Security
Last updated: July 2023
We take data security and privacy very seriously. Below we are sharing information on our practices to give you confidence in how we secure the data entrusted to us.
Highlights:
- Monadd is ad-free and we do not use intrusive cookies to track anyone across websites
- Monadd passed a security audit including penetration testing by an independent security evaluator. Last evaluation successfully passed July 2023
- Monadd stores only the minimum data needed to provide its services
- All data is encrypted using the AES-256 encryption
We welcome suggestions as to how we can improve in that regard, email us as outlined in the disclosure procedure below.
How do we keep your data safe?
We structure our data storing according to the Information Commissioner's Office standards and comply with GDPR regulations. We also protect your data and keep it private; that is, we don't use your data for any other purpose other than identifying your providers and communicate with them. We have an easy-to-read Privacy Policy that explains and outlines all the tools we use: https://monadd.io/privacy-policy
- All communications between you, us and any third-party provider are encrypted so no one can listen in to what we are communicating to any party.
- Every piece of data stored in our database is encrypted using AES-256 the standard encryption algorithm used by the American Federal Government.
- We pseudonymise your data wherever possible by removing any identifying info we don't need from our database.
- We have an additional legally binding Data Transfer Agreement with service providers that maintains your confidentiality and limits them only to use your address information to update their records.
- We back our data regularly.
How often do you undergo security audits?
We undergo security audits every year and as necessary. We share the letters of our assessments with the tests performed, methodologies and results per request.
How do you guarantee your communications via email are secure?
We implemented SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail) and DMARC (Domain-based Message Authentication Reporting & Conformance) permissions to ensure our email connections are secure, authenticated to avoid spoofing, forgery, and prevent spam.
Also, we use Transport Layer Security (TLS) that uses encryption to protect the transfer of data and information.
Application Level Security
- Account passwords are hashed. Our staff can't even view them. If you lose your password, it can't be retrieved—it must be reset.
- We never let your information leave our zone of control; it is never included in any outgoing communication and is only accessible through dedicated interfaces through our web app.
Responsible Disclosure
If you discovered a vulnerability in the Monadd application, server, or any other part of our stack, please do not share it publicly. Instead, please submit a report to us by emailing us at disclosure@monadd.io.