Privacy Policy

Last updated:

Dec 4, 2025

This Privacy Policy explains how CiteWorks Studio (“CiteWorks Studio”, “we”, “us”, or “our”) collects, uses, discloses, and safeguards personal information when you:

  • Visit our website [citeworksstudio.com] (“Site”),

  • Communicate with us (e.g., by email, contact forms, or social media), or

  • Use our marketing, social media, community management, AI-powered, and related services (collectively, the “Services”).

By using our Site or Services, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Site or Services.

This Privacy Policy is for general information only and does not constitute legal advice.


1. Who We Are and How to Contact Us

CiteWorks Studio is a digital marketing and social media services company that helps brands increase their online presence and engagement, including on platforms such as Reddit and other social networks.

If you have any questions about this Policy or how we handle your data, you can contact us at:

2. Scope – Who This Policy Applies To

This Privacy Policy applies to:

  • Website visitors

  • Prospective clients and leads

  • Clients and their representatives

  • People whose information we process in the course of providing Services to our clients (e.g., social media users we interact with on behalf of clients)

When we handle personal data on behalf of our clients (for example, interacting with their audiences on social media), we generally act as a processor/service provider, and the client’s own privacy policy and instructions govern how that data is ultimately used.

If you believe a brand we work with has shared your data with us, you may also need to contact that brand directly to exercise your rights.


3. Information We Collect

The information we collect depends on how you interact with us.

3.1 Information You Provide Directly

You may provide personal information to us when you:

  • Fill out a contact or inquiry form on our Site

  • Request a proposal or sign a Service Agreement

  • Subscribe to a newsletter or updates

  • Communicate with us by email, phone, or social media

  • Provide access to your social media or advertising accounts so we can manage them on your behalf

  • Make payments for our Services

This may include:

  • Contact details – Name, business name, job title, email address, phone number, country, and any other information you choose to share.

  • Account and access details – Usernames, page IDs, or roles/permissions you grant us on platforms such as Reddit and other social networks, advertising platforms, and analytics tools.

  • Business information – Information about your company, your products or services, target audience, marketing goals, and brand guidelines.

  • Billing information – Invoicing details, billing address, tax information. (Payment card details are typically processed by third-party payment processors; we do not store full card details.)

  • Content and communications – Any emails, messages, or other communications you send us, as well as files you upload or share (briefs, customer lists, content, etc.).

3.2 Information We Collect Automatically

When you visit our Site or interact with our Services, we may automatically collect certain information using cookies and similar technologies (see Section 9).

This can include:

  • Usage data – Pages visited, links clicked, time spent on pages, referring URLs.

  • Device and technical data – IP address, browser type and version, device type, operating system, approximate location (city/country level), and other technical identifiers.

We use this information to maintain and improve our Site, understand how visitors use it, and secure our systems.

3.3 Information We Receive From Third Parties

We may receive information about you from:

  • Clients – If you are an employee, representative, or customer of one of our clients, they may share your details with us in connection with the Services.

  • Social media and advertising platforms – When you connect or grant us access (e.g., Reddit, Facebook, Instagram, LinkedIn, Google, X, etc.), we may receive account-related data, analytics, and engagement metrics as allowed by the platform’s APIs and your permissions.

  • Partners and service providers – For example, analytics providers, CRM tools, or lead sources.

The information we receive in this way depends on the privacy settings, permissions, and choices you and our clients make on those platforms.

4. How We Use Your Information

We use personal information for the following purposes:

  1. To provide and manage our Services

    • Setting up and managing client accounts

    • Planning, executing, and optimizing marketing campaigns and social media activities

    • Creating and publishing content (including AI-assisted content, subject to your approvals and instructions)

    • Monitoring and reporting performance

  2. To communicate with you

    • Responding to inquiries and support requests

    • Sending service-related notifications (e.g., onboarding, changes, incident notifications)

    • Sending administrative information, invoices, and reminders

  3. To operate, improve, and secure our Site and Services

    • Analyzing how visitors use our Site

    • Troubleshooting, testing, and improving functionality and user experience

    • Detecting and preventing fraud and security incidents

  4. To market our Services

    • Sending newsletters, marketing or promotional communications (where permitted by law)

    • Creating and sharing case studies or testimonials, with appropriate consent and subject to confidentiality obligations

  5. To comply with legal obligations and enforce rights

    • Complying with applicable laws, regulations, and legal processes

    • Enforcing our contracts and protecting our rights, privacy, safety, or property

5. Legal Bases for Processing (Where Applicable)

If you are in a region that requires a legal basis for processing (such as the European Economic Area or UK), we rely on one or more of the following:

  • Performance of a contract – When processing is necessary to provide the Services or take steps at your request before entering into a contract.

  • Legitimate interests – For example, to manage relationships with clients, improve our Services, secure our systems, and carry out marketing activities in a proportionate and privacy-respecting way.

  • Consent – Where required by law (for example, certain marketing communications or non-essential cookies). You can withdraw consent at any time.

  • Legal obligations – Where processing is necessary to comply with applicable laws and regulations.

