016/679, "GDPR") and the Danish Act on Data Protection (Databeskyttelsesloven, 2018).

2.1 What we collect

2.2 What we do not collect

2.3 How we handle email and internal alerts

Outbound email from Citetome is sent through Resend from hello@citetome.com. Inbound email addressed to any @citetome.com address is received by Resend (on Amazon SES infrastructure in the EU, Ireland region) and automatically forwarded to the operator's business mailbox, which is hosted on Google (Gmail). The original sender address is preserved so that replies reach you directly. Correspondence is read and answered only by the operator.

When you submit an audit request, an internal notification containing your name, email address, domain and any notes you provided is posted to our private operations channel on Slack so we can respond quickly. Slack and Google act as sub-processors under the safeguards listed in section 7.1. We do not use your contact details for advertising and we do not add you to any mailing list.

2.4 Retention

Contact and audit-request emails: retained for the duration of the working relationship plus the statutory accounting period (5 years under Danish Bogføringsloven) where they form part of accounting records; otherwise deleted when no longer needed. Raw crawl data from one-off audits is deleted within 30 days of report delivery. Audit outputs and append-only audit-log entries are retained for the duration of the customer contract and up to 12 months thereafter. Forwarded email copies in the operator mailbox follow the same retention as contact emails. Database snapshots used for disaster recovery are rotated on a short cycle; data erased on request disappears from snapshots as they rotate out. Article 17 erasure requests are honoured within 30 days unless overridden by a legal obligation.

2.5 Your rights (GDPR Art. 15-22)

You have the right to access, rectify, erase, restrict, port, and object to processing of your personal data. To exercise these rights, email hello@citetome.com. We respond within 30 days as required by Art. 12(3).

2.6 International transfers

Customer-facing data is held within the EU/EEA (Fly.io London region; data residency confirmed by provider). The marketing site is delivered via GitHub Pages, which may route traffic through US edge nodes; only publicly accessible HTML is served from these nodes, no personal data is processed there. Where any onward transfer to a non-EEA country occurs, it is covered by the European Commission's Standard Contractual Clauses (2021/914).

03 . Cookies & tracking

This site uses no cookies, no analytics, no advertising and no third-party tracking. The only client-side storage we use is:

The marketing site loads web fonts from Google Fonts and the dashboard loads visualisation libraries from the jsDelivr CDN; these requests transmit your IP address to the respective provider but set no cookies and no identifiers. No consent banner is required for strictly necessary storage. If we ever add analytics, an explicit opt-in banner will be deployed first, in accordance with the Danish Cookiebekendtgørelsen and EDPB guidelines 03/2022.

04 . Terms of service

By using citetome.com or the api.citetome.com service, you agree to the following terms. These terms are governed by Danish law. Disputes are resolved by the courts of Copenhagen, Denmark, with the consumer's right of forum under Brussels Ia Regulation Art. 18 preserved where applicable.

4.1 Service description

Citetome provides Answer-Engine Optimisation (AEO) and Generative-Engine Optimisation (GEO) auditing and governance for websites. The service produces audit reports, generates remediation proposals, and maintains an append-only audit log of approved changes.

4.2 Acceptable use

4.3 Pricing & payment

Pricing is set per the published price list at citetome.com/pricing. Audits are billed on completion; managed plans are billed monthly in advance. All prices are exclusive of VAT where applicable. Payment terms: 14 days net from invoice issue. Late payment interest is charged at the Danish national bank reference rate plus 8 percentage points per Renteloven § 5.

4.4 Cancellation & refunds

Managed plans can be cancelled at the end of any monthly billing cycle with no notice period. One-off audits are refundable in full until the audit run has started, and not refundable thereafter, except where required by mandatory consumer protection law.

4.5 Service level & limitation of liability

The service is provided on a commercially reasonable best-effort basis. We do not guarantee specific rankings, citation rates, or visibility outcomes in AI search engines, as these are governed by third-party algorithms outside our control. Liability for direct damages is capped at the fees paid by the customer in the 12 months preceding the claim. Liability for indirect, consequential, or lost-profit damages is excluded to the extent permitted by Danish law. Nothing in these terms limits liability for gross negligence, wilful misconduct, or personal injury.

05 . Governance pact

Every site enrolled in a managed plan signs the Citetome Governance Pact. The pact specifies:

06 . Intellectual property

All source code, design, copy, documentation, brand assets and logos on citetome.com and api.citetome.com are protected under Danish copyright law (Ophavsretsloven) and the Berne Convention. Copyright arises automatically upon creation; no registration is required. All rights reserved. The "Citetome" word mark and the bracket-and-dot logo are unregistered trade marks of the operator. A Community trade-mark filing is planned alongside the Citetome ApS incorporation.

You retain ownership of the content of your own website. By using the service, you grant Citetome a limited, non-exclusive licence to read, index, and propose changes to that content for the purpose of delivering the audit and governance service.

07 . Data processing addendum

Where Citetome processes personal data on behalf of a customer (acting as data processor under GDPR Art. 28), a separate Data Processing Addendum (DPA) is signed. The DPA mirrors the European Commission's Standard Contractual Clauses and covers: processing instructions, sub-processors, security measures, breach notification within 72 hours, audit rights, and post-termination return or deletion of data. Customers can request the DPA template at hello@citetome.com.

7.1 Sub-processors

We use the following providers to run the service. Providers outside the EU/EEA are engaged under the European Commission's Standard Contractual Clauses (2021/914) and, where certified, the EU-US Data Privacy Framework. Transfers to the United Kingdom are covered by the European Commission's UK adequacy decision (renewed 19 December 2025).

Sub-processorPurposeLocation / transfer basis
Fly.io Inc.Application and database hosting (api.citetome.com)London, UK (lhr region); UK adequacy decision
Resend Inc.Transactional email: sending from @citetome.com and receiving all inbound email to @citetome.comEU region (Ireland); US entity under SCCs
Amazon Web Services EMEA SARL (via Resend)Underlying email infrastructure (Amazon SES)eu-west-1, Ireland (EU)
Google LLC (Gmail)Operator mailbox: inbound business correspondence is forwarded to and processed in the operator's Google mailboxEU/US; EU-US Data Privacy Framework
Slack Technologies LLCInternal operational alerts (new audit requests, including contact name, email and domain)US; EU-US Data Privacy Framework / SCCs
GitHub Inc.Marketing site hosting (citetome.com)United States, with global edge delivery; Data Privacy Framework / SCCs
Namecheap Inc.Domain registration and DNS for citetome.comUnited States; SCCs
UptimeRobot Service Provider Ltd.Uptime monitoring of public endpointsMalta (EU)
Google LLC (Fonts CDN)Web font delivery on the marketing site (visitor IP is transmitted on page load)US/global edge; Data Privacy Framework

This list is updated when a provider is added or replaced. Material changes are notified to managed-plan customers before the new provider processes their data.

08 . Contact & complaints

For privacy, contract, or technical enquiries, email hello@citetome.com. We respond within 5 working days for general enquiries and within 30 days for GDPR rights requests.

If you are not satisfied with our handling of a personal-data complaint, you have the right to lodge a complaint with the Danish supervisory authority:

Datatilsynet, Carl Jacobsens Vej 35, 2500 Valby, Denmark. Web: datatilsynet.dk. Phone: +45 33 19 32 00.

This page is provided in good faith and is updated when our processing or structure changes. Translated versions, where they exist, are provided for convenience; the English version is authoritative. No part of this notice constitutes legal advice.