Your licensing data powers your business. We take its protection seriously — from encryption at every layer to tenant isolation in every query. Here's how we keep your data safe.
Encryption
Your data is encrypted in transit and at rest — no exceptions.
Data in Transit
All API communication is encrypted via TLS 1.2+. HTTPS is enforced on every endpoint — no plaintext connections are accepted.
Data at Rest
Azure Cosmos DB provides automatic encryption at rest using Microsoft-managed keys (AES-256). Your data is encrypted before it hits disk.
License Keys
License signatures use RSA cryptographic signing for offline verification. Keys are generated server-side and never exposed in plaintext.
Infrastructure
Built on Microsoft Azure with enterprise-grade reliability.
Cloud Platform
Hosted entirely on Microsoft Azure — Azure Functions for compute, Azure Static Web Apps for the portal, and Azure Cosmos DB for data.
Region
Data is stored in Azure regions with geo-redundancy options. Contact us for specific data residency requirements.
Monitoring
Application Insights provides real-time monitoring, alerting, and diagnostics. We detect and respond to anomalies before they impact you.
Authentication & Access
Industry-standard identity management with strict tenant isolation.
Identity
Azure AD B2C handles identity management with industry-standard OAuth 2.0 and OpenID Connect protocols. No custom authentication code.
API Security
Token-based authentication on every API call. Input validation, parameterized queries, and CORS restrictions protect against common attack vectors.
Tenant Isolation
Each reseller and customer operates in isolated data partitions. Cross-tenant data access is architecturally impossible — enforced at the query level.
Data Handling
Clear policies on retention, deletion, and privacy.
Retention
Data is retained while your account is active, plus 30 days after cancellation for recovery purposes.
Deletion
Account data is permanently deleted after the retention period. Deletion is irreversible and includes all associated licensing data.
GDPR
Designed with GDPR principles: data minimization, right to access, and right to deletion. Request your data or its removal at any time.
No Credit Cards
Monaiq is payment-agnostic. Credit card data never touches Monaiq infrastructure — your payment provider handles all sensitive financial data.
Responsible Disclosure
We value the security research community. If you discover a vulnerability, please report it responsibly via email at security@monaiq.com. We'll acknowledge receipt within 48 hours and work with you to resolve the issue.