The Monopolis team have backgrounds building technology solutions in privacy and security-focused industries such as digital, retail and investment banking. Now even more than ever, we recognise the utmost importance of platform security and the integrity of your data. As such, Monopolis has been built from the ground up using technologies which embrace industry-standard security and encryption.
Monopolis functions on the "Principle of least privilege" - that is that we only ever ask for access to resources and APIs which are required for it to operate. The granularity of this access is dependent on the underlying VCS provider permission model, and in some cases Monopolis may be granted privileges that are never utilised.
Access patterns to customer data resolve into two main categories:
Crucially, Monopolis never accesses the source code from the main part of any customer repository, other than explicitly user-configured filesets and the contents of generated CI/CD workflows.
In order to function, Monopolis stores expiring user-to-system and system-to-system access tokens which are granted to it via APIs provided by the underlying VCS provider. If stored, tokens are "encrypted at rest" - meaning they are never persisted in an unencrypted form.
In addition to our Privacy Policy, it should be noted that Monopolis fully complies with the data-retention policies of any host VCS provider platform we work with. Customer data is retained only whilst that customer has an open plan with us, and all collected data is deleted within a suitable period following the termination of that relationship. Monopolis Cloud Limited may retain anonymised usage, metrics and other non-identifiable data for analysis purposes past this date.