b/cited
[ Privacy ]

We see less than
you'd expect us to.

[ 01 ]

What we receive

When you sign in we get your Google email, name, and profile picture, plus a refresh token scoped only to Search Console (read-only). The refresh token is stored encrypted at rest with AES-GCM using a key in Cloudflare's secret store; we use it to pull your search analytics on your behalf and for no other purpose.

[ 02 ]

What we read

From Search Console: the last 90 days of query and page impressions, clicks, CTR, and average position. Stored in Cloudflare D1 in a project namespace tied to your user id. Queries are embedded with OpenAI's text-embedding-3-small via Cloudflare AI Gateway and stored in Vectorize, namespaced per project.

[ 03 ]

What we don't do

  • / We don't train on your data.
  • / We don't sell or share with advertisers.
  • / We run no analytics or session-recording on the dashboard.
  • / We never write back to Search Console.
[ 04 ]

Cookies & local storage

b/cited sets only strictly necessary cookies. We have no analytics, advertising, or tracking cookies — and therefore no consent banner.

NamePurposeDuration
__Host-fr_sessionAuthenticates your signed-in session30 days
__Host-csrfCross-site request forgery protectionSession
cf_clearanceCloudflare Turnstile bot verification (on /scan)30 min

We also store your theme preference (fr-theme) in localStorage, which never leaves your browser.

[ 05 ]

Google API compliance

b/cited's use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, data we receive from Google Search Console (webmasters.readonly) and Google Drive (drive.file) is used only to deliver the AEO/SEO features described above. We do not transfer this data to third parties except as needed to provide or improve those features (Cloudflare for storage and compute, OpenAI for embeddings, Anthropic and Perplexity for AEO citation runs), we do not use it for advertising, and we do not allow humans — including b/cited staff — to read the data except (a) with your explicit consent for specific items, (b) for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) in aggregated/anonymized form for internal operations.

[ 06 ]

Deletion

Delete your account from the dashboard at any time. Hard-delete from D1, Vectorize, and R2 — no soft-delete, no analytics tail.

[ 07 ]

Contact