United States · Privacy · Live provider register

US Privacy Notice

See what business data moves to each provider, where it goes, how long payloads remain, and which choices stay with you. Effective July 14, 2026 · version 5.

1. Controller and scope

ARTIFEX Co,. Ltd. (Korean name: 주식회사 아티펙스; Korean business registration number 239-88-03748) controls the personal information covered by this notice. The representative is Jungyeup SIM. The controller’s address is 1006, 391 Gangseo-ro, Gangseo-gu, Seoul, 07803, Republic of Korea, and its telephone number is +82-10-6342-7116.

Privacy requests: mktartifex@artiaudit.com · Privacy lead: Jungyeup SIM

CiteAngle is a B2B measurement and execution service. A business email, employee name, or account event can still be personal information and receives the protections in this notice. The service is not directed to children or anyone under 14.

2. Notice at collection: data and purposes

  • Account and contact: email, one-way password hash, email-verification record, name, company and role; when Google sign-in is chosen, Google sub, verified email, name, and profile image — account creation, authentication, security, and contact verification.
  • Inquiry and project: the full inquiry, reply address, brand, domain, industry, selected country and region, exact queries, target and competitor domains, supplied materials, measured responses, and review history — scoping, quoting, measurement, adjudication, and delivery.
  • Transaction: proposal, agreement, amount, currency, payment status, transaction identifier, refund, invoice, and tax evidence — contract performance, accounting, disputes, and required records.
  • Operations and security: connection IP, timestamp, path, browser or device characteristics, error and security events — delivery, abuse prevention, incident investigation, and availability.
  • Choices and evidence: manually selected region, notice version, terms/privacy acceptance, timestamp, and separate marketing choice — applying and proving the choice.

Do not submit government identifiers, passwords, payment-card or bank data, health or biometric data, private customer lists, or personal information unnecessary for the project. CiteAngle does not claim to operate an automated PII detector. The current controls warn before submission and exclude sensitive content found during operational review or request a safe substitute.

3. Current provider, transfer, and choice register

US input first reaches CiteAngle’s primary hosting in Seoul, Republic of Korea. Only the exact query, public domain, market condition, or other minimum input required for a contracted measurement cell is then sent to the US-provider APIs listed in the register below. We do not sell personal information, share it for cross-context behavioral advertising, or run third-party advertising trackers.

