Privacy
Privacy policy.
Last updated: 4 June 2026.
This policy explains what data I collect through patrickrobinson.consulting and the Citation Engine service, how I use it, who it is shared with, and the rights you have over it. The data controller is Patrick Robinson, a sole trader based in the United Kingdom.
1. What I collect
Site visitors: anonymous, cookie-free traffic statistics via Cloudflare Web Analytics. No tracking cookies, no advertising pixels.
Enquiries: whatever you submit through the contact form (typically your name, email, and message).
Customers: to set up and run a subscription I collect your name, business name, email, company domain, billing address, and any tax ID you provide. Card payments are processed by Stripe — I do not see or store full card numbers.
Audit data: the Citation Engine queries public AI search engines with category and buyer-intent queries about your market, and records the source URLs and citation patterns those engines return. These queries do not contain your customers' personal data, and the audit stores aggregated source and citation information, not personal data about third parties.
2. How I use it, and the legal basis
I use this data to deliver and bill the service, provide support, and communicate with you about your engagement. Under UK GDPR the legal bases are: performance of our contract (delivering and billing the service), my legitimate interests (running and securing the business, anonymous analytics), and consent where it applies (for example, an enquiry you choose to send). I do not sell your data or use it for third-party advertising.
3. Who it is shared with
I use a small set of trusted processors to run the service: Stripe (payments and subscription billing), the AI search engines queried during an audit (Perplexity, OpenAI, Anthropic, and Google — which receive the queries, not your account data), Airtable (where audit and account records are stored), Gamma (which generates the audit deliverable), and Cloudflare (hosting and analytics). Each processes data only to provide its part of the service. I share data otherwise only where the law requires it.
4. International transfers
Some of these processors are based outside the UK, including in the United States. Where data is transferred internationally, it is covered by the safeguards those providers offer (such as standard contractual clauses or equivalent).
5. How long I keep it
Account and billing records are kept for the life of the engagement and for as long afterwards as tax and accounting law requires. Audit citation data is retained so that re-audits can be compared over time. Enquiry messages are kept only as long as needed to deal with them.
6. Security
I take reasonable measures to protect the data I hold, and payment data is handled by Stripe under its PCI-compliant infrastructure rather than by me directly.
7. Your rights
Under UK GDPR you can ask to access, correct, delete, or receive a copy of your personal data, and you can object to or restrict certain processing. To exercise any of these, use the contact form. You also have the right to complain to the UK Information Commissioner's Office (ICO) if you think your data has been mishandled.
8. Cookies
This site sets no tracking cookies. The Stripe checkout you are sent to may set its own cookies on Stripe's domain to process your payment securely.
9. Changes
I may update this policy; the current version is always the one published here, with the date shown above.
10. Contact
For anything about your data, use the contact form.