6. How We Share Personal Information

We do not sell your personal information. We may share it in the following limited situations:

  1. Service providers and vendors
     We may share information with trusted third-party providers who perform services for us, such as:

    • Hosting and infrastructure

    • Analytics and performance monitoring

    • Customer relationship management (CRM)

    • Email and communication tools

    • Payment processing

    • Collaboration and project management tools

  2. These providers are only allowed to process personal information as necessary to provide services to us and must protect it appropriately.

  3. Clients (when acting as a processor)
     When we process information on behalf of a client, we may share relevant data and reports with that client in accordance with our contract and their instructions.

  4. Social media and advertising platforms
     When we manage your presence or campaigns on third-party platforms, information may be shared with those platforms as needed, according to their own terms and privacy policies.

  5. Business transfers
     If we are involved in a merger, acquisition, restructuring, or sale of assets, personal information may be transferred as part of that transaction, subject to appropriate confidentiality protections.

  6. Legal and safety reasons
     We may disclose information if we believe it is necessary to:

    • Comply with laws, regulations, or court orders

    • Respond to lawful requests from public or government authorities

    • Protect the rights, property, or safety of CiteWorks Studio, our clients, or others

    • Detect, prevent, or investigate fraud, abuse, or security incidents

7. International Data Transfers

Because we work with clients and service providers in different countries, your personal information may be transferred to, stored, and processed in jurisdictions other than your own, which may have different data protection laws.

Where required by law, we take steps to ensure that appropriate safeguards are in place for such transfers, such as:

  • Contractual protections (e.g., standard contractual clauses), and/or

  • Transfers to countries recognized as providing an adequate level of protection.

8. Data Retention

We retain personal information for as long as reasonably necessary to:

  • Provide the Services to you or our clients

  • Fulfill the purposes described in this Privacy Policy

  • Comply with legal, tax, and accounting requirements

  • Resolve disputes and enforce our agreements

When no longer needed, we will take reasonable steps to delete or anonymize the information. The specific retention period may vary depending on the type of data and our legal obligations.


9. Cookies and Similar Technologies

We may use cookies, pixels, and similar technologies on our Site to:

  • Remember your preferences and settings

  • Analyze how visitors use and navigate the Site

  • Improve our Site and marketing efforts

The types of cookies we may use include:

  • Strictly necessary cookies – Required for basic Site functionality.

  • Analytics/performance cookies – Help us understand Site usage and improve performance.

  • Functionality cookies – Remember your choices and preferences.

  • Advertising/marketing cookies – Help us or partners show more relevant ads (if used).

You can usually control cookies through your browser settings or cookie banners (where provided), including blocking or deleting them. However, if you disable certain cookies, some parts of the Site may not function properly.

If you need a detailed Cookie Policy or cookie table, we can provide and maintain that separately.


10. Your Rights and Choices

Depending on your location and applicable law, you may have some or all of the following rights regarding your personal information:

  • Access – To obtain confirmation of whether we process your personal data and to receive a copy.

  • Correction – To request correction of inaccurate or incomplete information.

  • Deletion – To request that we delete your personal data, subject to certain exceptions.

  • Restriction – To request that we limit the processing of your information in certain circumstances.

  • Objection – To object to processing based on our legitimate interests or for direct marketing.

  • Data portability – To receive personal data in a structured, commonly used and machine-readable format and have it transferred to another controller, where technically feasible.

  • Withdraw consent – Where we rely on consent, you can withdraw it at any time.

To exercise your rights, please contact us at [[email protected]]. We may need to verify your identity before responding.

If you receive marketing emails from us, you can opt out at any time by using the unsubscribe link in the email or contacting us directly.

If you are in the EEA/UK and believe we have not handled your data properly, you also have the right to lodge a complaint with your local data protection authority.


11. Children’s Privacy

Our Site and Services are intended primarily for business users and are not directed to children under the age of 16 (or the age required by your local law).

We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us, and we will take appropriate steps to delete such information.


12. Security

We use reasonable technical and organizational measures to protect personal information from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

However, no method of transmission over the internet or method of electronic storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security.

If you believe your interaction with us is no longer secure (for example, you suspect your account access with us has been compromised), please contact us immediately.


13. Third-Party Websites and Services

Our Site or communications may contain links to third-party websites, services, or social media platforms. We are not responsible for the privacy practices of those third parties.

We encourage you to review the privacy policies of any third-party sites or services you use.


14. Acting on Behalf of Our Clients (Processor Role)

When we provide Services to clients, we may process personal data (for example, social media usernames, comments, or other engagement data) strictly on their instructions.

In these situations:

  • The client is usually the controller of the personal data.

  • We act as a processor/service provider under our contract with them.

If you are an end user or customer of one of our clients and have questions or requests about your personal information, please contact the relevant client directly. We will support them, as appropriate, in responding to your requests.


15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do:

  • We will post the updated Policy on this page with a new “Last updated” date.

  • If the changes are material, we may also provide additional notice (e.g., by email or via the Site), where required by law.

Your continued use of the Site or Services after any changes become effective means you accept the updated Policy.