Monarch's security and privacy protocols:
https://www.monarchmoney.com/
Additional information about Monarch's security below.
Our security practices include (but are not limited to):
* We generally encrypt everything, whether that's at-rest, in transit, etc.
* We host our infrastructure on AWS with proper network-level controls.
* We also limit what we need to store. For instance, we never see/store your bank login (that's handled by our data partners, and you can see what systems they have in place)
* At the app-level we use restrictive Content Security Policies to help mitigate many of the common web vulnerabilities.
* We run a Vulnerability Detection Program to help identify any vulnerabilities.
* We run periodic security audits and penetration tests.
* We perform role-specific security training for new employees (also periodic for existing employees).
* We have onboarding/off-boarding processes for anyone with access to key systems.
* We conduct an audit/assessment of any vendors we use to check their practices ("vendors" here includes hosting like AWS which is obviously SOC2 etc, data providers like Plaid/Mastercard/MX, etc).
* Access to user data is generally restricted (except for Customer Support or debugging) and we keep an audit trail of all access.
* We have processes in place to handle major incidents (whether it's related to uptime, potentially to security, etc). We luckily have never had any.
We're not SOC2-certified, but it's on our roadmap for 2024. In reality, we're doing most of the motions, it's just a matter of taking the time to do the audit and tick all the check-boxes. Generally, the vendors we rely on for anything sensitive are SOC2 compliant (for instance, for bank connectivity we rely on Plaid, Mastercard, and MX).
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article