Privacy Policy

When you register for Citewise, we collect information you provide directly — including your name, email address, and payment details. When you use the platform, we automatically collect usage data such as your search queries, session duration, device type, IP address, and browser information. We do not collect or store the full text of any confidential client communications.

We use the information we collect to provide, improve, and personalise the Citewise platform; to process your subscription and send transactional emails; to analyse aggregate usage patterns to improve our AI models; to detect and prevent fraud or abuse; and to comply with applicable law. We do not sell your personal data to third parties.

For users in India, processing is governed by the Information Technology (Amendment) Act, 2008 and the Digital Personal Data Protection Act, 2023. We process your personal data on the basis of contractual necessity (to deliver the service), legitimate interests (platform improvement and security), and — where required — your explicit consent.

Citewise uses strictly necessary cookies to maintain your authenticated session and functional cookies to remember your preferences. We do not use third-party advertising cookies. You may disable cookies in your browser settings, but certain features of the platform may not function correctly without them.

We share your data only with: (a) trusted infrastructure providers such as Google Firebase and Cashfree Payments, under strict data processing agreements; (b) law-enforcement or regulatory bodies when legally required; and (c) professional advisors bound by confidentiality obligations. We never sell, rent, or lease your personal information.

We retain your account data for as long as your account is active or as needed to provide services. Upon account deletion, your personal data is deleted within 30 days, except where retention is required to comply with legal obligations or resolve disputes. Anonymised, aggregated research data may be retained indefinitely to improve the platform.

We implement industry-standard safeguards, including TLS encryption in transit, AES-256 encryption at rest, and role-based access controls. However, no transmission over the internet is 100% secure. If you believe your account has been compromised, please contact us immediately through our Contact page.

You have the right to access, correct, or delete your personal data; to withdraw consent where processing is consent-based; to data portability; and to lodge a complaint with the appropriate data protection authority. To exercise any of these rights, reach out through our Contact page. We will respond within 30 days.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or via an in-app notice at least 7 days before the change takes effect. Continued use of the platform after the effective date constitutes acceptance of the updated policy.