Data Security
Citrix Aidan™ and your proprietary organizational data
Citrix Aidan enriches user conversations by providing contextual responses drawn from your organization’s data. To do so, it accesses content through APIs and various tools that allow Citrix Aidan to generate responses anchored in your specific organizational data. This data might include details about DaaS Machines and Sessions, and NetScaler® Inventory information.
Note:
User prompts, responses, and data accessed while using Citrix Aidan through APIs or tools are not used for training any Large Language Models (LLMs).
Citrix Aidan provides accurate, relevant, and contextual responses by combining content and deployment context. It is crucial to ensure that admins have the appropriate permissions to access organizational data, as Citrix Aidan only surfaces information accessible to individual admins. To manage access effectively, refer to the permissions outlined in the following topics to ensure that the correct users or groups have the appropriate access to content within your organization.
- Manage administrator access to Citrix Cloud
- Citrix DaaS Delegated Administration
- NetScaler Console service Role-Based Access Control
All the information, including prompts, retrieved data, and generated responses, remain within the Citrix service boundary when using Citrix Aidan.
Note:
We value customer feedback, which is entirely optional, as it helps us enhance Citrix Aidan and other Citrix services. Customer feedback is not used for training any LLMs that power Citrix Aidan.
Data stored about Citrix Aidan interactions
When an admin interacts with Citrix Aidan, we store data that includes the admin’s prompt and Citrix Aidan’s response, including citations to any information used to ground Citrix Aidan’s response. We store the details to provide chat history in the Citrix Aidan’s user interface (UI). This data is stored for seven days, and is not used to train or fine-tune any LLMs used by Citrix Aidan.
User chat interactions are sent as traces to the Observability platform for troubleshooting and product improvements. These traces have a retention period of 90 days.
Data Residency
Citrix Aidan stores data in multiple Microsoft Azure environments. These environments are in the United States and European Union. The storage location depends on the home region selected by the Citrix Cloud administrators when onboarding their organization to Citrix Cloud. For more information, see Geographical considerations.
Data Protection
Citrix Aidan protects the customers’ data by using the following security measures:
- Citrix Cloud authentication for the Citrix Aidan users. For information, see Identity and access management.
- Strong logical data isolation per customer or tenant in all data stores.
- TLS-encrypted data transfer between the various services and data stores, applicable for the public endpoints of the platform and within the platform.
- High standards in TLS endpoints. TLS 1.0 and TLS 1.1 are disabled.
- Encrypted data storage using encryption keys and secrets that are stored in appropriate Key Vaults.
- Strong user management access controls for service operations and support while protecting customer logs.
- Vulnerability scanning, intrusion detection, anti-malware, cloud security, web application security protection.
As with all Citrix Cloud™ services, data collection is subject to the End User Agreement. For more information and additional legal terms, see the following agreements:
- Citrix Aidan legal terms
- End User Agreements
- Privacy Policy
- Data Processing Addendum
- Services Security Exhibit
Responsible AI
As an AI-based application, Citrix Aidan implements the following responsible AI practices and guardrails:
- Moderation of inputs and filtering of outputs for specific categories of potentially harmful content (hate and fairness, sexual, violence, and self-harm).
- Blocking of attempts to lead the assistant to behave in unintended ways or reveal portions of the system message (prompt injection and jailbreaking).
- Filtering of output that substantially replicates material that is potentially protected or copyrighted.
Security Responsibility
Security responsibility is owned by both Citrix and the customers when using Citrix Aidan.
Citrix Responsibility
Citrix is responsible for securing all infrastructure and data residing on the Citrix-managed cloud environments that host Citrix Aidan. Citrix is responsible for applying regular software updates and patches on the cloud environment to address security vulnerabilities.
For more information about security provisions, see the following documents:
Customer Responsibility
Citrix customers are responsible for securing their systems that are integrated with Citrix Aidan, which include:
- Customer provided admin credentials for managing Citrix Cloud services.
- Customer owned admin accounts that receive emails or notifications from Citrix Cloud services.
- End user devices running web browsers to connect to Citrix Aidan from Citrix Cloud.
For more information about security provisions, see the following documents: