PL Run free audit

Trust & Security

Security at CitePulse

Last updated: June 2026

TEMPLATE — pending legal review before launch. This page is a working draft prepared for review by qualified counsel and our security lead. It describes intended practices and is not a contractual commitment until reviewed and approved.

CitePulse is built for enterprise buyers who need to know where their data goes and how it is protected. We keep our footprint small on purpose: we collect little, encrypt what we hold, and run on infrastructure that is secure by default.

Infrastructure

CitePulse runs on Cloudflare, including its global edge network, compute and storage. We benefit from Cloudflare's built-in DDoS protection, web application firewall and network-level controls. We do not operate our own data centers, reducing the surface area we must secure directly.

Encryption

  • In transit: all traffic to and from CitePulse is encrypted with TLS (HTTPS) across the entire site and API.
  • At rest: data stored within our Cloudflare infrastructure is protected by the platform's storage encryption.
  • Secrets: API credentials and keys are stored as managed secrets, never in source code.

Data minimization

We collect only what we need to run an audit and deliver results: the domain and industry you submit, and the email address you provide for your report. We do not require account creation for the free audit, we do not store full payment card numbers (handled by Stripe), and audit queries sent to AI providers concern the audited business and its market, not your personal contact details. See the Privacy Policy for the full description.

Sub-processors

We rely on a short list of vetted sub-processors, each engaged only for a specific function:

ProviderFunction
CloudflareHosting, CDN, edge compute, security, storage
ResendTransactional email (reports and notices)
StripePayment processing and billing
OpenAI, Anthropic, Google, PerplexityAI model queries for citation testing

The authoritative, detailed list is maintained in our Data Processing Addendum.

Compliance

We design our processing to be GDPR-aware and we support data-subject rights as described in our Privacy Policy. SOC 2 is on our roadmap — we have not yet completed a SOC 2 examination, and we will update this page when our status changes. We will not claim certifications we do not hold.

Access control and operations

  • Access to production systems is limited to authorized personnel on a least-privilege basis.
  • Administrative access uses strong authentication.
  • We log access and key operations for security and reliability monitoring.

Responsible disclosure

We welcome reports from security researchers. If you believe you have found a vulnerability, please email [email protected] with the subject line "Security disclosure" and enough detail to reproduce the issue. Please give us a reasonable opportunity to investigate and remediate before public disclosure, and do not access or modify data that is not yours. We will acknowledge valid reports and keep you informed of remediation progress.

Contact

Operated by GeoAI Solutions LLC, Sheridan, Wyoming, USA. Security and privacy contact: [email protected].