/ LEGAL
Privacy Policy
Effective: June 10, 2026
1. Who we are
CiteSilo ("we", "us") provides a company knowledge platform that connects your team's tools and answers questions about your own data with citations. This policy explains what we collect, why, and the controls you have. Questions: support@citesilo.com.
2. Data we collect
- Account data — name, email address, and authentication identifiers when you sign up or are invited to a workspace.
- Connected source content — when a workspace member connects a source (Google Gmail, Google Drive, Slack, or a custom API), we ingest the content that source exposes (e.g. email text, document text, channel messages) so it can be searched and used to answer your team's questions.
- Usage and audit data — actions taken in the product (syncs, queries, configuration changes) are recorded in workspace audit logs, along with technical logs needed to operate the service.
3. How we use data
We use your data solely to provide the service: indexing and searching your connected content, generating answers with citations, and keeping your workspace secure and auditable. We do not sell your data. We do not use your content to train AI models. Access inside your workspace is governed by roles and per-source privacy settings (workspace, team, or private visibility).
4. Google user data
When you connect a Google account, CiteSilo requests read-only access to Gmail (gmail.readonly) and Google Drive (drive.readonly), plus your basic profile (email address and name). We use this access only to ingest your email and document content into your private workspace index so you can search it and ask questions about it.
CiteSilo's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
- Google data is used only to provide user-facing features of CiteSilo — search and cited answers inside your workspace.
- We do not use Google data for advertising, and we do not sell it.
- Humans do not read your Google data except with your explicit permission (e.g. support), where required for security or abuse investigation, or where required by law.
- OAuth tokens are encrypted at rest (AES-256-GCM). Disconnecting Google deletes the stored tokens and purges the ingested content from your workspace.
5. Service providers (subprocessors)
We rely on a small set of infrastructure providers to operate CiteSilo: database and authentication hosting (Supabase), application hosting and networking (Cloudflare), and AI model processing for answering queries and embedding text (OpenRouter and its underlying model providers). These providers process data on our instructions to deliver the service and do not acquire rights to use your content for their own purposes.
6. Storage and security
Data is encrypted in transit (TLS) and at rest. Source credentials and OAuth tokens are additionally encrypted with AES-256-GCM application-layer encryption. Workspaces are isolated with row-level security; access within a workspace is controlled by roles (admin, member, viewer) and per-source visibility settings. All sensitive actions are written to an audit log visible to your workspace admins.
7. Retention and deletion
Content remains in your workspace index for as long as the source is connected. Disconnecting a source permanently deletes its ingested documents and search index entries. Deleting your workspace or account removes the associated data from the production database. You can also revoke CiteSilo's access at any time from your Google or Slack account security settings.
8. Your rights
Depending on your location (including under GDPR), you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. Contact us at support@citesilo.com and we will respond within 30 days.
9. Changes
We will update this policy as the product evolves and change the effective date above. Material changes will be announced in the product or by email.