Security

How CitraInsight protects your data at every layer

1. Encryption at Rest

AES-256 Encryption

All data stored in the CitraInsight database is encrypted at rest using AES-256, the same standard used by banks and government agencies. Database-level encryption is managed by DigitalOcean’s managed PostgreSQL service with encrypted storage volumes.

2. Encryption in Transit

TLS 1.3

All communication between agents and the CitraInsight server uses TLS 1.3. Older TLS versions (1.0, 1.1) are rejected. Certificate pinning is enforced on the agent side to prevent man-in-the-middle attacks. All API endpoints are HTTPS-only.

3. Agent Credential Protection

Windows DPAPI

Agent authentication tokens are encrypted using the Windows Data Protection API (DPAPI), tied to the machine’s system account. Tokens are never stored in plaintext. Even if the agent binary is copied to another machine, the token cannot be decrypted.

4. Authentication & Access Control

Layer	Mechanism
Admin login	Email + password with bcrypt hashing (salt per user)
Session tokens	JWT (HS256) with 60-minute expiry + 7-day refresh tokens
Agent auth	Unique API key per organisation, DPAPI-encrypted on endpoint
OTP verification	6-digit OTP via AWS SES, 10-minute expiry, rate-limited (3/hour)

5. Role-Based Access Control (RBAC)

CitraInsight implements a granular RBAC system with 31 atomic permissions across the following roles:

Role	Description
Super Admin	Full access — manage admins, billing, settings, all data
Admin	Manage systems, view all data, generate reports
Analyst	View dashboards and reports, no system management
Viewer	Read-only access to assigned data only

Permissions are enforced server-side on every API request. The dashboard UI hides controls the user cannot access, but the real enforcement happens at the API layer.

6. Agent Permissions & Restrictions

What the agent CAN do:

Read WMI data (hardware, OS, installed software)
Read process list (name, path — not memory contents)
Read registry keys related to software installation
Read PE headers of executable files (publisher, version)
Send encrypted HTTPS requests to the CitraInsight server
Run as a Windows service (CitraInsight)

What the agent CANNOT do:

Write, modify, or delete any file on the system
Kill, block, or alter any running process
Access file contents, documents, or user data
Record keystrokes, screenshots, or audio/video
Modify registry entries or system settings
Scan the network or probe other machines
Execute arbitrary code or download payloads
Communicate with any server other than the CitraInsight API

7. Audit Trail

Every administrative action in CitraInsight is logged with:

Timestamp (UTC)
Admin identity (email, role)
Action type and target
IP address
SHA-256 hash referencing the previous log entry

This creates a tamper-evident, append-only hash chain. If any log entry is altered or deleted, the chain breaks and the tampering is immediately detectable.

8. Infrastructure Security

Hosting: DigitalOcean droplet, Bangalore region (BLR1)
Database: DigitalOcean Managed PostgreSQL with automated backups, connection pooling, and encrypted storage
Firewall: Only ports 80 (redirect to 443), 443 (HTTPS), and 22 (SSH, key-only) are open
OS hardening: Unattended security updates, fail2ban, SSH key-only authentication

9. Data Isolation

All organisation data is logically isolated at the database level. Every query is scoped to the authenticated organisation’s ID. There is no cross-tenant data access. API keys are unique per organisation and cannot be used to access another organisation’s data.

10. Backup & Recovery

7 daily automated backups
4 weekly automated backups
Point-in-time recovery available
Backups are encrypted and stored in the same region (Bangalore)
Recovery tested quarterly

11. Incident Response

Detection: Automated monitoring for anomalous access patterns, failed auth attempts, and API abuse
Containment: Immediate isolation of affected systems
Notification: Data Protection Board of India notified within 72 hours; affected customers notified without unreasonable delay
Remediation: Root cause analysis and fix deployed
Post-mortem: Written report provided to affected customers

12. Vulnerability Reporting

If you discover a security vulnerability in CitraInsight, please report it responsibly. We take every report seriously.

Responsible Disclosure

Email: security@citrainsight.in
We will acknowledge receipt within 24 hours
We will provide an initial assessment within 72 hours
We will not take legal action against good-faith security researchers
Please do not publicly disclose the vulnerability until we have had a reasonable opportunity to address it

For security-related questions, contact security@citrainsight.in