Security controls
Identity, edge protections, tenant isolation, and GitOps change integrity documented for procurement and engineering reviews.
CITRICLOUD
Security, privacy, and operational transparency in one place — built for builders and procurement alike.
Controls, policies, and status — not marketing slogans.
CITRICLOUD ships with SOC2-minded defaults: identity at the edge, TLS everywhere, isolated tenant workloads, and reviewable GitOps changes.
This Trust Center collects the documents and contact paths customers use during security reviews, renewals, and onboarding.
Pillars
Four continuous commitments — documented, operable, and owned by the platform team.
Identity, edge protections, tenant isolation, and GitOps change integrity documented for procurement and engineering reviews.
EU-minded hosting defaults, clear retention practices, and a Privacy Policy that maps to how the platform actually runs.
Public status, incident communication paths, and operational runbooks so customers know what “up” means.
SOC2-minded control inventory, questionnaire support, and architecture reviews for Scale and enterprise buyers.
If it cannot be observed, rolled back, or explained, it is not finished.
Trust is not a PDF. It is how changes land in production, how identity gates sensitive surfaces, and how we tell you when something breaks.
Artifacts
Edge, identity, isolation, and reporting paths.
Open →What we collect, lawful bases, and your rights.
Open →Service agreement and acceptable use.
Open →Necessary vs optional cookies and controls.
Open →Realtime health and incident history.
Open →Vuln reports and questionnaire intake.
Open →We aim to host core platform workloads in the EU. Enterprise agreements can document residency expectations for your workloads.
Yes — Authelia 2FA for operators and Keycloak federation patterns for tenant identity. Enterprise plans add SSO depth and dedicated review.
Send it via Contact or admin@citricloud.com with subject Security. We map questions to platform controls and share relevant artifacts.
Status page updates for platform incidents, plus direct customer communication for impact that affects your tenants.
Need a deeper review?
Send questionnaires or schedule an architecture walkthrough with our team.