Privacy & data
Protected customer data
Cite Me is Level 0: it analyzes only your store content to predict and improve AI citability. It never reads orders, customers, or checkouts.
PCD LEVEL 0
What Cite Me accesses
read_products
Product titles, descriptions and on-page content — used for scoring and to ground generated answers.
read_content / write_content
Pages, blogs and policies; write-back of generated drafts — applied only after your explicit approval.
read_publications
Whether a page is published, so we score what shoppers and AI crawlers actually see.
Public storefront
robots.txt, llms.txt, sitemap.xml and rendered page HTML — read like any visitor, no token required.
What Cite Me never accesses
Orders, customers, checkouts, or any personally identifiable customer data. Cite Me does not request read_orders, read_customers or related scopes — it is structurally unable to read them.
How your data is handled
- Zero-retention AI: prompts (your catalog text) and AI responses are never logged or retained; only coarse, non-content metadata (token counts, latency) is recorded.
- Encrypted at rest: Shopify access tokens are stored with AES-256-GCM encryption.
- Deleted on uninstall: on app uninstall and on a Shopify shop-redaction request, all of your data is removed.
Honesty
All scores are predicted (heuristic) — not measured AI citations, rankings, or rich-result guarantees. Generated content is always a draft for you to review before anything is published.