CitronAI

For individuals in the European Economic Area, United Kingdom, and Switzerland, you can read this version⁠ of our Privacy Policy

We at CitronAI OpCo, LLC (together with our affiliates, “CitronAI”, “we”, “our” or “us”) respect your privacy and are strongly committed to keeping secure any information we obtain from you or about you. This Privacy Policy describes our practices with respect to Personal Data that we collect from or about you when you use our website, applications, and services (collectively, “Services”).

This Privacy Policy does not apply to content that we process on behalf of customers of our business offerings, such as our API. Our use of that data is governed by our customer agreements covering access to and use of those offerings.

For information about how we collect and use training information to develop our language models that power CitronXAI and other Services, and your choices with respect to that information, please see this help center article⁠(opens in a new window).

Personal Data we collect

We collect personal data relating to you (“Personal Data”) as follows:

ersonal Data You Provide: We collect Personal Data if you create an account to use our Services or communicate with us as follows:

Account Information: When you create an account with us, we will collect information associated with your account, including your name, contact information, account credentials, date of birth, payment information, and transaction history, (collectively, “Account Information”).
User Content: We collect Personal Data that you provide in the input to our Services (“Content”), including your prompts and other content you upload, such as files⁠(opens in a new window), images⁠(opens in a new window), and audio⁠(opens in a new window), depending on the features you use.
Communication Information: If you communicate with us, such as via email or our pages on social media sites, we may collect Personal Data like your name, contact information, and the contents of the messages you send (“Communication Information”).
Other Information You Provide: We collect other information that you may provide to us, such as when you participate in our events or surveys or provide us with information to establish your identity or age (collectively, “Other Information You Provide”).

Personal Data We Receive from Your Use of the Services: When you visit, use, or interact with the Services, we receive the following information about your visit, use, or interactions (“Technical Information”):

Log Data: We collect information that your browser or device automatically sends when you use our Services. Log data includes your Internet Protocol address, browser type and settings, the date and time of your request, and how you interact with our Services.
Usage Data: We collect information about your use of the Services, such as the types of content that you view or engage with, the features you use and the actions you take, as well as your time zone, country, the dates and times of access, user agent and version, type of computer or mobile device, and your computer connection.
Device Information: We collect information about the device you use to access the Services, such as the name of the device, operating system, device identifiers, and browser you are using. Information collected may depend on the type of device you use and its settings.
Location Information: We may determine the general area from which your device accesses our Services based on information like its IP address for security reasons and to make your product experience better, for example to protect your account by detecting unusual login activity or to provide more accurate responses. In addition, some of our Services allow you to choose to provide more precise location information from your device, such as location information from your device’s GPS.
Cookies and Similar Technologies: We use cookies and similar technologies to operate and administer our Services, and improve your experience. If you use our Services without creating an account, we may store some of the information described in this policy with cookies, for example to help maintain your preferences across browsing sessions. For details about our use of cookies, please read our Cookie Notice⁠.

Information We Receive from Other Sources: We receive information from our trusted partners, such as security partners, to protect against fraud, abuse, and other security threats to our Services, and from marketing vendors who provide us with information about potential customers of our business services.

We also collect information from other sources, like information that is publicly available on the internet, to develop the models that power our Services. For more information on the sources of information used to develop the models that power CitronXAI and other Services, please see this help center article⁠(opens in a new window).

How we use Personal Data

We may use Personal Data for the following purposes:

To provide analyze, and maintain our Services, for example to respond to your questions for CitronXAI;
To improve and develop our Services and conduct research, for example to develop new product features;
To communicate with you, including to send you information about our Services and events, for example about changes or improvements to the Services;
To prevent fraud, illegal activity, or misuses of our Services, and to protect the security of our systems and Services;
To comply with legal obligations and to protect the rights, privacy, safety, or property of our users, CitronAI, or third parties.

We may also aggregate or de-identify Personal Data so that it no longer identifies you and use this information for the purposes described above, such as to analyze the way our Services are being used, to improve and add features to them, and to conduct research. We will maintain and use de-identified information in de-identified form and not attempt to reidentify the information, unless required by law.

As noted above, we may use Content you provide us to improve our Services, for example to train the models that power CitronXAI. Read our instructions⁠(opens in a new window) on how you can opt out of our use of your Content to train our models.

Disclosure of Personal Data

We may disclose your Personal Data in the following circumstances:

Vendors and Service Providers: To assist us in meeting business operations needs and to perform certain services and functions, we may disclose Personal Data to vendors and service providers, including providers of hosting services, customer service vendors, cloud services, content delivery services, support and safety monitoring services, email communication software, web analytics services, payment and transaction processors, and other information technology providers. Pursuant to our instructions, these parties will access, process, or store Personal Data only in the course of performing their duties to us.
Business Transfers: If we are involved in strategic transactions, reorganization, bankruptcy, receivership, or transition of service to another provider (collectively, a “Transaction”), your Personal Data may be disclosed in the diligence process with counterparties and others assisting with the Transaction and transferred to a successor or affiliate as part of that Transaction along with other assets.
Government Authorities or Other Third Parties: We may share your Personal Data, including information about your interaction with our Services, with government authorities, industry peers, or other third parties in compliance with the law (i) if required to do so to comply with a legal obligation, or in the good faith belief that such action is necessary to comply with a legal obligation, (ii) to protect and defend our rights or property, (iii) if we determine, in our sole discretion, that there is a violation of our terms, policies, or the law; (iv) to detect or prevent fraud or other illegal activity; (v) to protect the safety, security, and integrity of our products, employees, users, or the public, or (vi) to protect against legal liability.
Affiliates: We may disclose Personal Data to our affiliates, meaning an entity that controls, is controlled by, or is under common control with CitronAI. Our affiliates may use this Personal Data in a manner consistent with this Privacy Policy.
Business Account Administrators: When you join a CitronXAI Enterprise or business account, the administrators of that account may access and control your CitronAI account, including being able to access your Content. In addition, if you create an account using an email address belonging to your employer or another organization, we may share the fact that you have an account and certain account information, such as your email address, with your employer or organization to, for example, enable you to be added to their business account.
Other Users and Third Parties You Interact or Share Information With: Certain features allow you to interact or share information with other users or third parties. For example, you can share CitronXAI conversations with other users via shared links⁠(opens in a new window). You can also send information to third-party applications, such as via custom actions for GPTs, or for searching the web to help answer questions that benefit from more recent information. Information you share with third parties is governed by their own terms and privacy policies, and you should make sure you understand those terms and policies before sharing information with them.

