This page is the single index for every legal and compliance document published by Cited. Each link below leads to a dedicated page covering one topic; no topic is split across multiple pages.
Privacy and data protection
- Privacy Policy – US-focused privacy disclosure covering CCPA, HIPAA and applicable state privacy laws.
- Data Protection Statement – Andorran-law disclosure under LQPDP 29/2021, including APDA contact details and a reference to our Data Protection Impact Assessment.
- Cookie Policy – How we use cookies and other tracking technologies, and how to control them.
- Source Attributions – License attributions for the external data sources, APIs and datasets we connect to.
Compliance and standards
- Compliance Handbook – Plain-English summary of the regulatory frameworks, ISO standards and internal policies that govern the platform.
- Security Overview – Information security posture, ISMS controls, encryption standards and current certification status.
- Subprocessors – Current and planned third parties with access to Protected Health Information, including BAA status.
- AI Disclaimer – AI Management System summary, FDA non-device CDS qualification criteria, and platform guardrails.
- Methodology – How our replication-weighted retrieval, citation enforcement and paradigm-aware clinical engines work.
Disclosures and ethics
- Disclosures – Corporate disclosures, FDA non-device CDS qualification reasoning and regulatory status.
- No Conflict of Interest – Declaration that Cited accepts no pharmaceutical, payer or advertiser funding.
- Accessibility – WCAG 2.2 AA conformance statement covering all customer-facing surfaces.
Contracts and agreements
- Business Associate Agreement (BAA) – Template availability, scope and the procedure for executing a BAA with Cited.
- Terms of Service – Master commercial terms governing access to and use of the Cited platform.
Operational transparency
- System Status – Current platform availability and a 30-day audit log of incidents and maintenance events.
Our approach to legal documentation
Each topic on this page has exactly one canonical source: if you need to know how Cited handles a specific legal obligation, one link answers the question completely. Changes to any of these pages propagate from our internal policies within 30 days of the effective date, so the public record stays current without requiring you to track internal versions. The underlying policies and procedures are kept private because they contain operational specifics that, if published verbatim, would not assist most readers and could in some cases weaken our security posture; the substance, in summary form, is available through the links above.
Contact
Privacy and data subject rights: [email protected]
Data Protection Officer: [email protected]
Security disclosures and bug bounty: [email protected]
Compliance, procurement and vendor questionnaires: [email protected]