CITRICLOUD — Building Digital Experiences

CITRICLOUD

Privacy Policy

Last updated 16 July 2026. How CITRICLOUD handles personal data across the website and platform.

EU-minded hosting

Core workloads designed for European residency expectations

No data sales

We do not sell personal data

Your rights

Access, correction, deletion, and other GDPR rights where applicable

Contact

admin@citricloud.com · Privacy subject line

1. Introduction

This Privacy Policy explains how CITRICLOUD (“we”, “us”) collects, uses, shares, and protects personal data when you visit citricloud.com, create an account, use the platform, or contact us.

We design the Services with European expectations in mind, including GDPR principles such as purpose limitation, data minimization, and security by design.

2. Controller and contact

CITRICLOUD is the controller for personal data processed via our public website, marketing communications, and customer accounts, unless an enterprise agreement designates a different arrangement.

Privacy inquiries: admin@citricloud.com with subject “Privacy”. Security reports may use the same inbox with subject “Security”.

3. Personal data we collect

Account and profile data: name, email, company, role, authentication identifiers, and preferences.

Billing data: plan selection, invoices, and payment metadata processed by our payment providers (we do not store full card numbers on our servers).

Usage and technical data: IP address, device/browser information, approximate location derived from IP, logs, diagnostics, and product analytics needed to operate and secure the Services.

Support and communications: messages you send via forms, email, or support channels, and related ticket metadata.

Customer Content: data you upload or process in workloads. We process Customer Content to provide the Services; you determine what personal data it contains.

4. How we use personal data

Provide, maintain, and secure the Services (including identity, abuse prevention, and incident response).

Create and manage accounts, tenants, billing, and customer support.

Communicate service notices, security alerts, and (with consent or soft opt-in where allowed) product updates. You can unsubscribe from marketing emails.

Improve reliability and features using aggregated or de-identified metrics where possible.

Comply with law, enforce Terms, and protect rights, safety, and integrity of the platform.

5. Lawful bases (GDPR)

Contract: processing needed to deliver the Services you request.

Legitimate interests: securing the platform, preventing fraud/abuse, improving reliability, and answering inquiries — balanced against your rights.

Consent: where required for optional cookies/marketing. You may withdraw consent at any time.

Legal obligation: where we must retain or disclose data to comply with law.

6. Cookies and similar technologies

We use necessary cookies for authentication, security, and preferences (for example theme). Analytics or marketing cookies, if introduced, will be disclosed and controlled via a consent mechanism where required.

You can control cookies through your browser settings. Disabling necessary cookies may break sign-in or preference features.

7. Sharing and processors

We do not sell personal data. We share data with processors who help us operate the Services (for example hosting, email delivery, payment processing, observability) under contractual confidentiality and security obligations.

We may disclose data if required by law, to protect rights and safety, or in connection with a merger, acquisition, or asset transfer (with appropriate safeguards).

Marketplace or third-party integrations you enable may receive data you instruct us to share; their privacy practices apply to that processing.

8. International transfers

We aim to host core platform workloads in the EU. Some subprocessors or support tooling may process data outside the EEA.

Where international transfers occur, we use appropriate safeguards such as EU Standard Contractual Clauses and supplementary measures as needed.

9. Retention

We retain personal data only as long as needed for the purposes above: account life plus a reasonable wind-down period; billing records as required by tax law; security logs for a limited operational window; and support tickets for continuity.

Customer Content retention follows your configuration and plan. After account closure we delete or anonymize data within a reasonable period unless law requires longer retention.

10. Security measures

We apply SOC2-minded controls including TLS, access management (including Authelia/Keycloak patterns), edge protections (WAF/HSTS), isolation for tenant workloads, and audit-friendly change management.

No system is perfectly secure. Please use strong authentication and report suspected incidents promptly via Contact or admin@citricloud.com.

11. Your rights

Depending on your location, you may have rights to access, rectify, erase, restrict, or object to certain processing, and to data portability. Where processing is based on consent, you may withdraw consent.

To exercise rights, email admin@citricloud.com with subject “Privacy rights”. We may need to verify your identity. You may also lodge a complaint with your local supervisory authority.

12. Children

The Services are not directed to children under 16 (or the minimum age required in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child provided data, contact us and we will take appropriate steps.

13. Automated decision-making

We do not use automated decision-making that produces legal or similarly significant effects about you without human involvement. Security automation (for example rate limiting or abuse detection) may temporarily restrict access to protect the platform.

14. Changes to this policy

We may update this Privacy Policy. Material changes will be posted here with a new “Last updated” date and, where appropriate, communicated by email or in-product notice.

15. Contact

Privacy and data-protection questions: admin@citricloud.com or the Contact page. For product security topics, see Security. For contractual terms, see Terms of Service.

© 2026 CITRICLOUD. All rights reserved.