StatusParty and roleData and purposeCountry and methodRetention and limitsChoice and impactBasis
ActiveVultr · infrastructure processor operated by a US providerHosts account, inquiry, project and transaction databases, web requests, security logs, and backupsPrimary storage and processing in Vultr’s Seoul, Korea region over HTTPS and controlled server access; limited international provider support or security access may occur. Vultr compliance informationPurpose-specific periods below; rotating infrastructure backups take about four weeks to age outRequired infrastructure; refusal prevents site, account, and report deliveryRequested steps and contract performance; secure service operation
ActiveResend · transactional and service-email processorRecipient, reply-to, subject, and HTML body; HTML can contain the full inquiry or delivery noticeTLS from the Seoul server to Resend’s US-centered API and onward to the recipient mailbox. Resend DPALocal terminal outbox payload is scrubbed once it is more than 30 days old. The Resend account’s open/click tracking and exact provider-side retention settings have not yet been verified; review precedes any reliance on tracking settingsWithout an email address, automated quote and delivery notices are unavailable; an alternative channel may be agreed before contractResponding to a request and performing the service contract
ActiveGoogle-hosted operating mailbox · business-email processorThe full inquiry, sender and reply address, and any attachment later emailed to the operating team for review and responseDelivery through Resend to Google’s global mail infrastructure. The current Workspace data-region and DPA account settings have not yet been verifiedManaged through the manual account-deletion and legal-record workflow when the inquiry closes or deletion is approved; provider deletion and backup behavior follows Google’s retention explanationRefusal means email inquiry cannot be used; a minimum-data alternative channel can be agreed before contractUser-requested pre-contract steps and business communication
OptionalGoogle OAuth · optional authentication processorGoogle sub, verified email, name, and profile image for account creation and login. OAuth access, refresh, and ID tokens are not retained in the database after the callbackTLS between the browser and Google and between the Seoul server and Google OAuth endpoints. Google OAuth documentationLocal account data remains until an approved manual deletion request; Google-side records follow the user’s Google account and provider policyEmail and password registration remains available if Google sign-in is declinedUser-initiated optional authentication and account service
Active measurementOpenAI API · AI-search measurement processorExact measurement query, public brand and target domain, market conditions, and generated response; business contact details are not intentionally includedTLS from the Seoul server to the OpenAI API; processed and stored in the United States per the configured data-residency region; requests set store:falseAPI input and output are not used to train OpenAI models by default (opt-in only). store:false opts out of response storage but is not ZDR; abuse-monitoring logs are retained for up to 30 days and then deleted. OpenAI API privacy and retentionDeclining removes the OpenAI cell and requires a revised scope and quoteRequested B2B measurement and contract performance
Active measurement and judgingAnthropic API · AI measurement and adjudication processorExact query and response, target and competitor domains; the judge also receives output from other providers for cross-provider adjudicationTLS from the Seoul server to the Anthropic API; data is stored in the United States, and inference may be routed across US, European, Asian, and Australian infrastructureInputs and outputs are not used for model training and are automatically deleted within 30 days by default (trust-and-safety review can extend this); CiteAngle does not represent that a separate ZDR agreement is active. Anthropic retention informationDeclining removes Anthropic measurement and judging and requires a revised verification methodContracted measurement and result verification
Active measurementPerplexity API · AI-search measurement processorExact query and response with public brand and domain conditionsTLS from the Seoul server to the API of Perplexity AI, Inc., a US companyAPI prompts and responses are not retained (ZDR) and are not used for model training; billing and usage metadata is retained. Perplexity API privacy and securityDeclining removes the Perplexity cell and requires a revised scope and quoteRequested B2B measurement and contract performance
Active measurementxAI API · AI-search measurement processorExact query, public brand and domain conditions, and generated responseTLS from the Seoul server to the xAI API; processed in the United States, where xAI maintains its primary data centers; requests set store:falseInputs and outputs are not used for model training without explicit permission. store:false is used but is not ZDR; requests and responses are stored for 30 days for abuse auditing and then deleted. xAI API security and retentionDeclining removes the xAI cell and requires a revised scope and quoteRequested B2B measurement and contract performance
Active search measurementSerpApi · search-result collection processorExact query, location such as country/city/state, portal parameters, and returned search resultsTLS from the Seoul server to the API of SerpApi, LLC, a US (Texas) company; the hosting server region is not published; deliverable measurement uses no_cache=trueno_cache is a freshness setting, not a privacy or no-retention setting. Search Archive can retain a result for up to 31 days. Archive information. Separate ZeroTrace activation is not currently verifiedDeclining removes the affected Google, Bing, or other portal cells and requires a revised scope and quoteContracted regional search measurement
Conditional enrichmentYouTube Data API · public video-metadata enrichmentSends only a public video ID already found in measurement to enrich public title, channel, and statistics; no account or inquiry dataTLS from the Seoul server to Google’s API. videos.list documentationLocal measurement-source period: 90 days for a free snapshot or up to five years for paid-audit evidence. Current provider-log account settings are not represented as verifiedIf declined or no key is configured, video enrichment is omitted and the core audit continuesContracted public-surface measurement
Disabled nowCloudflare · potential future CDN, security, and coarse-region processorIf enabled, the edge would process connection IP and request metadata and send only coarse country/region headers to origin; raw IP would not be stored in a location receiptTrusted geo is currently disabled and region selection is manual. Global edge processing can begin only when SNAP_GEO_PROXY_PROVIDER=cloudflare and SNAP_GEO_ORIGIN_LOCKED=true are both verified. Cloudflare DPAExact retention and account configuration will be disclosed before activation; no current Cloudflare location processingManual region selection remains available, so declining has no core-service impactNo current processing basis; if activated, service security and a requested coarse default
Planned; inactivePortOne V2, Toss Payments, and PayPal SPB · potential future payment providersIf activated: transaction identifier, amount, currency, payment and refund statusNo live checkout or current API transfer. Review plan: Toss/KRW for Korea and PayPal/USD for US and JapanNo activation until contracts, legal/tax review, and provider-specific retention are finalizedNo present impact; the service remains inquiry-and-quote firstNo current processing basis; a checkout notice and contract basis will be established before activation

