Skip to content
Trust & security

What we do, what we don't do, and what's in flight.

An honest summary of how Monity handles the URLs you point at it, the evidence each alert preserves, and the procurement materials your security team can have on request.

What Monity actually does

A URL-based monitor. Nothing more, nothing less.

Monity loads the public web pages you ask it to load, on the schedule you set, and tells you when they change. It is not a social-listening firehose, an OSINT engine, or a data broker. The scope of what Monity touches is exactly the URLs in your workspace.

What we store per check

The rendered HTML, a screenshot, a text-only snapshot, a diff against the previous check, and the AI summary that fired the alert. Tied to your workspace, retained per your plan.

What we never touch

Anything you did not give us a URL for. We do not crawl, scrape adjacent pages, train models on your monitors, or sell page data to anyone. The pages you watch are yours.

Authenticated monitoring

Optional on paid plans. Stored credentials are encrypted at rest with per-workspace keys. Cookie / OAuth sessions and SSO-protected pages supported on Business + Enterprise.

Data handling

How the data is handled.

In transit
TLS over HTTPS for every connection between your browser, the app, and the URLs we monitor on your behalf.
At rest
Workspace data and monitor history are stored on a major cloud provider with encryption at rest.
Credentials
If you save login credentials for authenticated monitoring, they are encrypted and only used to load the pages you have asked us to watch.
What we collect
The URLs you tell us to watch, the page contents we capture per check, the alerts generated, and the email / payment details needed to run your account.
What we do not
We do not crawl beyond the URLs you give us, sell page data, or train AI models on your monitor list. The pages you watch are yours.
Deletion
You can delete any monitor (or your whole account) from the app. We act on deletion requests within a reasonable window and remove the underlying data.
What we have today

We're a young product. Here's the honest version.

Lots of trust pages list certifications the company doesn't actually have yet. This isn't one of those pages. If your procurement team needs a specific certification before they can use Monity, email [email protected] and we'll be straight with you about where we are.

Available today
  • GDPR-aligned data handling — minimal collection, deletion on request, no model training on your monitors
  • Data Processing Agreement (DPA) on request
  • Privacy policy and Terms of Service published publicly
  • Status page for service availability and incidents
  • Vulnerability reports via [email protected]
Not yet

We don't claim certifications we don't have. As of today, we do not hold:

  • SOC 2 (Type I or Type II)
  • ISO 27001
  • HIPAA BAA

If your team requires one of these to onboard a vendor, that's good context for us — write to [email protected] and we'll tell you honestly whether we're the right fit yet.

If something goes wrong

How we handle incidents and disclosures.

Service incidents

Tracked on our public status page.

Data incidents

If something happens to data we hold for you, we will notify affected workspace admins as soon as we have a clear picture, and in line with our GDPR obligations.

Vulnerability reports

Email [email protected] with reproduction steps. We will acknowledge as soon as we see it and work with you in good faith on a fix.

Procurement contact

For DPA requests, sub-processor questions, or anything your security team needs in writing, email [email protected].

Security posture

Monity is built for teams that monitor commercially sensitive web pages, vendor portals, pricing pages, regulatory sources, and public evidence trails. The platform is designed around least-privilege access, encrypted transport, audit-friendly change history, and source-linked alert records.

Compliance documentation

Enterprise buyers can request Monity’s current security documentation package, including DPA materials, sub-processor information, control summaries, and security questionnaire responses. SOC 2, ISO 27001, HIPAA/BAA, and customer-specific requirements should be confirmed through the sales and security review process before they are relied on in procurement.

Data protection

Monitor data, screenshots, diffs, and alert metadata are treated as business-confidential information. Monity supports role-based access, team workspaces, protected credentials for authenticated monitoring, and data residency discussions for business and enterprise deployments.

Audit evidence

Every alert is designed to preserve the page URL, timestamp, detected change, before/after context, and routing destination so compliance, legal, product, and revenue teams can review what changed without reconstructing evidence manually.

Customer proof

Published customer stories, logos, quotes, and quantified outcomes should only appear after written approval. Example stories and internal sales drafts must stay out of the public index until the proof package is complete.

Security contact

For security reviews, vendor assessments, SOC 2 or ISO roadmap questions, HIPAA/BAA requirements, or sub-processor requests, contact the Monity team through the sales form and include your procurement timeline.

For your security team

Need something for procurement?
We'll send it within a business day.

DPA, sub-processor list, security questionnaire — email [email protected] and we'll get back to you with the right materials for your review.

Email [email protected] Talk to sales
  • GDPR-aligned
  • DPA on request
  • Honest about what we have
2 humans online Median reply: 47 minutes

Have a question?

Pricing, security, or scoping - pick a route and you will land in a real person's inbox.

S Talk to sales Pricing and scoping H Get support Help with a monitor D Book a demo 30-minute walkthrough