1. Controller and scope
ARTIFEX Co,. Ltd. (Korean name: 주식회사 아티펙스; Korean business registration number 239-88-03748) controls the personal information covered by this notice. The representative is Jungyeup SIM. The controller’s address is 1006, 391 Gangseo-ro, Gangseo-gu, Seoul, 07803, Republic of Korea, and its telephone number is +82-10-6342-7116.
CiteAngle is a B2B measurement and execution service. A business email, employee name, or account event can still be personal information and receives the protections in this notice. The service is not directed to children or anyone under 14.
2. Notice at collection: data and purposes
- Account and contact: email, one-way password hash, email-verification record, name, company and role; when Google sign-in is chosen, Google sub, verified email, name, and profile image — account creation, authentication, security, and contact verification.
- Inquiry and project: the full inquiry, reply address, brand, domain, industry, selected country and region, exact queries, target and competitor domains, supplied materials, measured responses, and review history — scoping, quoting, measurement, adjudication, and delivery.
- Transaction: proposal, agreement, amount, currency, payment status, transaction identifier, refund, invoice, and tax evidence — contract performance, accounting, disputes, and required records.
- Operations and security: connection IP, timestamp, path, browser or device characteristics, error and security events — delivery, abuse prevention, incident investigation, and availability.
- Choices and evidence: manually selected region, notice version, terms/privacy acceptance, timestamp, and separate marketing choice — applying and proving the choice.
Do not submit government identifiers, passwords, payment-card or bank data, health or biometric data, private customer lists, or personal information unnecessary for the project. CiteAngle does not claim to operate an automated PII detector. The current controls warn before submission and exclude sensitive content found during operational review or request a safe substitute.
3. Current provider, transfer, and choice register
US input first reaches CiteAngle’s primary hosting in Seoul, Republic of Korea. Only the exact query, public domain, market condition, or other minimum input required for a contracted measurement cell is then sent to the US-provider APIs listed in the register below. We do not sell personal information, share it for cross-context behavioral advertising, or run third-party advertising trackers.
| Status | Party and role | Data and purpose | Country and method | Retention and limits | Choice and impact | Basis |
|---|---|---|---|---|---|---|
| Active | Vultr · infrastructure processor operated by a US provider | Hosts account, inquiry, project and transaction databases, web requests, security logs, and backups | Primary storage and processing in Vultr’s Seoul, Korea region over HTTPS and controlled server access; limited international provider support or security access may occur. Vultr compliance information | Purpose-specific periods below; rotating infrastructure backups take about four weeks to age out | Required infrastructure; refusal prevents site, account, and report delivery | Requested steps and contract performance; secure service operation |
| Active | Resend · transactional and service-email processor | Recipient, reply-to, subject, and HTML body; HTML can contain the full inquiry or delivery notice | TLS from the Seoul server to Resend’s US-centered API and onward to the recipient mailbox. Resend DPA | Local terminal outbox payload is scrubbed once it is more than 30 days old. The Resend account’s open/click tracking and exact provider-side retention settings have not yet been verified; review precedes any reliance on tracking settings | Without an email address, automated quote and delivery notices are unavailable; an alternative channel may be agreed before contract | Responding to a request and performing the service contract |
| Active | Google-hosted operating mailbox · business-email processor | The full inquiry, sender and reply address, and any attachment later emailed to the operating team for review and response | Delivery through Resend to Google’s global mail infrastructure. The current Workspace data-region and DPA account settings have not yet been verified | Managed through the manual account-deletion and legal-record workflow when the inquiry closes or deletion is approved; provider deletion and backup behavior follows Google’s retention explanation | Refusal means email inquiry cannot be used; a minimum-data alternative channel can be agreed before contract | User-requested pre-contract steps and business communication |
| Optional | Google OAuth · optional authentication processor | Google sub, verified email, name, and profile image for account creation and login. OAuth access, refresh, and ID tokens are not retained in the database after the callback | TLS between the browser and Google and between the Seoul server and Google OAuth endpoints. Google OAuth documentation | Local account data remains until an approved manual deletion request; Google-side records follow the user’s Google account and provider policy | Email and password registration remains available if Google sign-in is declined | User-initiated optional authentication and account service |
