GDPR Policy

1. Data Controller Information

2. Your Rights Under GDPR

As a data subject under the General Data Protection Regulation (GDPR), you have the following rights:

Right to Information

You have the right to be informed about how your personal data is collected, used, and processed. This policy provides that information.

Right of Access

You have the right to request access to your personal data and receive information about how we process it.

Right to Rectification

You have the right to have inaccurate personal data corrected or completed if it is incomplete.

Right to Erasure (Right to be Forgotten)

You have the right to request the deletion or removal of personal data where there is no compelling reason for its continued processing.

Right to Restrict Processing

You have the right to request the restriction or suppression of your personal data under certain circumstances.

Right to Data Portability

You have the right to obtain and reuse your personal data for your own purposes across different services.

Right to Object

You have the right to object to the processing of your personal data in certain circumstances, including for direct marketing purposes.

Rights Related to Automated Decision Making

You have rights regarding automated decision-making and profiling. Note: CiteCount does not engage in automated decision-making or profiling.

3. Data We Collect

CiteCount is designed to minimize data collection. We collect minimal data as follows:

Local Data (Not Transmitted)

• Document Content: Your text and documents are processed entirely on your device and never sent to our servers
• User Preferences: Settings and preferences are stored locally in your browser
• AutoSave Data: Automatically saved content is stored locally on your device

Analytics Data (Anonymous)

• Usage Statistics: Anonymous data about how features are used (with your consent)
• Performance Metrics: Basic performance and error reporting (no personal information)
• General Location: Country-level location data for analytics (no precise location)

Technical Data

• Browser Information: Browser type and version for compatibility
• Device Information: General device type for responsive design
• IP Address: Temporarily processed for security and analytics (anonymized)

4. Legal Basis for Processing

We process personal data under the following legal bases:

• Legitimate Interest: For providing and improving our service, ensuring security
• Consent: For analytics and optional features (you can withdraw consent at any time)
• Performance of Contract: For providing the core service functionality

5. Data Sharing and Transfers

Third-Party Services

We use minimal third-party services that may process data:

• Google Analytics: Anonymous usage analytics (with your consent)
• Cloudflare: Content delivery and security services
• Netlify: Web hosting and deployment services

International Transfers

Some of our service providers may be located outside the EU. We ensure appropriate safeguards are in place for any international data transfers.

No Sale of Data

We never sell, rent, or trade your personal data to third parties for marketing purposes.

6. Data Retention

• Local Data: Retained on your device until you clear it or uninstall the application
• Analytics Data: Retained for up to 26 months for Google Analytics, then automatically deleted
• Technical Logs: Retained for up to 90 days for security and performance purposes

7. Data Security

We implement appropriate technical and organizational measures to protect your data:

• All document processing happens locally on your device
• HTTPS encryption for all data transmission
• Regular security assessments of our infrastructure
• Limited access to any personal data we do collect
• Data minimization principles applied throughout our systems

8. Exercising Your Rights

To exercise any of your GDPR rights, please contact us through our contact form. We will respond to your request within one month.

What We Need From You

To process your request, we may need to verify your identity and ask for specific information about your request.

No Cost

You will not be charged for exercising your rights. However, we may charge a reasonable fee for manifestly unfounded or excessive requests.

9. Complaints

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with your local supervisory authority.

For EU residents, you can find your local supervisory authority contact information at the European Data Protection Board website.

10. Changes to This Policy

We may update this GDPR policy from time to time. When we do, we will:

• Update the "Last updated" date at the top of this policy
• Notify users of significant changes through our website
• For material changes, seek renewed consent where required

11. Contact Us

If you have any questions about this GDPR policy or our data protection practices, please contact us through our contact form.

We are committed to resolving any concerns you may have about how we handle your personal data.