Security

Infrastructure

Mondian runs on Railway (EU region) with Supabase for authentication and database. All infrastructure is hosted in SOC 2 compliant data centers. We use isolated environments for production, staging, and development.

Data Encryption

• In transit — TLS 1.3 for all connections
• At rest — AES-256 encryption for stored data
• Credentials — API keys and tokens encrypted with per-tenant keys

Tenant Isolation

Every query enforces organization-level and workspace-level isolation. Row-Level Security (RLS) is enabled on all database tables. One tenant can never access another tenant's data, even in case of application bugs.

Access Control

Mondian uses role-based access control (RBAC) with four levels: Owner, Admin, Member, and Viewer. Every API endpoint validates permissions before processing requests.

Code Execution Sandbox

When Mondian's agent runs code (Python for analysis, forecasting, etc.), it executes in an isolated sandbox with no network access. The sandbox cannot reach external services, your database, or other tenants' data. Files are transferred through a controlled SDK — never directly.

AI Safety

Mondian always asks for your approval before taking external actions (sending emails, updating prices, posting to Slack). The agent cannot bypass the confirmation gate. All agent actions are logged in a full audit trail.

Audit Logging

Every agent action, data access, and configuration change is logged with timestamp, user, and details. Audit logs are immutable and available to organization admins.

Reporting Vulnerabilities

If you discover a security vulnerability, please report it to security@mondian.ai. We take all reports seriously and will respond within 24 hours.