Security

Security is a core part of how CiteMind builds and operates products, APIs, and MCP integrations. We use layered controls to protect customer data and service integrity.

Security Controls

Our controls include, where applicable:

1. Encrypted transport using HTTPS/TLS.

2. Authentication and scoped authorization for API and MCP access.

3. Token lifecycle management, including revocation support.

4. Request and audit logging for monitoring and investigation.

5. Access controls for internal systems and operational tooling.

Application and Infrastructure Security

We apply secure development practices intended to reduce vulnerabilities in code, dependencies, and deployment configuration. Infrastructure providers are selected for operational reliability and security capabilities.

Data Protection

We implement safeguards designed to protect data confidentiality, integrity, and availability. Access to data is limited to personnel and systems with a legitimate need to operate or support the service.

Incident Response

We maintain incident handling procedures for detection, triage, containment, remediation, and post-incident analysis. If required by law or contract, impacted customers are notified without undue delay.

Responsible Disclosure

If you believe you have identified a security issue, please report it privately with enough detail to reproduce and validate the finding. Do not access data that is not yours, and do not disrupt service availability.

Report potential vulnerabilities at hello@citemind.com.

Shared Responsibility

Customers are responsible for secure configuration in their own environments, protecting credentials, rotating compromised tokens, and following least-privilege principles in downstream integrations.