This Data and Security Policy applies to Monogold Apps customers, not to general users of this website.
Effective Date: 2017-10-08
This document describes the data and security policy (“Data and Security Policy”) applicable in the delivery of Monogold Limited’s (“Monogold”) Monogold Apps software service (“Service”) to its customers (“You”) who have accepted and agreed to the terms of service associated with the Service (“Agreement”).
Capitalized terms not defined in this document have the meaning stated in the Agreement.
This Data and Security Policy includes two sections: “A. Data Policy” and “B. Security Policy”.
1. Hosting Infrastructure.The hosting infrastructure of the Service and Your Data is currently provided by Amazon Web Services (aws.amazon.com), a service that provides multiple geographical hosting locations, comprehensive facility and infrastructure security, and extensive network and security monitoring systems. The physical loction of the server instance(s) of the Service provided to You depends on Your preference as specified in the Order Documents.
2. Data Storage and Replication. Your Data is stored in a primary database for database objects, and in a dedicated documents database for uploaded digital documents. The database objects in the primary database is continually replicated in near real-time to one or more secondary databases. Data replication provides redundancy, increases data availability, and also allows the Service to recover from hardware failure and service interruptions.
3. Data Backup. Your Data, both database objects and digital documents, is automatically backed-up on a regular basis to a different storage device for longer-term storage. In case of failure of both the primary and secondary databases (see section A2), Your object database Data can always be restored from the backup storage. The potential loss of database object data in such cases is limited to four (4) hours by default, or such period as You specify in the Order Documents.
5. Data Audit Trail. The Service logs all creations of data; changes to data; and deletions of data, thereby providing a complete data audit trail. Data audit trails are stored for a minimum period of 180 days, or such minimum period as You configure through the Service.
7. Data Quantity. The quantity of Your Data stored using the Service will vary depending on the type of Your operation, the change over time in Your operation, Your data replication requirements, and Your data backup requirements. Certain standard data quantities are provided in the price of the Service by default, but should You deem these quantities to be insufficient, You can increase such data quantity provisions in the initial or subsequent Order Documents and be billed by Monogold accordingly.
1. User Credentials. Each Private User requires a user ID and password to access the Service. Unique user IDs are created by You. You can initiate automatic email distribution of new user IDs to Private Users through the Service and each Private User will need to create a password before accessing the Service the first time.
2. User Authentication. In addition to standard authentication through user ID and password, the Service may provide increased authentication security through a two-factor authentication method.
3. Passwords. Monogold employs and provides the following policies and Service capabilities with regard to Private Users’ passwords:
4. User Sessions. After successful user authentication a user session is generated consisting of a random session ID that is stored in the User's Internet browser to preserve and track session state.
5. User Session Logs. The Service logs all Private User sessions after successful user authentication, including date and time of sign-in and sign-out and the type of browser used. User session logs are stored for a minimum period of 180 days, or such minimum period as You configure through the Service.
6. User Session Timeout. The Service will automatically sign-out Private Users who have been inactive for more than 15 minutes, or such period as You configure through the Service.
7. Malicious Code. Monogold will not introduce any malicious code (such as computer viruses) to the Service or to Your Data. The Service does not include scanning of digital documents during upload by You, and while such digital documents will not be executed in the Service in a way which may damage or compromise the Service, You are required to take adequate measures to ensure that digital documents are free of malicious code prior to upload to the Service.
8. Data Encryption. The Service uses industry-accepted encryption standards to protect Your Data in transit and at rest as follows: