Trust & security

Security

How your data is protected, where it is hosted, and how to reach us if you find a security issue.

Where your data lives

Montyris is a company registered in the Netherlands, and your data is hosted in the European Union with OVH SAS (France). Data is encrypted in transit, and we process only what is needed to run the screening service, in line with the principles of the GDPR, such as data minimisation and purpose limitation.

We never hold your payment-card details: paid plans are sold and billed through the Apple App Store and Google Play, so card data is handled by them, not by us. For the full picture of what we collect and why, see our privacy notice.

How we approach security

Our security practices are organised around the NIST Cybersecurity Framework, and our servers are hardened following the CIS Benchmarks for the software we run. We keep dependencies up to date and review them for known vulnerabilities as part of routine maintenance.

We describe these practices honestly and do not claim any security certification we do not hold.

Reporting a security issue

If you believe you have found a security vulnerability in our website or app, please tell us at info@montyris.com. We will acknowledge your report, investigate, and keep you informed.

We ask that you give us a reasonable opportunity to address the issue before disclosing it publicly, and that you avoid accessing, changing, or deleting data that is not your own, and avoid anything that would disrupt the service for other people. Acting in good faith along these lines, we will not pursue action against you for your research.

Our machine-readable contact details are published at /.well-known/security.txt.