Citadel: What It Does and How Your Data Is Protected

What Does Citadel Do?

Citadel is a security tool installed by your organization to help protect company devices, accounts, and applications from cyberattacks and data breaches. It operates inside your browser and on your computer to:

  • Enforce IT security policies (like blocking unsafe websites, checking password quality, and making sure your hard disk is encrypted)
  • Help the IT/security team detect malware and prevent sensitive data leaks
  • Track and manage company software license use securely

What Data Does Citadel Access?

Citadel is designed with privacy in mind. Here’s what it does and does not access:

What’s Accessed or Logged

  • Web application usage:
    Tracks how often you uses web applications (e.g., Teams, Salesforce), and with which account.

    • Does NOT track usage on non-work, unauthenticated websites (e.g. blogs or Google search).
    • Does NOT track the amount of time you spend on each application.

  • Security events:
    Logs only events related to security or company IT policy (such as blocked sites, certificate errors, dangerous extensions, or downloads that are flagged as dangerous by the browser).

  • Download/Upload Metadata:
    Records basic information (filename, location, file size) when files are downloaded, uploaded, or printed through your browser.

    • Does NOT access the actual file contents.

  • Password Checks:
    Checks the quality of passwords for work accounts locally.

    • Does NOT export or store your actual password. Only a secure, unreadable “hash” and password quality indicators are recorded, and ONLY on your computer.
    • Does NOT store information about passwords for sites that are not work-related.

  • Web Navigation:
    Stores a cryptographic “hash” (a scrambled version) of website addresses only locally, to allow investigation after incidents.

    • These hashes cannot be reversed or used to view your browsing history.
    • stores the information ONLY on your computer.

  • Device Information:
    Monitors if your device follows company security rules, like which approved applications/extensions are installed, or the state of the firewall.

    • Does NOT access personal files or details about non-work activity.

What’s Not Accessed

  • Camera and microphone:
    Never accessed.
  • Messages or web content:
    Does not read the contents of your emails, messages or web pages.
  • Personal browsing:
    Does not track you when you use the internet for personal business.
  • No central Citadel database:
    Citadel does not send your data to a special Citadel company or server. Security logs stay on your device or are sent only to your company’s (protected) security system.

How Is My Privacy Protected?

  • Data Minimization:
    Citadel collects only what is strictly necessary for IT security and compliance.
  • Local Storage and Secure Reporting:
    Data is kept on your device and only shared with your company’s existing security tools when genuinely required for security purposes.
  • Anonymization:
    Where possible, only anonymized (“hashed”) information is stored.
  • Strict Access Controls:
    Only authorized, “need-to-know” security staff can access Citadel data.
  • Transparency & Rights:
    • You are informed of what is tracked.
    • You can request access to your Citadel data, or have it corrected or deleted.
  • No Profiling or Marketing:
    Citadel does not build marketing profiles or monitor private browsing.
  • Opt-Out Options:
    If you have particular privacy concerns, contact IT/security—settings can be reviewed or adjusted as needed.

Why Is This Necessary?

Citadel helps protect you and the company from viruses, data leaks, and accidental or intentional violations of important security rules. It enables your organization to meet legal and compliance requirements, all while respecting your privacy as much as possible.

Questions or concerns?
Reach out to your IT or security team. You have the right to know what Citadel tracks and how your data is used.