CITRICLOUD
Privacy Policy
Last updated 16 July 2026. How CITRICLOUD handles personal data across the website and platform.
EU-minded hosting
Core workloads designed for European residency expectations
No data sales
We do not sell personal data
Your rights
Access, correction, deletion, and other GDPR rights where applicable
Contact
admin@citricloud.com · Privacy subject line
1. Introduction
This Privacy Policy explains how CITRICLOUD (“we”, “us”) collects, uses, shares, and protects personal data when you visit citricloud.com, create an account, use the platform, or contact us.
We design the Services with European expectations in mind, including GDPR principles such as purpose limitation, data minimization, and security by design.
2. Controller and contact
CITRICLOUD is the controller for personal data processed via our public website, marketing communications, and customer accounts, unless an enterprise agreement designates a different arrangement.
Privacy inquiries: admin@citricloud.com with subject “Privacy”. Security reports may use the same inbox with subject “Security”.
3. Personal data we collect
Account and profile data: name, email, company, role, authentication identifiers, and preferences.
Billing data: plan selection, invoices, and payment metadata processed by our payment providers (we do not store full card numbers on our servers).
Usage and technical data: IP address, device/browser information, approximate location derived from IP, logs, diagnostics, and product analytics needed to operate and secure the Services.
Support and communications: messages you send via forms, email, or support channels, and related ticket metadata.
Customer Content: data you upload or process in workloads. We process Customer Content to provide the Services; you determine what personal data it contains.
4. How we use personal data
Provide, maintain, and secure the Services (including identity, abuse prevention, and incident response).
Create and manage accounts, tenants, billing, and customer support.
Communicate service notices, security alerts, and (with consent or soft opt-in where allowed) product updates. You can unsubscribe from marketing emails.
Improve reliability and features using aggregated or de-identified metrics where possible.
Comply with law, enforce Terms, and protect rights, safety, and integrity of the platform.
5. Lawful bases (GDPR)
Contract: processing needed to deliver the Services you request.
Legitimate interests: securing the platform, preventing fraud/abuse, improving reliability, and answering inquiries — balanced against your rights.
Consent: where required for optional cookies/marketing. You may withdraw consent at any time.
Legal obligation: where we must retain or disclose data to comply with law.
8. International transfers
We aim to host core platform workloads in the EU. Some subprocessors or support tooling may process data outside the EEA.
Where international transfers occur, we use appropriate safeguards such as EU Standard Contractual Clauses and supplementary measures as needed.
9. Retention
We retain personal data only as long as needed for the purposes above: account life plus a reasonable wind-down period; billing records as required by tax law; security logs for a limited operational window; and support tickets for continuity.
Customer Content retention follows your configuration and plan. After account closure we delete or anonymize data within a reasonable period unless law requires longer retention.
10. Security measures
We apply SOC2-minded controls including TLS, access management (including Authelia/Keycloak patterns), edge protections (WAF/HSTS), isolation for tenant workloads, and audit-friendly change management.
No system is perfectly secure. Please use strong authentication and report suspected incidents promptly via Contact or admin@citricloud.com.
11. Your rights
Depending on your location, you may have rights to access, rectify, erase, restrict, or object to certain processing, and to data portability. Where processing is based on consent, you may withdraw consent.
To exercise rights, email admin@citricloud.com with subject “Privacy rights”. We may need to verify your identity. You may also lodge a complaint with your local supervisory authority.
12. Children
The Services are not directed to children under 16 (or the minimum age required in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child provided data, contact us and we will take appropriate steps.
13. Automated decision-making
We do not use automated decision-making that produces legal or similarly significant effects about you without human involvement. Security automation (for example rate limiting or abuse detection) may temporarily restrict access to protect the platform.
14. Changes to this policy
We may update this Privacy Policy. Material changes will be posted here with a new “Last updated” date and, where appropriate, communicated by email or in-product notice.
15. Contact
Privacy and data-protection questions: admin@citricloud.com or the Contact page. For product security topics, see Security. For contractual terms, see Terms of Service.
© 2026 CITRICLOUD. All rights reserved.