Last updated: March 1, 2026
At Citadex, security is foundational — not an afterthought. We handle brand-critical data and take that responsibility seriously. This page outlines the technical and organizational measures we employ to protect your data.
• All services are hosted on AWS with data centers in the US and EU regions.
• Production infrastructure runs in isolated VPCs with strict network access controls.
• Automated scaling and redundancy ensure 99.9% uptime SLA.
• All server instances are hardened following CIS benchmarks.
• All data in transit is encrypted using TLS 1.3.
• All data at rest is encrypted using AES-256.
• Database backups are encrypted and stored in geographically separate regions.
• API keys and secrets are managed through a secure vault system and never stored in source code.
• User authentication is handled via industry-standard OAuth 2.0 / OpenID Connect protocols.
• All passwords are hashed using bcrypt with per-user salts.
• Role-based access control (RBAC) is enforced at the application level.
• Internal access to production systems requires MFA and is logged for audit purposes.
• Our codebase follows OWASP Top 10 secure development practices.
• We perform regular dependency audits and automated vulnerability scanning.
• Input validation and output encoding are enforced to prevent injection attacks.
• All API endpoints require authentication and enforce rate limiting.
• We are committed to GDPR compliance for all users, including data minimization, right to erasure, and data portability.
• We do not sell, share, or monetize your data with third parties.
• Scan results and brand data are isolated per account — no cross-tenant data access is possible.
• For details, see our Privacy Policy.
• We maintain a documented incident response plan with defined escalation procedures.
• In the event of a security incident affecting your data, we will notify you within 72 hours as required by GDPR.
• Post-incident reviews are conducted to prevent recurrence.
We welcome security researchers to report vulnerabilities responsibly. If you discover a security issue, please contact us at:
Email: security@citadex.io
Please include a detailed description of the vulnerability and steps to reproduce. We commit to acknowledging your report within 48 hours and will work with you to resolve the issue promptly. We do not pursue legal action against researchers who act in good faith.
For security-related inquiries, contact us at:
Citadex Security Team
Email: security@citadex.io