Imprint, privacy & terms.
Last updated: 21 May 2026 . Version 1.0
Contents
01 . Imprint & operator
Citetome is a trade name operated by Yossra Benzad, an independent service provider based in Denmark. This site does not represent a registered limited company. A Danish ApS (Citetome ApS) is in formation; this notice will be updated with the company registration number (CVR) once incorporation completes.
| Operator | Yossra Benzad (sole trader), trading as Citetome |
|---|---|
| Registered for | Information society services, software-as-a-service |
| Place of business | Copenhagen, Denmark |
| Contact email | hello@citetome.com |
| VAT | Below DKK 50,000 threshold; VAT exemption under Danish momsloven § 48 applies until registration becomes mandatory. |
| Hosting | Marketing site: GitHub Pages (San Francisco, US, served via global CDN). API service: Fly.io (London region, lhr), with EU data residency for all customer-identifiable records. |
| Status | Live in production at api.citetome.com |
02 . Privacy policy
Citetome processes personal data only to the extent necessary to deliver the service. We operate under the EU General Data Protection Regulation (Regulation 2016/679, "GDPR") and the Danish Act on Data Protection (Databeskyttelsesloven, 2018).
2.1 What we collect
- Contact form / email: name, email address, message content. Lawful basis: GDPR Art. 6(1)(b), pre-contractual measures at your request.
- Audit requests: website URL, contact email, and optionally your name, company, primary market, site languages and free-text notes. Lawful basis: GDPR Art. 6(1)(b), pre-contractual measures at your request.
- Dashboard authentication: API key (stored in browser session memory only, never transmitted to third parties).
- Server logs: IP address, user-agent, timestamps, URL paths. Retained 30 days for security and abuse prevention. Lawful basis: GDPR Art. 6(1)(f), legitimate interest.
2.2 What we do not collect
- No advertising cookies, no analytics cookies, no third-party trackers.
- No fingerprinting, no session replay, no behavioural profiling.
- No data is sold or shared with marketing partners.
2.3 How we handle email and internal alerts
Outbound email from Citetome is sent through Resend from hello@citetome.com. Inbound email addressed to any @citetome.com address is received by Resend (on Amazon SES infrastructure in the EU, Ireland region) and automatically forwarded to the operator's business mailbox, which is hosted on Google (Gmail). The original sender address is preserved so that replies reach you directly. Correspondence is read and answered only by the operator.
When you submit an audit request, an internal notification containing your name, email address, domain and any notes you provided is posted to our private operations channel on Slack so we can respond quickly. Slack and Google act as sub-processors under the safeguards listed in section 7.1. We do not use your contact details for advertising and we do not add you to any mailing list.
2.4 Retention
Contact and audit-request emails: retained for the duration of the working relationship plus the statutory accounting period (5 years under Danish Bogføringsloven) where they form part of accounting records; otherwise deleted when no longer needed. Raw crawl data from one-off audits is deleted within 30 days of report delivery. Audit outputs and append-only audit-log entries are retained for the duration of the customer contract and up to 12 months thereafter. Forwarded email copies in the operator mailbox follow the same retention as contact emails. Database snapshots used for disaster recovery are rotated on a short cycle; data erased on request disappears from snapshots as they rotate out. Article 17 erasure requests are honoured within 30 days unless overridden by a legal obligation.
2.5 Your rights (GDPR Art. 15-22)
You have the right to access, rectify, erase, restrict, port, and object to processing of your personal data. To exercise these rights, email hello@citetome.com. We respond within 30 days as required by Art. 12(3).
2.6 International transfers
Customer-facing data is held within the EU/EEA (Fly.io London region; data residency confirmed by provider). The marketing site is delivered via GitHub Pages, which may route traffic through US edge nodes; only publicly accessible HTML is served from these nodes, no personal data is processed there. Where any onward transfer to a non-EEA country occurs, it is covered by the European Commission's Standard Contractual Clauses (2021/914).
03 . Cookies & tracking
This site uses no cookies, no analytics, no advertising and no third-party tracking. The only client-side storage we use is:
sessionStorageon the customer dashboard, holding your API key for the duration of the tab session (strictly necessary for authentication; cleared when you close the tab).
The marketing site loads web fonts from Google Fonts and the dashboard loads visualisation libraries from the jsDelivr CDN; these requests transmit your IP address to the respective provider but set no cookies and no identifiers. No consent banner is required for strictly necessary storage. If we ever add analytics, an explicit opt-in banner will be deployed first, in accordance with the Danish Cookiebekendtgørelsen and EDPB guidelines 03/2022.
04 . Terms of service
By using citetome.com or the api.citetome.com service, you agree to the following terms. These terms are governed by Danish law. Disputes are resolved by the courts of Copenhagen, Denmark, with the consumer's right of forum under Brussels Ia Regulation Art. 18 preserved where applicable.
4.1 Service description
Citetome provides Answer-Engine Optimisation (AEO) and Generative-Engine Optimisation (GEO) auditing and governance for websites. The service produces audit reports, generates remediation proposals, and maintains an append-only audit log of approved changes.
4.2 Acceptable use
- You may submit only domains you own or are authorised to optimise.