| Active measurement | OpenAI API · AI-search measurement processor | Exact measurement query, public brand and target domain, market conditions, and generated response; business contact details are not intentionally included | TLS from the Seoul server to the OpenAI API; processed and stored in the United States per the configured data-residency region; requests set store:false | API input and output are not used to train OpenAI models by default (opt-in only). store:false opts out of response storage but is not ZDR; abuse-monitoring logs are retained for up to 30 days and then deleted. OpenAI API privacy and retention | Declining removes the OpenAI cell and requires a revised scope and quote | Requested B2B measurement and contract performance |
| Active measurement and judging | Anthropic API · AI measurement and adjudication processor | Exact query and response, target and competitor domains; the judge also receives output from other providers for cross-provider adjudication | TLS from the Seoul server to the Anthropic API; data is stored in the United States, and inference may be routed across US, European, Asian, and Australian infrastructure | Inputs and outputs are not used for model training and are automatically deleted within 30 days by default (trust-and-safety review can extend this); CiteAngle does not represent that a separate ZDR agreement is active. Anthropic retention information | Declining removes Anthropic measurement and judging and requires a revised verification method | Contracted measurement and result verification |
| Active measurement | Perplexity API · AI-search measurement processor | Exact query and response with public brand and domain conditions | TLS from the Seoul server to the API of Perplexity AI, Inc., a US company | API prompts and responses are not retained (ZDR) and are not used for model training; billing and usage metadata is retained. Perplexity API privacy and security | Declining removes the Perplexity cell and requires a revised scope and quote | Requested B2B measurement and contract performance |
| Active measurement | xAI API · AI-search measurement processor | Exact query, public brand and domain conditions, and generated response | TLS from the Seoul server to the xAI API; processed in the United States, where xAI maintains its primary data centers; requests set store:false | Inputs and outputs are not used for model training without explicit permission. store:false is used but is not ZDR; requests and responses are stored for 30 days for abuse auditing and then deleted. xAI API security and retention | Declining removes the xAI cell and requires a revised scope and quote | Requested B2B measurement and contract performance |
| Active search measurement | SerpApi · search-result collection processor | Exact query, location such as country/city/state, portal parameters, and returned search results | TLS from the Seoul server to the API of SerpApi, LLC, a US (Texas) company; the hosting server region is not published; deliverable measurement uses no_cache=true | no_cache is a freshness setting, not a privacy or no-retention setting. Search Archive can retain a result for up to 31 days. Archive information. Separate ZeroTrace activation is not currently verified | Declining removes the affected Google, Bing, or other portal cells and requires a revised scope and quote | Contracted regional search measurement |
| Conditional enrichment | YouTube Data API · public video-metadata enrichment | Sends only a public video ID already found in measurement to enrich public title, channel, and statistics; no account or inquiry data | TLS from the Seoul server to Google’s API. videos.list documentation | Local measurement-source period: 90 days for a free snapshot or up to five years for paid-audit evidence. Current provider-log account settings are not represented as verified | If declined or no key is configured, video enrichment is omitted and the core audit continues | Contracted public-surface measurement |
| Disabled now | Cloudflare · potential future CDN, security, and coarse-region processor | If enabled, the edge would process connection IP and request metadata and send only coarse country/region headers to origin; raw IP would not be stored in a location receipt | Trusted geo is currently disabled and region selection is manual. Global edge processing can begin only when SNAP_GEO_PROXY_PROVIDER=cloudflare and SNAP_GEO_ORIGIN_LOCKED=true are both verified. Cloudflare DPA | Exact retention and account configuration will be disclosed before activation; no current Cloudflare location processing | Manual region selection remains available, so declining has no core-service impact | No current processing basis; if activated, service security and a requested coarse default |
| Planned; inactive | PortOne V2, Toss Payments, and PayPal SPB · potential future payment providers | If activated: transaction identifier, amount, currency, payment and refund status | No live checkout or current API transfer. Review plan: Toss/KRW for Korea and PayPal/USD for US and Japan | No activation until contracts, legal/tax review, and provider-specific retention are finalized | No present impact; the service remains inquiry-and-quote first | No current processing basis; a checkout notice and contract basis will be established before activation |
A mailbox provider selected by the user or the user’s employer receives email at that recipient’s direction. It is an independent recipient facility, not a processor selected or managed by ARTIFEX Co., Ltd. We may also disclose information under valid legal process, to protect rights and security, or in a business transfer with equivalent safeguards.
