Auditable, reproducible, defensible.
Cited Brands sells per-brand citation data to enterprise procurement teams. Procurement needs more than a logo wall — POPIA compliance, B-BBEE status, data residency, published methodology, and a clear disclosure policy. This page is the standing answer.
POPIA + privacy.
We process personal information in line with the Protection of Personal Information Act, 2013. The Information Officer is registered with the SA Information Regulator and reachable at privacy@citedbrands.co.za. Data subject access requests are responded to within 30 days. Full policy at /privacy and /popia.
B-BBEE.
Cited Brands (Pty) Ltd is structured as a black-majority-owned SA private company. We target B-BBEE Level 1, with verification by an accredited agency (BVA / AQRate / EmpowerLogic / Honeycomb BEE) completing in Q3 2026. Until certified, the public footer reads “B-BBEE Level 1 pending”; on certification the certificate PDF will be available at /legal/b-bbee-certificate.pdf.
Data residency.
Primary storage: Microsoft Azure, EU West region. Some operational tools (Anthropic, OpenAI, Google AI APIs; PostHog; Cloudflare) operate global infrastructure — those flows rely on POPIA §72 cross-border transfer mechanisms (standard contractual clauses, adequate-protection assessments). Full processor list in the privacy policy.
Methodology + reproducibility.
Every metric published on a Cited Brands page is computed from a versioned dataset that ships as a tagged Git commit per quarter. Per-brand JSON-LD Dataset schemas declare the variables measured, the date, and the licence. The full methodology — question set, LLM coverage, Latin Square debiasing, parsing accuracy, source classification rules — is at /methodology.
Security posture.
HTTPS-only with HSTS preload. Strict CSP, X-Frame-Options DENY, X-Content-Type nosniff, Referrer-Policy strict-origin-when-cross-origin, Permissions-Policy camera/mic/geolocation off. Cloudflare WAF at the edge. SOC 2 Type I audit scheduled Q4 2026. Penetration test by a SA SaaS-focused firm scheduled before Series A close.
Disclosure policy.
Per-brand citation reports are independent research published under SA Copyright Act §12 (criticism, comment, research, reporting) and nominative trademark fair use. We have no commercial relationship with measured brands unless explicitly stated. Every brand page carries a sticky notice + a one-click correction form that writes to our review queue. Disputes are resolved within 5 business days. Larger queries: legal@citedbrands.co.za.
System status.
Live operational status at status.citedbrands.co.za (provisioned Q3 2026, alongside the Azure deployment). Until then, subscribe to incident notifications via status@citedbrands.co.za.
We’ll send the procurement pack on request.
DPA template, SOC 2 readiness questionnaire, B-BBEE certificate, POPIA Information Officer registration. One email and you’ll have everything procurement asks for.
trust@citedbrands.co.za →