Privacy Policy
Last updated: 12 July 2026
This policy explains how we handle personal data when you visit keepcite.com and its country pages. We keep data collection to a minimum: no cookies, no analytics, no advertising trackers.
1. Who is responsible (controller)
The controller under the EU General Data Protection Regulation (GDPR) is:
Chirimoya OÜTartu mnt 67/1-13b
10115 Tallinn, Estonia
Email: hello@keepcite.com
2. What we process, why, and on what legal basis
a) Free compliance-scan form
When you submit the scan form, we collect your store URL, your email address, and a hidden field indicating which market or page you submitted from. We use this solely to prepare and send you the requested accessibility scan and to reply to your enquiry.
The form is processed by Web3Forms, a third-party form-to-email service, which transmits your submission to us and processes it on its servers for that purpose. See the Web3Forms privacy policy.
Legal basis: Art. 6(1)(b) GDPR (steps taken at your request prior to a contract) and Art. 6(1)(f) GDPR (our legitimate interest in responding to enquiries).
b) Approximate geolocation on page load
To show content relevant to your country (for example, the fines that apply where you sell), your browser makes a request to ipapi.co when the page loads. In doing so, ipapi.co processes your IP address — which is personal data under the GDPR — and returns an approximate country. The lookup happens in your browser and we do not store your IP address. See the ipapi.co privacy policy.
Legal basis: Art. 6(1)(f) GDPR (our legitimate interest in presenting country-relevant information). If the lookup fails or is blocked, the site simply shows the EU-wide default.
c) Hosting and server logs
The site is hosted on GitHub Pages (GitHub, Inc.). When you access the site, GitHub's servers automatically process technical data — including your IP address, the requested URL, and the time of the request — in server logs, to deliver the site and keep it secure and stable. See the GitHub Privacy Statement.
Legal basis: Art. 6(1)(f) GDPR (our legitimate interest in a secure, reliably delivered website).
d) Privacy-friendly website analytics
We use Plausible Analytics to understand aggregate site usage (for example, page views and referring sites). Plausible is cookieless and collects no personal data: it sets no cookies, does not track you across sites or over time, and creates no persistent identifiers. Metrics are aggregated and cannot be used to identify you. Plausible is operated by an EU company (Plausible Insights OÜ, Estonia) and processes data within the EU. See the Plausible data policy.
Legal basis: Art. 6(1)(f) GDPR (our legitimate interest in understanding and improving our website).
3. Cookies and tracking
We set no cookies. Our website analytics (Plausible) is cookieless and collects no personal data. We use no advertising and no cross-site tracking, and no profiling or automated decision-making takes place on this site.
4. Recipients and international transfers
Personal data may be processed by the service providers named above: Web3Forms, ipapi.co, GitHub (GitHub Pages), and Plausible Analytics. Some of these providers may process data outside the European Economic Area (for example, in the United States). Where that is the case, transfers are safeguarded by mechanisms such as the EU Standard Contractual Clauses and/or the EU–U.S. Data Privacy Framework. We do not otherwise sell or share your personal data.
5. Retention
We keep scan-request submissions only as long as needed to handle your request and any resulting business relationship, and delete them when they are no longer required. Server logs held by GitHub are retained according to GitHub's own policies.
6. Your rights
Under the GDPR you have the right to: access your data (Art. 15); rectification (Art. 16); erasure (Art. 17); restriction of processing (Art. 18); data portability (Art. 20); and to object to processing based on our legitimate interests (Art. 21). To exercise any of these, email hello@keepcite.com.
You also have the right to lodge a complaint with a supervisory authority — in Estonia, the Data Protection Inspectorate (Andmekaitse Inspektsioon, aki.ee), or the authority in your country of residence.
7. Changes to this policy
We may update this policy as our services or the applicable law change. The current version is dated at the top of this page.