Data Processing & Privacy
Roles, subprocessors, retention, and privacy requests
Summary
We aim to operate with GDPR-aligned controls (data minimization, access controls, retention/deletion workflows, and transparent processing). This page is informational and does not constitute legal advice.
Legal entity: TEMNIKOVA LDA (Portugal).
Controller / Processor
Depending on the context, Citedy may act as a data processor or a data controller. The table below is a practical summary for most customers.
| Context | Customer | Citedy |
|---|---|---|
| Workspace content & service data | Controller | Processor |
| Account administration (signup, auth) | — | Controller |
| Billing (paid customers) | Controller | Controller/Processor (depending on the billing flow) |
| Security/abuse prevention | — | Controller |
Retention
We retain service data to operate the product and fulfill customer requests. Retention depends on feature usage and your workspace settings.
- Service data: retained while the workspace is active; can be removed via workspace deletion.
- Workspace deletion: deletion is scheduled with a grace period to prevent accidental loss.
- Legal hold: certain billing, security, and audit logs may be retained where legally required or necessary to protect the service.
Privacy Requests (DSAR)
To request access, export, correction, or deletion (where applicable), contact [email protected] or use the in-app export tools where available.
See the full process on DSAR.