This section provides information about our data transmission, storage, and backup protocols, including the protection of data in transit and at rest, data retention and deletion practices, and measures to prevent data loss.
We use PostgreSQL (PSQL) for data storage. This robust database management system lets us store data securely while maintaining accessibility and performance.
Data is stored in the customer's geographic location. As an additional layer of data protection, we use the AWS Backup system. This comprehensive solution enables full image backups, including the operating system (OS), system files, and data. We closely monitor backup server capacity and backup execution status daily, and an alert is automatically sent when disk usage exceeds 80%.
To ensure the effectiveness of the data recovery process, we conduct regular recovery testing. This testing is performed annually to verify that backup systems are functioning correctly and that data can be successfully recovered in the event of a disaster or system failure.
We do not collect or generate metadata about how your data is used through scanning technologies such as search engines or similar tools.
To securely transmit data over the internet, we use strong security measures such as TLS 1.2 and HTTPS encryption protocols. These industry-standard protocols ensure end-to-end protection of data in transit.
We use the advanced data protection features of AWS Backup. All AWS backups are encrypted using a unique, dedicated KMS key associated with the backup vault.
→ Learn more about how AWS KMS protects your data
Data at rest on EC2 instances is securely protected using AWS encryption solutions. This includes the implementation of AES-256 encryption, an industry-standard encryption algorithm well known for its reliability.
Encryption is performed at the disk level within the EC2 instance. AWS generates a Customer Managed Key (CMK) on our behalf. This encryption process is fully managed and owned by AWS, ensuring the highest level of security. Access to encryption keys is restricted to system administrators only.
AWS KMS keys can be configured to expire every 1 or 3 years and cannot be deleted immediately. There is a mandatory waiting period of 7 to 30 days before deletion. In addition, any customer-managed KMS key can be manually disabled or scheduled for deletion.
→Learn more about how AWS protects your data
We retain the following data:
Company name, name, email address, and contact number for creating a Monito Business account
Name and email address of test-takers managed by the enterprise administrator within the Monito Business account
Business account information is retained until the customer terminates the contract.
Unless the customer requests otherwise, the test-taker information uploaded by the customer's administrator for each exam on the business page is automatically destroyed 2 years after the exam end date. In addition, exam video information that test-takers consented to at the time of the exam is automatically destroyed 35 days after the exam end date.
Our data retention and deletion procedures comply with ISO 27001 and 27701, as well as the other certifications we hold.
Data is deleted as follows:
when an object is deleted from Amazon S3, the removal of the mapping from the public name to the object begins immediately and is generally processed across the distributed system within seconds. Once the mapping is removed, the deleted object can no longer be accessed externally.