Security-First by Design
citk is built from the ground up with enterprise security in mind. Here's how we protect your data.
Infrastructure
- Cloud-hosted with provider-managed physical security
- Network isolation between tenant environments
- Infrastructure deployed via code for reproducibility
- Automated backups with point-in-time recovery
Data Protection
- AES-256 encryption at rest for all stored data
- TLS 1.3 encryption for all data in transit
- Multi-tenant data isolation at the database level
- Configurable data retention and deletion policies
Access Controls
- Role-Based Access Control (RBAC) with granular permissions
- SSO via OIDC for enterprise identity providers
- SCIM 2.0 provisioning for automated user lifecycle
- Session management with configurable timeouts
Application Security
- Input validation and output encoding (OWASP Top 10)
- Dependency scanning for known vulnerabilities
- Code review required for all changes
- Structured audit logging for every user action
Compliance Roadmap
We are building toward formal compliance certifications. Here is where we stand today.
RBAC & Audit LoggingShipped
SSO / OIDC IntegrationShipped
SCIM 2.0 ProvisioningShipped
Data Encryption (at rest & in transit)Shipped
GDPR Data Processing AddendumIn Progress
SOC 2 Type II CertificationPlanned
Third-Party Penetration TestingPlanned
ISO 27001 CertificationFuture
Responsible Disclosure
If you discover a security vulnerability, we appreciate your help in disclosing it responsibly. Please report any issues to our security team and we will respond promptly.
Contact our security team →Questions about our security?
We are happy to discuss our security posture in detail. Reach out anytime.