Security Disclosures

12.1 Infrastructure Security

Our platform is hosted on Vercel with Supabase providing database and authentication services. Both providers maintain SOC 2 Type II compliance and implement comprehensive security controls.

12.2 Data Protection Measures

We implement: TLS 1.2+ encryption for all data in transit; encryption at rest for stored data; Supabase Row Level Security (RLS) for multi-tenant data isolation ensuring that each agent's data is only accessible to that agent; regular dependency and vulnerability scanning; secure API authentication for all third-party integrations; and role-based access controls.

12.3 Responsible Disclosure

If you discover a security vulnerability in the Montaic platform, we encourage you to report it responsibly. Please send reports to security@montaic.com. We ask that you: provide a detailed description of the vulnerability; allow us reasonable time to investigate and remediate before public disclosure; and avoid accessing or modifying other users' data.

12.4 Incident Response

In the event of a security incident affecting your data, we will: notify affected users within 72 hours; provide a clear description of the incident and affected data; describe the remediation steps taken; and offer guidance on any actions you should take.

12.5 Insurance

Montaic maintains commercially reasonable insurance coverage for its operations, including coverage for technology errors and omissions and cyber liability.