This Data and Security Policy applies to Monogold Apps customers, not to general users of this website.
Effective Date: 2014-12-18
This document describes the data and security policy (“Data and Security Policy”) applicable in the delivery of Monogold Limited’s (“Monogold”) Monogold Apps software service (“Service”) to its customers (“You”) who have accepted and agreed to the terms of service associated with the Service (“Agreement”).
Capitalized terms not defined in this document have the meaning stated in the Agreement.
This Data and Security Policy includes two sections: “A. Data Policy” and “B. Security Policy”.
1. Hosting Infrastructure.The hosting infrastructure of the Service and Your Data is provided by Amazon Web Services (aws.amazon.com), a service that provides multiple geographical hosting locations, comprehensive facility and infrastructure security, and extensive network and security monitoring systems. The physical loction of the server instance(s) of the Service provided to You depends on Your preference as specified in the Order Documents.
2. Data Storage and Replication. Your Data is stored in a primary database for database objects, and in a dedicated documents database for uploaded digital documents. The database objects in the primary database is continually replicated in near real-time to one or more secondary databases. Data replication provides redundancy, increases data availability, and also allows the Service to recover from hardware failure and service interruptions.
3. Data Backup. Your Data, both database objects and digital documents, is automatically backed-up on a regular basis to a different storage location for longer-term storage. In case of failure of both the primary and secondary databases (see section A2), Your object database Data can always be restored from the backup storage. The potential loss of database object data in such cases is limited to four (4) hours by default, or such period as You specify in the Order Documents.
4. Data Return and Deletion. Your Data will be returned to You within 10 days of termination of the Agreement provided You request Monogold to do so. Your Data will be returned in JavaScript Object Notation (JSON) format for database objects and digital documents will be returned in their native formats. If You do not request Monogold to return Your Data upon termination of the Agreement, Monogold will retain Your Data in an inactive state for 90 days, following which it will be safely and completely removed from the Service, without means for You to get it back. You will be notified by Monogold thirty (30) days prior to such final removal of Your Data.
5. Data Audit Trail. The Service logs all creations of data; changes to data (including changes to content in data object attributes/fields); and deletions of data, thereby providing a complete data audit trail. Data audit trails are stored for a minimum period of 180 days, or such minimum period as You configure through the Service. The data audit trail is accessible for browsing and export by You via the Service.
6. Data Portability. You can export Your Data, including uploaded digital documents, via the Service at any time for storage in another location. Exported database objects are provided in JavaScript Object Notation (JSON) format, and digital documents in their native formats.
7. Data Quantity. The quantity of Your Data stored using the Service will vary depending on the type of Your operation, the change over time in Your operation, Your data replication requirements, and Your data backup requirements. Certain standard data quantities are provided in the price of the Service by default, but should You deem these quantities to be insufficient, You can increase such data quantity provisions in the initial or subsequent Order Documents and be billed by Monogold accordingly.
1. User Credentials. Each User requires a user ID and password to access the Service. User IDs are created by You and the initial password is randomly generated by the Service. You can initiate automatic email distribution of the user ID and password to each User through the Service. The User will need to change the initial password when accessing the Service the first time.
2. User Authentication. In addition to standard authentication through user ID and password, You can opt to add increased authentication security through a time-based one-time password (“TOTP”), or "two-step authentication", method for Users access to the Service (or to parts of the Service). TOTP may be used, for example, in conjunction with Google Authenticator on mobile phones.
3. Passwords. Monogold employs and provides the following policies and Service capabilities with regard to Users’ passwords:
4. User Sessions. After successful user authentication a user session is generated consisting of a random session ID that is stored in the User's Internet browser to preserve and track session state.
5. User Session Logs. The Service logs all user sessions, including information on user ID, date and time of sign-in and sign-out, IP address used, browser used. User session logs are stored for a minimum period of 180 days, or such minimum period as You configure through the Service. The user session logs are accessible for browsing and export by You via the Service.
6. User Activity Logs. The Service logs user activity, including pages visited and actions taken. User activity logs are stored for a minimum period of 30 days, or such minimum period as You configure through the Service. The user activity logs are accessible for browsing and export by You via the Service.
7. User Session Timeout. The Service will automatically sign-out Users who have been inactive for more than 15 minutes, or such period as You configure through the Service.
8. Malicious Code. Monogold will not introduce any malicious code (such as computer viruses) to the Service or to Your Data. The Service does not include scanning of digital documents uploaded by You, and while such digital documents will not be executed in the Service in a way which may damage or compromise the Service, You are required to take adequate measures to ensure that digital documents are free of malicious code prior to upload to the Service.
9. Data Encryption. The Service uses industry-accepted encryption standards to protect Your Data in transit and at rest as follows: