Keeping all areas secure
Last updated: June 2021
We take data security and privacy very seriously. Below we are sharing information on our practices to give you confidence in how we secure the data entrusted to us.
Monadd is ad-free and we do not use intrusive cookies to track anyone across websites
Monadd passed a security audit including penetration testing by an independent security evaluator in 2020 and 2021
Monadd stores only the minimum data needed to provide its services
All data is encrypted using the AES-256 encryption
We welcome suggestions as to how we can improve in that regard, email us as outlined in the disclosure procedure below.
How do we keep your data safe?
All communications between you, us and any third-party provider are encrypted so no one can listen in to what we are communicating to any party.
Every piece of data stored in our database is encrypted using AES-256 the standard encryption algorithm used by the American Federal Government.
We pseudonymise your data wherever possible by removing any identifying info we don't need from our database.
We have an additional legally binding Data Transfer Agreement with service providers that maintains your confidentiality and limits them only to use your address information to update their records.
We back our data regularly.
How often do you undergo security audits?
We undergo security audits every year and as necessary. We share the letters of our assessments with the tests performed, methodologies and results per request.
How do you guarantee your communications via email are secure?
We implemented SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail) and DMARC (Domain-based Message Authentication Reporting & Conformance) permissions to ensure our email connections are secure, authenticated to avoid spoofing, forgery, and prevent spam.
Also, we use Transport Layer Security (TLS) that uses encryption to protect the transfer of data and information.
Application Level Security
Account passwords are hashed. Our staff can't even view them. If you lose your password, it can't be retrieved—it must be reset.
We never let your information leave our zone of control; it is never included in any outgoing communication and is only accessible through dedicated interfaces through our web app.
If you discovered a vulnerability in the Monadd application, server, or any other part of our stack, please do not share it publicly. Instead, please submit a report to us by emailing us at firstname.lastname@example.org.