Privacy policy and Google data use
Last updated: April 5, 2026. This page explains CitationGraph core privacy policy for public-site inquiries, invite requests, connected-site telemetry, and Google Analytics read-only data, plus region-specific disclosure notes where local law may require more detail.
Who we are
CitationGraph is operated by Gravity Technology. For privacy inquiries, contact analytics@gravity.dev. This entity acts as the data controller (or equivalent under applicable law) for personal data collected through this website and the hosted product.
Public website and inquiries
The public CitationGraph website exists to explain the product, link to the dashboard, and provide reference material. If you join the waitlist, request a demo, or contact the team, the information you submit is used only to respond to that request and continue onboarding or commercial evaluation.
Google Analytics connection scope
When a customer connects Google Analytics 4, CitationGraph requests only the Google scope analytics.readonly. That scope gives read-only access to reporting data for the selected GA4 property. CitationGraph does not request write, publish, or account-admin permissions for Google Analytics.
What GA4 data we read
For a connected GA4 property, CitationGraph reads reporting data needed to validate AI traffic and attribution, including property ID, sessions, users, session source breakdowns, daily trends, bounce rate, engagement rate, add-to-cart totals, ecommerce purchases, and revenue totals that are available through the GA4 Data API.
How we use GA4 data
CitationGraph uses GA4 read-only data to validate after-click AI traffic, compare first-party telemetry against GA4 baselines, populate product reports and dashboards, and improve attribution and diagnostic accuracy for the connected site.
Legal bases for processing
Where a legal basis is required, CitationGraph relies on: (a) pre-contractual steps for waitlist and demo requests; (b) contract performance for GA4 data connected by customers; (c) legitimate interests for product improvement and security monitoring; (d) consent where specifically required by applicable cookie or tracking law. You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
Cookies and tracking technologies
The public CitationGraph website does not set advertising or cross-site tracking cookies. Essential cookies may be used for language preference and session continuity. The hosted product may use functional cookies necessary for authentication, workspace state, and dashboard rendering. CitationGraph does not participate in third-party ad networks or cross-context behavioral tracking.
Storage and retention
CitationGraph stores the connected GA4 property ID and refresh token while the connection remains active. Synced GA4 summaries may be cached or persisted inside the hosted product so the connected workspace can render reports. Analytics event records in the hosted product are deleted according to the configured retention policy, which is 90 days by default. You may also request deletion of connected GA4 data.
Retention schedule
Waitlist submissions: retained until onboarding is complete or the request is withdrawn. Contact form data: retained for up to 12 months after the last interaction. GA4 refresh tokens: deleted within 7 days of disconnection. Synced GA4 report data: deleted per workspace retention policy (default 90 days). Server logs: retained for up to 30 days for security and debugging.
Sharing and restricted use
CitationGraph does not sell Google user data and does not share it with unrelated third parties for advertising. Google Analytics data may be processed by hosting, database, or infrastructure providers that operate CitationGraph on our behalf. CitationGraph does not use Google user data to develop, improve, or train generalized AI or machine-learning models.
International data transfers
CitationGraph is hosted on Google Cloud (asia-northeast1 region). Data may be processed in jurisdictions where Google Cloud infrastructure operates. Where data is transferred outside the EEA or UK, CitationGraph relies on Google Cloud data processing terms, which include Standard Contractual Clauses or equivalent safeguards recognized under applicable law.
Revocation and deletion
A connected customer can disconnect GA4 inside CitationGraph settings to stop future syncs. Access can also be revoked from the customer Google account permissions. If you need assistance deleting connected GA4 data, contact CitationGraph through the contact page or at analytics@gravity.dev. Deletion requests will be processed within 30 days.
EU, EEA, and UK notices
Where EU, EEA, or UK law applies, Gravity Technology acts as the data controller. Processing purposes, retention periods, recipients, and legal bases are described in the sections above. Individuals may exercise their rights to access, rectify, erase, restrict, object to processing, request data portability, or lodge a complaint with a supervisory authority by contacting analytics@gravity.dev.
California notices
Where California law applies, CitationGraph intends this policy to function together with a notice at collection: the categories of information collected, the purposes of use, and the rights available under applicable California privacy law. CitationGraph does not sell Google user data and does not share it for cross-context behavioral advertising. California residents may request disclosure or deletion by contacting analytics@gravity.dev.
Japan, Korea, and China notices
Where Japan, Korea, China, or similar regional laws apply, CitationGraph may need to provide more specific disclosures about items collected, purpose of use, retention, overseas processing, or entrusted processors. The applicable local-language version of this policy is provided for readability, and CitationGraph may supplement this page with region-specific notices or customer-facing disclosures when required by local law or by the implementation model. The hosted product is not currently marketed to individual consumers in mainland China.
Changes to this policy
CitationGraph may update this privacy policy from time to time. Material changes will be noted by updating the date at the top of this page. Continued use of the website or connected product after a posted change constitutes acceptance of the updated policy.
Common questions
What Google Analytics permission does CitationGraph request?
CitationGraph requests only the Google Analytics read-only scope: https://www.googleapis.com/auth/analytics.readonly. It does not request write, publish, or account-admin permissions for GA4.
Does CitationGraph use Google Analytics data for ads or model training?
No. CitationGraph does not sell Google user data, does not share it with unrelated third parties for advertising, and does not use Google user data to develop, improve, or train generalized AI or machine-learning models.
How can I stop sync or request deletion?
You can disconnect GA4 inside CitationGraph settings, revoke access from your Google account permissions, and contact CitationGraph if you need deletion assistance for connected GA4 data.
Do you publish separate privacy pages for every country?
Not necessarily. CitationGraph uses one core privacy policy with region-specific disclosures where local law requires more detail. If a market such as China needs a clearer local module or separate notice, CitationGraph may supplement the main policy.