Keeping all areas secure
Last updated: December 2019
We are taking data security and privacy very seriously. We recognise that we store and share information that is important to you. Below we are sharing information on our practices to give you confidence in how we secure the data entrusted to us.
If you have a suggestion as to how we can improve in that regard, email us as outlined in the disclosure procedure below.
How do we keep your data safe?
All communications between you, us and any third-party provider are encrypted so no one can listen in to what we are communicating to any party.
Every piece of data stored in our database is encrypted using AES-256 the standard encryption algorithm used by the American Federal Government.
We pseudonymise your data wherever possible by removing any identifying info we don't need from our database.
We have an additional legally binding Data Transfer Agreement with service providers that maintains your confidentiality and limits them only to use your address information to update their records.
We back our data up regularly.
How often do you undergo security audits?
We undergo security audits every year and as necessary. We share the letters of our assessments with the tests performed, methodologies and results per request.
How do you guarantee your communications via email are secure?
We implemented SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail) and DMARC (Domain-based Message Authentication Reporting & Conformance) permissions to ensure our email connections are secure, authenticated to avoid spoofing, forgery, and prevent spam.
Also, we use Transport Layer Security (TLS) that uses encryption to protect the transfer of data and information.
Application Level Security
Account passwords are hashed. Our staff can't even view them. If you lose your password, it can't be retrieved—it must be reset.
We never let your information leave our zone of control; it is never included in any outgoing communication and is only accessible through dedicated interfaces through our web app.
If you discovered a vulnerability in the Monadd application, server, or any other part of our stack, please do not share it publicly. Instead, please submit a report to us by emailing us at .