About the platform

The Monopolis team have backgrounds building technology solutions in privacy and security-focused industries such as digital, retail and investment banking. Now even more than ever, we recognise the utmost importance of platform security and the integrity of your data. As such, Monopolis has been built from the ground up using technologies which embrace industry-standard security and encryption.

What Monopolis can do with your data

Monopolis functions on the "Principle of least privilege" - that is that we only ever ask for access to resources and APIs which are required for it to operate. The granularity of this access is dependent on the underlying VCS provider permission model, and in some cases Monopolis may be granted privileges that are never utilised.

Access patterns to customer data resolve into two main categories:

  1. Background processing - where Monopolis receives and acts on signals for automation purposes (API or time-based). All actions triggered by Monopolis will be performed as the Monopolis entity.
  2. Acting on behalf of pre-authenticated users - through actions performed by them in the UI. Monopolis will never act on behalf of a user without their explicit action.

Crucially, Monopolis never accesses the source code from the main part of any customer repository, other than explicitly user-configured filesets and the contents of generated CI/CD workflows.

System authorization

In order to function, Monopolis stores expiring user-to-system and system-to-system access tokens which are granted to it via APIs provided by the underlying VCS provider. If stored, tokens are "encrypted at rest" - meaning they are never persisted in an unencrypted form.

Data retention policies

In addition to our Privacy Policy, it should be noted that Monopolis fully complies with the data-retention policies of any host VCS provider platform we work with. Customer data is retained only whilst that customer has an open plan with us, and all collected data is deleted within a suitable period following the termination of that relationship. Monopolis Cloud Limited may retain anonymised usage, metrics and other non-identifiable data for analysis purposes past this date.