A mailbox provider selected by the user or the user’s employer receives email at that recipient’s direction. It is an independent recipient facility, not a processor selected or managed by ARTIFEX Co., Ltd. We may also disclose information under valid legal process, to protect rights and security, or in a business transfer with equivalent safeguards.

Region selection is currently manual. CiteAngle does not request GPS or precise device-location permission. A Cloudflare coarse default can be used only after both trust settings and the origin lock above are verified, and a manual selection always wins.

  • ca_state: random anti-forgery value for optional Google OAuth; 10 minutes and deleted after callback.
  • ca_next: safe same-site return path after OAuth; 10 minutes and deleted after callback.
  • ca_sess: login session containing email, expiration, and an HMAC signature; 30 days.

All three are HttpOnly, SameSite=Lax, and Path=/; Secure is set when the public base URL is HTTPS. CiteAngle does not operate advertising or analytics cookies. The first two are not created unless OAuth is used. Blocking the session cookie leaves public pages available but disables login.

5. Retention and deletion as implemented

  • Email verification: the verification row is deleted before return when verification succeeds, expiry is evaluated, or the maximum attempt count is reached. A new code request replaces the earlier row.
  • Email outbox: when a sent or terminal-failed message is more than 30 days old, recipient, subject, HTML, and last error are scrubbed while status, dedupe, and related-business metadata remain. Pending and sending payloads remain until terminal so durable delivery is not weakened.
  • Free snapshot source data: 90 days for quality and reproducibility review.
  • Paid-audit source data and delivery evidence: up to five years for contract verification, disputes, and required records.
  • Infrastructure backups: about four weeks to age out through rotation.
  • Account and ordinary inquiry data: handled through a manual account-deletion workflow after the purpose ends or an authenticated deletion request is approved; required contract, tax, and dispute records are separated and access-restricted.

Except for the explicit verification and outbox mechanisms above, CiteAngle does not represent that every general database row is covered by an active scheduled purge. Send an account deletion request to mktartifex@artiaudit.com; we verify account or business authority, execute the manual workflow, and identify any record that must remain under law or contract.

6. US privacy rights and email choices

You may request access, correction, deletion, or a portable copy; withdraw consent; or ask about categories, sources, purposes, and recipients. Where state law applies, you may appeal a denied request and use an authorized agent. We verify identity and authority with proportionate account and business-contact information, not customer phone identity verification, and do not discriminate for exercising a right. See the California Attorney General’s CCPA resource for California rights.

Because CiteAngle does not sell personal information, share it for cross-context behavioral advertising, or operate third-party advertising trackers, browser Do Not Track and Global Privacy Control signals do not change a sale, sharing, or targeted-advertising practice today. We do not use such a signal as consent. If a covered practice is introduced, the applicable signal, opt-out, and confirmation controls will be implemented before the change.

Security, quote, contract, measurement-complete, and delivery messages are transactional. Promotional sending is disabled until a separate opt-in ledger, suppression check, sender identification, postal-address disclosure, and working opt-out have passed release tests. An opt-out will not affect contracted service, consistent with the FTC CAN-SPAM business guide.

7. Security and notice changes

Controls include least-privilege access, TLS transport, one-way password hashing, separation of authentication data, change records, restricted administrative access, and rotating backups. A material change to provider, country, retention, or user rights will be posted here before its effective date and communicated through an appropriate service channel.

Ready to turn US visibility evidence into a market plan? Tell us the US buyer, target state and decision date.

Request a working scope