Przejdź do treści
← Back to login

Privacy Policy

Last updated: March 25, 2026

1. Data Controller

The data controller is Seowp Wojciech Wladzinski, ul. Nieborowska 36, 80-034 Gdansk, Poland, NIP: 9840163453 - owner of the CitationOne service available at app.citationone.com.

2. Data We Collect

We collect only the following data:

  • Email address - provided during registration/login, used for authentication (OTP codes) and account identification

We do not collect names, surnames, addresses, phone numbers, or other personal data.

3. Purpose of Data Processing

We process your email address for the purpose of:

  • Creating and maintaining a user account
  • Sending one-time verification codes (OTP) for login
  • Assigning audits to the user account
  • Account-related communication (e.g., feedback notifications)
  • Sending new feature announcements and tool updates - only with separate, optional consent

4. Legal Basis

We process data based on:

  • Art. 6(1)(a) GDPR (consent) - given during registration by accepting this Privacy Policy - for account creation and tool usage
  • Art. 6(1)(a) GDPR (separate consent) - optional marketing communication consent, given via a separate checkbox during registration or in Account Settings. You can withdraw this consent at any time in Settings

5. Cookies and Analytics

The Service uses:

  • Session cookies (httpOnly) - store a JWT token to maintain the login session (7 days)
  • Google Tag Manager (GTM) - analytics tag management
  • Google Analytics 4 (GA4) - traffic and user behavior analysis (anonymous data: pages visited, session duration, events)

GA4 may collect data such as approximate location (country/city), device type, browser, and operating system. This data is anonymous and does not allow direct user identification.

6. Third-Party Services

To provide our service, we use the following providers:

  • Resend - sending verification code emails (we share the email address)
  • Neon (PostgreSQL) - storing account and audit data (EU servers)
  • Vercel - application hosting (EU/US servers)
  • Google Gemini API - content analysis during audits (we share the audited page content, not personal data)
  • Bright Data - fetching web page content and search results (no personal data shared)

7. Data Retention Period

We retain data for as long as the account exists. Upon account deletion, all associated data (email, audits, results) is permanently removed from the database.

8. Your Rights

Under GDPR, you have the right to:

  • Access your data
  • Rectify your data
  • Erase your data (“right to be forgotten”)
  • Withdraw consent at any time
  • Lodge a complaint with a supervisory authority (President of UODO in Poland)

To exercise these rights, please contact the data controller.

9. Security

We apply appropriate technical and organizational measures: encrypted connections (HTTPS/TLS), hashed session tokens (JWT with HS256), one-time verification codes instead of passwords, and access restrictions (admin/user roles).

10. Contact

For matters related to personal data protection, please contact the data controller: Seowp Wojciech Wladzinski, ul. Nieborowska 36, 80-034 Gdansk, Poland.

← Back to login