Privacy Policy

1. Controller

The controller within the meaning of the GDPR is:
David Reinfelder
Prackenfels 7, 90518 Altdorf
Email: info@citepeak.com
Phone: +4915155553485

2. What data we process

• Account data: name, email address, password (stored only as a secure hash), workspace/company name.
• Usage data: the brands, prompts and competitors you create, plus the visibility metrics computed from them.
• Technical data: IP address, timestamps and server logs (for delivery, security and abuse prevention).
• Payment data: processed exclusively by our payment provider (Stripe); we do not store full card details.

3. Purposes & legal bases

Providing and billing the service to perform the contract (Art. 6(1)(b) GDPR); operating, securing and improving the service based on our legitimate interest (Art. 6(1)(f) GDPR); meeting legal obligations such as commercial/tax retention (Art. 6(1)(c) GDPR).

4. Hosting

The service is hosted by a processor with servers located in Germany. A data processing agreement (Art. 28 GDPR) is in place with the provider.

5. Recipients & processors

To provide the service we use carefully selected providers with whom data processing agreements are in place:

• AI answer engines via official APIs: OpenAI (USA), Anthropic (USA), Perplexity (USA), Google/Gemini (EU/USA) — your prompts are transmitted (no direct account data).
• Payment processing: Stripe (EU/USA).
• Email delivery: Infomaniak (Switzerland).
• Hosting: servers in Germany (see section 4).

6. Transfers to third countries

Where data is transferred to the USA, this is based on the EU Standard Contractual Clauses (Art. 46 GDPR) and — where certified — the EU-US Data Privacy Framework. For Switzerland an EU adequacy decision applies.

7. Retention

Raw AI-answer data is deleted after at most 90 days (data minimization). Account data is processed for the duration of the relationship; after termination it is deleted unless statutory retention periods require otherwise.

8. Cookies & analytics

We use strictly necessary cookies (e.g. for login/session). For reach measurement we use cookieless, privacy-friendly analytics (Umami, EU-hosted) — no cookies, no cross-site tracking, and no information stored on or read from your device; the legal basis is our legitimate interest (Art. 6(1)(f) GDPR). Because no cookies are set and no information is stored on or accessed from your device, no consent banner is required under §25(2) TDDDG. There is no advertising.

9. Your rights

You have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20) and objection (Art. 21 GDPR). In the dashboard you can export your data or delete your account at any time. Requests to: info@citepeak.com.

You also have the right to lodge a complaint with a supervisory authority, e.g. the Bavarian Data Protection Authority (BayLDA), Promenade 18, 91522 Ansbach, Germany.

10. No automated decisions / AI transparency

There is no automated decision-making producing legal effects on individuals (Art. 22 GDPR). The service uses AI to analyze AI answers; results are subject to AI model limitations and are non-deterministic (EU AI Act transparency).

Last updated: June 2026. This policy was prepared with care but does not replace individual legal advice.