- You may not use the service for spam, cloaking, manipulating search rankings through deceptive content, or any practice prohibited by Google Search Essentials or the policies of major AI search providers.
- You may not reverse-engineer or scrape the dashboard or API beyond rate limits.
4.3 Pricing & payment
Pricing is set per the published price list at citetome.com/pricing. Audits are billed on completion; managed plans are billed monthly in advance. All prices are exclusive of VAT where applicable. Payment terms: 14 days net from invoice issue. Late payment interest is charged at the Danish national bank reference rate plus 8 percentage points per Renteloven § 5.
4.4 Cancellation & refunds
Managed plans can be cancelled at the end of any monthly billing cycle with no notice period. One-off audits are refundable in full until the audit run has started, and not refundable thereafter, except where required by mandatory consumer protection law.
4.5 Service level & limitation of liability
The service is provided on a commercially reasonable best-effort basis. We do not guarantee specific rankings, citation rates, or visibility outcomes in AI search engines, as these are governed by third-party algorithms outside our control. Liability for direct damages is capped at the fees paid by the customer in the 12 months preceding the claim. Liability for indirect, consequential, or lost-profit damages is excluded to the extent permitted by Danish law. Nothing in these terms limits liability for gross negligence, wilful misconduct, or personal injury.
05 . Governance pact
Every site enrolled in a managed plan signs the Citetome Governance Pact. The pact specifies:
- That every change is proposed before it is applied, with a diff preview.
- That the site owner retains a one-click reversal right for 30 days after any approved change.
- That every action (proposal, approval, rejection, reversal) is written to an append-only audit log addressable from
api.citetome.com/governance. - That tombstone-style deletion is supported, in line with GDPR Art. 17 and the EU AI Act transparency obligations applicable from August 2026.
06 . Intellectual property
All source code, design, copy, documentation, brand assets and logos on citetome.com and api.citetome.com are protected under Danish copyright law (Ophavsretsloven) and the Berne Convention. Copyright arises automatically upon creation; no registration is required. All rights reserved. The "Citetome" word mark and the bracket-and-dot logo are unregistered trade marks of the operator. A Community trade-mark filing is planned alongside the Citetome ApS incorporation.
You retain ownership of the content of your own website. By using the service, you grant Citetome a limited, non-exclusive licence to read, index, and propose changes to that content for the purpose of delivering the audit and governance service.
07 . Data processing addendum
Where Citetome processes personal data on behalf of a customer (acting as data processor under GDPR Art. 28), a separate Data Processing Addendum (DPA) is signed. The DPA mirrors the European Commission's Standard Contractual Clauses and covers: processing instructions, sub-processors, security measures, breach notification within 72 hours, audit rights, and post-termination return or deletion of data. Customers can request the DPA template at hello@citetome.com.
7.1 Sub-processors
We use the following providers to run the service. Providers outside the EU/EEA are engaged under the European Commission's Standard Contractual Clauses (2021/914) and, where certified, the EU-US Data Privacy Framework. Transfers to the United Kingdom are covered by the European Commission's UK adequacy decision (renewed 19 December 2025).
| Sub-processor | Purpose | Location / transfer basis |
|---|---|---|
| Fly.io Inc. | Application and database hosting (api.citetome.com) | London, UK (lhr region); UK adequacy decision |
| Resend Inc. | Transactional email: sending from @citetome.com and receiving all inbound email to @citetome.com | EU region (Ireland); US entity under SCCs |
| Amazon Web Services EMEA SARL (via Resend) | Underlying email infrastructure (Amazon SES) | eu-west-1, Ireland (EU) |
| Google LLC (Gmail) | Operator mailbox: inbound business correspondence is forwarded to and processed in the operator's Google mailbox | EU/US; EU-US Data Privacy Framework |
| Slack Technologies LLC | Internal operational alerts (new audit requests, including contact name, email and domain) | US; EU-US Data Privacy Framework / SCCs |
| GitHub Inc. | Marketing site hosting (citetome.com) | United States, with global edge delivery; Data Privacy Framework / SCCs |
| Namecheap Inc. | Domain registration and DNS for citetome.com | United States; SCCs |
| UptimeRobot Service Provider Ltd. | Uptime monitoring of public endpoints | Malta (EU) |
| Google LLC (Fonts CDN) | Web font delivery on the marketing site (visitor IP is transmitted on page load) | US/global edge; Data Privacy Framework |
This list is updated when a provider is added or replaced. Material changes are notified to managed-plan customers before the new provider processes their data.
08 . Contact & complaints
For privacy, contract, or technical enquiries, email hello@citetome.com. We respond within 5 working days for general enquiries and within 30 days for GDPR rights requests.
If you are not satisfied with our handling of a personal-data complaint, you have the right to lodge a complaint with the Danish supervisory authority:
Datatilsynet, Carl Jacobsens Vej 35, 2500 Valby, Denmark. Web: datatilsynet.dk. Phone: +45 33 19 32 00.
This page is provided in good faith and is updated when our processing or structure changes. Translated versions, where they exist, are provided for convenience; the English version is authoritative. No part of this notice constitutes legal advice.