// security.policy

Security & Compliance

Your privacy and data security are our top priorities. Mondaily is built in full compliance with GDPR and CCPA standards. To guarantee the highest level of security, our application hosting and database infrastructure is managed by Vercel and Supabase — both of which maintain SOC 2 Type II security certifications, with Vercel also holding ISO 27001 certification.

// ai-sovereignty

Sovereign-first AI architecture

Mondaily runs on a sovereign-first AI architecture. AI inference runs on a private AI gateway, web search runs on a self-hosted sovereign search appliance, and your data is workspace-isolated — every AI request is scoped to your workspace and can't read another's.

  • Source-backed AI answers, with human-approved agent actions — agents prepare, you approve
  • No silent fallback to third-party AI providers; your data isn't used for training unless you explicitly approve it
  • Google and Outlook are optional, client-authorized integrations — email and calendar data is accessed only after you connect an account, stays workspace-scoped, and can be disconnected any time; they are not core AI infrastructure
  • Stripe is our payment processor — card numbers live with Stripe, never stored by Mondaily, and are never accessible to AI tools
// gdpr

GDPR Compliant Architecture

We process personal data in line with the EU General Data Protection Regulation. This includes:

  • A clear legal basis for any data we collect
  • Full account and data deletion on request
  • Data portability — export your records at any time
  • Data Processing Agreements (DPA) available for enterprise customers
// ccpa

CCPA Data Protected

For California residents, Mondaily does not sell personal information. You have the right to:

  • Know what personal data we hold about you
  • Request deletion of your personal data
  • Opt out of any data sale (we do not sell data)
// infrastructure

Hosting Infrastructure: ISO 27001 & SOC 2

100% of our application hosting and database infrastructure is managed by trusted, independently audited providers:

  • Vercel — application hosting & edge network
  • Supabase — database & backend infrastructure

For the current status of their certifications, see vercel.com/security and supabase.com/security.

// contact

Questions

For security or compliance questions, including data deletion requests, contact privacy@mondaily.com.