citesvue
Trust center

The evidence layer
your security team can sign off on.

Citesvue handles the recordings teams use to make the most consequential decisions in their week. We engineer it like that's true.

Read the policiesRequest the security pack
Privacy

Built so the recording can disappear, but the evidence remains.

Every recording you upload is processed once. The structured evidence layer — quotes, frames, artifacts — persists. The raw media file is deleted by default after processing completes. Account closure triggers full GDPR-aligned right to erasure across every system, including derived data.

  • Raw media deletion

    Auto-purged after the evidence layer is built. Configurable retention on Team and Enterprise.

  • Tenancy isolation

    Per-row access controls enforced at every query — never application-only.

  • Audit log

    Every access, export, and integration push is logged and exportable.

Encryption

TLS 1.3 in transit. AES-256 at rest. No exceptions.

All traffic to and from Citesvue is encrypted in transit with TLS 1.3 and modern cipher suites. All data at rest — recordings, transcripts, derived artifacts, embeddings — is encrypted with AES-256-GCM. Keys are managed in a hardware-backed KMS with per-tenant envelope encryption.

  • Transit

    TLS 1.3 only. Strict HSTS. Certificate transparency monitoring.

  • At rest

    AES-256-GCM with per-tenant envelope keys. KMS-rotated quarterly.

  • Backups

    Encrypted daily snapshots. 30-day point-in-time recovery on Team+.

Compliance

Pragmatic, predictable, and on a public roadmap.

We publish what we comply with — and what we’re working on. No vague badges, no ambiguous claims. The compliance roadmap is shared with every customer who needs it, with target dates and audit partners named.

  • GDPR

    Aligned. DPA available on request, EU SCCs in place for cross-border transfers.

  • SOC 2 Type II

    In progress with target audit Q4 — readiness assessment complete.

  • HIPAA · ISO 27001

    On the public roadmap. Available for Enterprise pilots on request.

Enterprise controls

For the security and legal teams who need to sign things.

Citesvue’s Enterprise track gives you the tools you need to defend the deployment to your security org: SSO, custom data residency, retention policy controls, and the option to deploy on your own infrastructure.

  • SSO

    SAML 2.0 / OIDC with SCIM provisioning. Tenant-level enforcement.

  • Residency

    EU and US processing regions. Pin to a single region. Standard SCCs for cross-border flows.

  • Deployment options

    Cloud-managed (default), single-tenant cloud, or on-premise on your own VPC.

Need more

Security pack, DPA, sub-processor list — all on request.

We'll send a packaged security review (current controls, in-flight certifications, sample audit log) within one business day.

Request the packTalk to Enterprise