4. Region selection and required cookies
Region selection is currently manual. CiteAngle does not request GPS or precise device-location permission. A Cloudflare coarse default can be used only after both trust settings and the origin lock above are verified, and a manual selection always wins.
ca_state: random anti-forgery value for optional Google OAuth; 10 minutes and deleted after callback.ca_next: safe same-site return path after OAuth; 10 minutes and deleted after callback.ca_sess: login session containing email, expiration, and an HMAC signature; 30 days.
All three are HttpOnly, SameSite=Lax, and Path=/; Secure is set when the public base URL is HTTPS. CiteAngle does not operate advertising or analytics cookies. The first two are not created unless OAuth is used. Blocking the session cookie leaves public pages available but disables login.
5. Retention and deletion as implemented
- Email verification: the verification row is deleted before return when verification succeeds, expiry is evaluated, or the maximum attempt count is reached. A new code request replaces the earlier row.
- Email outbox: when a sent or terminal-failed message is more than 30 days old, recipient, subject, HTML, and last error are scrubbed while status, dedupe, and related-business metadata remain. Pending and sending payloads remain until terminal so durable delivery is not weakened.
- Free snapshot source data: 90 days for quality and reproducibility review.
- Paid-audit source data and delivery evidence: up to five years for contract verification, disputes, and required records.
- Infrastructure backups: about four weeks to age out through rotation.
- Account and ordinary inquiry data: handled through a manual account-deletion workflow after the purpose ends or an authenticated deletion request is approved; required contract, tax, and dispute records are separated and access-restricted.
Except for the explicit verification and outbox mechanisms above, CiteAngle does not represent that every general database row is covered by an active scheduled purge. Send an account deletion request to mktartifex@artiaudit.com; we verify account or business authority, execute the manual workflow, and identify any record that must remain under law or contract.
6. US privacy rights and email choices
You may request access, correction, deletion, or a portable copy; withdraw consent; or ask about categories, sources, purposes, and recipients. Where state law applies, you may appeal a denied request and use an authorized agent. We verify identity and authority with proportionate account and business-contact information, not customer phone identity verification, and do not discriminate for exercising a right. See the California Attorney General’s CCPA resource for California rights.
Because CiteAngle does not sell personal information, share it for cross-context behavioral advertising, or operate third-party advertising trackers, browser Do Not Track and Global Privacy Control signals do not change a sale, sharing, or targeted-advertising practice today. We do not use such a signal as consent. If a covered practice is introduced, the applicable signal, opt-out, and confirmation controls will be implemented before the change.
Security, quote, contract, measurement-complete, and delivery messages are transactional. Promotional sending is disabled until a separate opt-in ledger, suppression check, sender identification, postal-address disclosure, and working opt-out have passed release tests. An opt-out will not affect contracted service, consistent with the FTC CAN-SPAM business guide.
7. Security and notice changes
Controls include least-privilege access, TLS transport, one-way password hashing, separation of authentication data, change records, restricted administrative access, and rotating backups. A material change to provider, country, retention, or user rights will be posted here before its effective date and communicated through an appropriate service channel.