As users of our own product, we understand how important the security and privacy of your data is.
As well as all data being encrypted and backed up hourly, we also track all the latest security community outputs, promptly upgrade our services to fix new vulnerabilities and constantly make sure we are using the latest technology available.
Please see below for more detailed information on our policies and practices:
All transmissions to and from monday.com, including sign-on, are encrypted at 256-bit and sent through TLS 1.2, adhering to the FIPS 140-2 certification standard.
External Security Audits and Penetration Tests
We work closely with industry leaders in web app and infrastructure security who perform penetration tests and audits of monday.com. We monitor our product for security vulnerabilities automatically as the product grows.
Secure Physical Location
Our servers are located in Amazon's AWS data centers. They've devoted an entire portion of their site to explaining their security measures, which you can find here.
Our engineering and operation teams keep their skills up to date regarding security best practices. We have coded many different online systems and are experienced in infrastructure security and systems security.
We're committed to making monday.com a highly available service that you can always count on.
We take measures and build the product to tolerate a failure of individual components and we make sure to keep the service up while doing maintenance work on our infrastructure.
All of the data is backed up hourly to multiple disks. Backups are encrypted and distributed to various locations.
Attachments in your account are encrypted and delivered on a per-user-access controlled basis.
We know the data you share in monday.com is private and confidential. We have strict controls over our employees' access to internal data and we are committed to ensuring that your data is never seen by anyone who should not see it.
With that said, the operation of monday.com wouldn't be possible without a few members having access to our databases in order to optimize performance and storage. This team is prohibited from using these permissions to view customer data without explicit, written permission from the user.
**Note: If you are interested in even more security, check out our Enterprise plan. Plans include; Two-Factor Authentication, an Audit Log, and more advanced security features.