Security at Monitory

Cloud Hosting

Monitory is hosted on Amazon Web Services (AWS), leveraging AWS's world-class physical and network security infrastructure.

SOC 2 Type II Compliant Infrastructure

Our infrastructure is built on services that meet SOC 2 Type II standards for security, availability, and confidentiality.

Encryption

All data is encrypted at rest using AES-256 and in transit using TLS 1.2 or higher.

Penetration Testing

We conduct regular penetration testing and vulnerability assessments through qualified third-party security firms.

High Availability

Multi-region redundancy ensures platform availability even in the event of regional infrastructure disruptions.

Tenant Isolation

Customer data is logically isolated at the tenant level. No customer can access another customer's data under any circumstances.

Role-Based Access Control (RBAC)

Granular permissions ensure that users only access the data and features relevant to their role within the organization.

Audit Logging

All data access and modifications are logged with timestamps, user identifiers, and action details for full traceability.

Automated Backups

Data is backed up automatically with point-in-time recovery capabilities to protect against data loss.

Data Retention

Retention policies are aligned with individual customer contracts. Customers may request data deletion in accordance with their agreement and applicable law.

Secure Development Lifecycle (SDLC)

Security is integrated into every stage of our development process, from design through deployment.

Automated Security Scanning

Our CI/CD pipelines include static analysis (SAST), dependency scanning, and container image scanning before any code reaches production.

Third-Party Audits

We engage independent security firms to conduct regular audits and code reviews of our application.

Authentication

Monitory supports OAuth 2.0 and Single Sign-On (SSO) integration, allowing enterprises to enforce their existing identity and access management policies.

API Security

All API endpoints are authenticated via secure tokens with scoped permissions, rate limiting, and request validation.

Data Exclusivity

Customer sensor data is used exclusively for that customer's own models. Your data trains your models - no one else's.

No Cross-Tenant Training

We do not share or pool data across tenants for model training purposes.

Explainable AI

All predictions include confidence scores and contributing factors, ensuring transparency in every recommendation the platform makes.

Human-in-the-Loop

Critical maintenance decisions support human-in-the-loop validation, giving your team final authority over operational actions.

Model Versioning & Rollback

All models are versioned, enabling full auditability and the ability to roll back to previous model versions if needed.

SOC 2 Type II

Certification currently in progress. Our controls are designed to meet SOC 2 requirements for security, availability, processing integrity, confidentiality, and privacy.

GDPR

We support EU data subject rights including access, rectification, erasure, and portability.

CCPA

We comply with the California Consumer Privacy Act, including the right to know, delete, and opt out of the sale of personal information.

ISO 27001

Our information security management practices are aligned with ISO 27001 standards.

Regular Audits

We undergo periodic third-party audits to validate our security controls and identify areas for continuous improvement.

24/7 Monitoring

Our infrastructure and application are monitored around the clock with automated alerting for anomalous activity.

Incident Response Plan

We maintain a documented, tested incident response plan that covers detection, containment, eradication, recovery, and post-incident review.

Breach Notification

In the event of a confirmed data breach, affected customers will be notified within 72 hours in accordance with GDPR and applicable regulations.

Post-Incident Review

Every security incident is followed by a thorough review and remediation process to prevent recurrence.