Data Security

Citobots.com (“Citobots,” “we,” “our,” or “us”) is committed to protecting the confidentiality, integrity, and availability of business and customer data processed through our AI-powered customer support platform. This Data Security overview describes the technical and organizational measures we maintain to safeguard information entrusted to us.

1. Data Encryption

  • All data at rest is encrypted using AES-256 encryption.
  • All data in transit is encrypted using TLS 1.3.
  • Chat logs, training data (website content, uploaded documents, and FAQs), and end-customer inputs are encrypted and protected at every stage of processing.

2. Access Control

  • Role-Based Access Control (RBAC) restricts system and data access to authorized personnel based on job function.
  • Multi-Factor Authentication (MFA) and Single Sign-On (SSO) are available to secure account access.
  • Detailed audit logs record access to sensitive systems and data for monitoring and compliance purposes.

3. Infrastructure & Availability

  • Citobots is hosted on enterprise-grade cloud infrastructure (including Cloudflare) with redundancy designed to support a 99.9% uptime target.
  • Our infrastructure follows SOC 2 Type II-aligned security practices.
  • Regional data residency options are available for customers with specific compliance or data localization requirements.

Requests relating to end-user data collected through a customer's chatbot should first be directed to that business, as the data controller for its own customers. Requests relating to Citobots account holders may be sent to [privacy@citobots.com].


4. Data Isolation

  • Each business account operates within a logically isolated environment.
  • Customer data is never used to cross-train other customers' chatbots, and training data is not shared across accounts.
  • Business data is not used to train external or third-party foundation models beyond what is required to deliver the Citobots service.

5. Security Monitoring & Incident Response

  • We maintain internal procedures to detect, investigate, and respond to potential security incidents.
  • In the event of a data breach affecting customer or end-user data, affected customers will be notified without undue delay, and in accordance with applicable law.

6. Data Retention & Deletion

  • Customer account data, training content, and chat logs are retained for as long as the account remains active, or as otherwise required to provide the service.
  • Upon account closure or upon written request, Citobots will delete or anonymize customer data within [30] days, except where retention is required by law.

7. Your Responsibilities

    While Citobots secures the platform and underlying infrastructure, customers remain responsible for maintaining the confidentiality of their account credentials, configuring appropriate access permissions for their team members, and ensuring that any content uploaded for chatbot training does not include data they are not authorized to share.