Citely
Pricing
The platform
GEO Audit & Scorescores every product on AI readabilityAI Citationswho cites you, where, on which queryFeed ↔ page coherenceprice, stock, GTIN gaps detectedAI Merchant feedstructured feed for the enginesEnrichmentfactual content, multilingualNLWeb / MCP agentsexpose your catalog to AI
Overview

One single layer.

Audit, optimization, coherence and agents — everything engines read about your store, in one place.

Explore the platform
For who
Shopify brandse-commerce storesAgencies & partnersmultiple catalogsBy industryfashion, beauty, electronics…Enterprisemulti-catalog, SLA, support
Coverage

5

AI engines monitored: Claude, ChatGPT, Gemini, Perplexity, Google AI
See what we track
Learn
BlogGEO / AEO newsGEO guidespractical playbooksGlossaryGEO, AEO, schema, MCP…Case studiescustomer resultsChangelogproduct updatesDocstechnical documentation
Featured

Why your product pages are invisible to ChatGPT.

The guide to understand what answer engines read — and what they ignore.

Read the article
Citely
Product
GEO Audit & ScoreAI CitationsFeed ↔ page coherenceAI Merchant feedEnrichmentNLWeb / MCP agents
Solutions
Shopify brandsAgencies & partnersBy industryEnterprise
Resources
BlogGEO guidesGlossaryCase studiesChangelogDocs
Pricing
Log inSign Up
Legal Security

Security

How Citely protects your data — and, just as important, what isn't in place yet. We describe the real state of our security, without displaying certifications we don't have.

Last updated · June 27, 2026
Contents
1Our approach2Data protection3Infrastructure & hosting4Shopify permissions5Data & AI6Data lifecycle7Compliance & GDPR8Report a vulnerability9On our roadmap10Contact

1. Our approach

Security is handled seriously and proportionately. Citely mostly handles product data, not payment data or customer profiles. We apply the principle of least privilege and strictly limit what the app can read and write.

Citely is a young product. We prefer to honestly describe our current measures rather than claim standards we haven't reached. What's on the roadmap is marked as such.

2. Data protection

  • Encryption in transit: all communications go over TLS (HTTPS).
  • Restricted access: access to data is limited to what's strictly necessary to operate the Service.
  • Logging: sensitive operations are logged for security and debugging.
  • Minimization: we don't collect more data than necessary.

3. Infrastructure & hosting

The Service relies on reputable hosting and database providers. The final hosting setup is being rolled out; an option for hosting and processing in the EU is planned. The list of providers is in the Privacy Policy.

4. Shopify permissions

Citely requests the minimum permissions needed: read access to the catalog and limited write access to metafields in its dedicated namespace. It does not access your store's orders, customers or payments.

You stay in control: uninstalling the app revokes access and removes the added layer. Everything is additive and reversible.

5. Data & AI

To generate the structured-data layer, some catalog information is sent to an AI model provider (Anthropic), solely to produce the requested output. We select providers whose API terms exclude training on transmitted data. Citely does not train models on your data.

6. Data lifecycle

Catalog data is processed while your store is connected and removed on uninstall. Technical logs are kept for a short period. Retention details are in the Privacy Policy.

7. Compliance & GDPR

  • GDPR-aligned practices; EU-based development.
  • DPA (data processing agreement) provided on request — see DPA.
  • Formal certifications (e.g. SOC 2, ISO 27001) are not yet in place: that's on the roadmap, and we don't display it as done.

8. Report a vulnerability

If you discover a security flaw, write to us at privacy@trycitely.com with the details needed to reproduce it. Please do not exploit it or disclose it publicly before we've had a chance to fix it. We acknowledge receipt and handle good-faith reports in good faith.

9. On our roadmap

What we plan to strengthen as the product grows:

  • Hosting and processing with an EU option.
  • SSO / SAML for enterprise rollouts.
  • Per-user, role-based access control.
  • Progress toward formal certifications (SOC 2, ISO 27001).

10. Contact

Security or data-protection questions: privacy@trycitely.com.

A question about this document?

Write to us at privacy@trycitely.com — we answer directly.