Security

Our security philosophy

Monitoristic is built and operated by Solvix Studio. We take a layered approach to security: defensive controls at the network, application, and data layers, regular review of our subprocessors, and a bias toward fewer moving parts.

Infrastructure

The Monitoristic application and its primary data store run on Cloudflare's global edge network, with compute distributed across Cloudflare's points of presence. Data is encrypted at rest by our infrastructure provider.

Transport security

All connections to Monitoristic use HTTPS with modern TLS. HTTP Strict Transport Security (HSTS) is enforced across our domains.

Authentication & session security

Account access is protected by session-based authentication using secure, HTTP-only cookies with conservative expiry. Sign-up and authentication endpoints are protected by automated abuse-detection challenges and rate-limited at the edge.

Password protection

Passwords are processed through a modern, salted key-derivation function with parameters aligned to OWASP recommendations. Hash comparison is performed in constant time. We never see or store plaintext passwords, and we are not able to recover a forgotten password — only reset it via verified email.

Application defenses

Monitor target URLs are validated at creation and update time to prevent the platform from being used to reach internal, private, or otherwise restricted network resources. All incoming webhooks — including those from our payments partner — are cryptographically signature-verified before processing.

Domain & DNS security

Our domain is DNSSEC-signed end-to-end. Outbound mail is authenticated via SPF and DMARC. We publish DNS for AI Discovery (DNS-AID) records for verifiable agent discovery.

Data handling & retention

The personal data we collect, the lawful basis for processing it, retention periods, and your rights as a data subject are described in detail in our Privacy Policy. We collect only what's required to operate the service.

Resilience

Customer data is stored on managed infrastructure with automated backups. Our systems are continuously monitored for availability and integrity.

Compliance posture

Monitoristic's data processing practices are aligned with the General Data Protection Regulation (GDPR). International transfers rely on Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework, as applicable.

• Breach notification: Personal data breaches that pose a risk to data subjects are notified to affected users and supervisory authorities within statutory timeframes (72 hours under GDPR Art. 33).
• Subject Access Requests: Acknowledged within 48 hours.
• Right of withdrawal: 14 days on all paid plans (see our Refund Policy).

Subprocessors

A current list of the third-party providers we engage to deliver and operate the service is published at /subprocessors. We will announce material changes via our changelog at least 14 days before they take effect.

Vulnerability disclosure

If you believe you've found a security issue affecting Monitoristic, please report it to [email protected]. We aim to acknowledge reports within 48 hours and prefer coordinated disclosure. Our /.well-known/security.txt follows RFC 9116.

For procurement teams

If your security review requires additional technical detail, a standalone Data Processing Agreement, or other procurement documentation, contact [email protected] — we respond within 48 hours.

Contact

• Security issues: [email protected]
• Response time: 48 hours for security reports; same SLA as Subject Access Requests.

This page was last updated on June 3, 2026. Monitoristic is operated by Solvix Studio.