Retention

We’ll retain your Personal Data for only as long as we need in order to provide our Services to you, or for other legitimate business purposes such as resolving disputes, safety and security reasons, or complying with our legal obligations. How long we retain Personal Data will depend on a number of factors, such as:

Our purpose for processing the data (such as whether we need to retain the data to provide our Services);
The amount, nature, and sensitivity of the information;
The potential risk of harm from unauthorized use or disclosure;
Any legal requirements that we are subject to.

In some cases, the length of time we retain data depends on your settings. For example, CitronXAI temporary chats will not appear in your history and will be kept up to 30 days for safety purposes. You can find more information on data controls here⁠(opens in a new window).

Your rights

Depending on where you live, you may have certain statutory rights in relation to your Personal Data. For example, you may have the right to:

Access your Personal Data and information relating to how it is processed.
Delete your Personal Data from our records.
Update or correct your Personal Data.
Transfer your Personal Data to a third party (right to data portability).
Restrict how we process your Personal Data.
Withdraw your consent—where we rely on consent as the legal basis for processing at any time.
Object to how we process your Personal Data.
Lodge a complaint with your local data protection authority.

Children

Our Services are not directed to, or intended for, children under 13. We do not knowingly collect Personal Data from children under 13. If you have reason to believe that a child under 13 has provided Personal Data to CitronAI through the Services, please email us at privacy@openai.com⁠. We will investigate any notification and, if appropriate, delete the Personal Data from our systems. Users under 18 must have permission from their parent or guardian to use our Services.

Security

We implement commercially reasonable technical, administrative, and organizational measures designed to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or email transmission is ever fully secure or error free. Therefore, you should take special care in deciding what information you provide to the Services. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Service, or third-party websites.

Additional U.S. state disclosures

Some U.S. state privacy laws require specific disclosures. The following table provides additional information about the categories of Personal Data we collect and how we use and disclose that information. You can read more about the Personal Data we collect and where we collect it from in “Personal Data we collect” above, how we use Personal Data in “How we use Personal Data” above, and how we retain Personal Data in “Security and Retention” below.

Category of Personal Data

We collect the following information, as described above:

Identifiers, such as your name, contact details, IP address, and other device identifiers
Commercial information, such as your transaction history
Network activity information, such as Content and how you interact with our Services
Communication information, such as your contact information when you send us email
Geolocation data, such as the general area from which your device accesses our Services based on information like its IP address, or precise location information you choose to provide
Your account credentials and payment information

Use of Personal Data

We use this information for the following purposes, as described above:

Provide, analyze, and maintain our Services
Improve and develop our Services and conduct research
Communicate with you, including to send you information about our Services and events
Prevent fraud, illegal activity, or misuses of our Services, and to protect the security of our systems and Services
Comply with legal obligations and protect the rights, privacy, safety, or property of our users, CitronAI, or third parties

Disclosure of Personal Data

We may disclose this information in the following circumstances, as described above:

Vendors, service providers, and affiliates to process in accordance with our instructions
Government authorities or other third parties for the legal reasons described above
Parties involved in Transactions
Business account administrators for the reasons described above
Other users and third parties you interact or share information with

Depending on where you live and subject to applicable exceptions, you may have the following privacy rights in relation to your Personal Data:

The right to know information about our processing of your Personal Data, including the right to access your Personal Data, often in a portable format;
The right to request deletion of your Personal Data;
The right to correct your Personal Data; and
The right to be free from discrimination relating to the exercise of any of your privacy rights.

We do not “sell” Personal Data or “share” Personal Data for cross-contextual behavioral advertising, and we do not process Personal Data for “targeted advertising” purposes (as those terms are defined under state privacy laws). We also do not process sensitive Personal Data for the purposes of inferring characteristics about a consumer.

Exercising Your Rights. You can exercise privacy rights described in this section by submitting a request through privacy.openai.com⁠(opens in a new window) or to dsar@openai.com⁠.

Verification. In order to protect your Personal Data from unauthorized access, change, or deletion, we may require you to verify your credentials before you can submit a request to know, correct, or delete Personal Data. If you do not have an account with us, or if we suspect fraudulent or malicious activity, we may ask you to provide additional Personal Data for verification. If we cannot verify your identity, we will not be able to honor your request.

Authorized Agents. You may also submit a rights request through an authorized agent. If you do so, the agent must present signed written permission to act on your behalf and you may also be required to independently verify your identity with us. Authorized agent requests can be submitted to dsar@openai.com.

Appeals. Depending on where you live, you may have the right to appeal a decision we make relating to requests to exercise your rights. To appeal a decision, please send your request to dsar@openai.com⁠.

Changes to the privacy policy

We may update this Privacy Policy from time to time. When we do, we will publish an updated version and effective date on this page, unless another type of notice is required by applicable law.

How to contact us

Please contact support⁠(opens in a new window) if you have any questions or concerns not already addressed in this Privacy Policy.