Security at Monaire
Keeping your HVAC, energy, and building data secure is central to Monaire's mission. We design our platform, infrastructure, and internal processes to protect confidentiality, integrity, and availability of your data at every step.
Keeping your HVAC, energy, and building data secure is central to Monaire's mission. We design our platform, infrastructure, and internal processes to protect confidentiality, integrity, and availability of your data at every step.
Last updated: November 25, 2025
Last updated: November 25, 2025
Our Security Principles
Monaire's security and privacy program is guided by a set of core principles:
Least privilege access
Access to systems and data is granted only to team members who need it to perform their job, and is reviewed regularly.
Access to systems and data is granted only to team members who need it to perform their job, and is reviewed regularly.
Defense in depth
Multiple layers of controls across infrastructure, applications, and people reduce the impact of any single control failing.
Multiple layers of controls across infrastructure, applications, and people reduce the impact of any single control failing.
Secure by default
We use secure defaults, encrypted channels, and hardened configurations for all production systems.
We use secure defaults, encrypted channels, and hardened configurations for all production systems.
Continuous improvement
Security controls, processes, and training are reviewed and improved on an ongoing basis.
Security controls, processes, and training are reviewed and improved on an ongoing basis.
Transparency
We aim to clearly explain how we protect your data and how you can work securely with Monaire.
We aim to clearly explain how we protect your data and how you can work securely with Monaire.
Security & Privacy Governance
Security and privacy at Monaire are overseen by our leadership and implemented by our engineering and operations teams. Together, they define policies, enforce controls, and monitor compliance.
Documented information security and data protection policies.
Formal processes for risk assessment, vendor review, and change management.
Alignment of technical and organizational measures with Monaire's Terms & Conditions and Privacy Policy.
Compliance & Data Protection
Monaire is built to support our customers' obligations under data protection laws (such as SOC2 and similar frameworks) and SaaS industry expectations.
Data processing & privacy
Data processing & privacy
Data processing & privacy
Our collection and use of personal data are described in the Monaire Privacy Policy.
Our collection and use of personal data are described in the Monaire Privacy Policy.
Our collection and use of personal data are described in the Monaire Privacy Policy.
Customer agreements
Customer agreements
Customer agreements
Customer use of Monaire is governed by the Terms & Conditions.
Customer use of Monaire is governed by the Terms & Conditions.
Customer use of Monaire is governed by the Terms & Conditions.
Data location
Data location
Data location
Monaire uses reputable cloud providers with strong physical, environmental, and logical controls, including ISO 27001 and SOC2 certifications.
Monaire uses reputable cloud providers with strong physical, environmental, and logical controls, including ISO 27001 and SOC2 certifications.
Monaire uses reputable cloud providers with strong physical, environmental, and logical controls, including ISO 27001 and SOC2 certifications.
Data Protection
Data in Transit
Data in Transit
Data in Transit
All connections use modern TLS to protect data in transit. We configure our services to reject obsolete protocols and weak cipher suites.
All connections use modern TLS to protect data in transit. We configure our services to reject obsolete protocols and weak cipher suites.
All connections use modern TLS to protect data in transit. We configure our services to reject obsolete protocols and weak cipher suites.
Data at Rest
Data at Rest
Data at Rest
Customer data stored in our databases is encrypted at rest using provider mechanisms. Access is tightly controlled and logged.
Customer data stored in our databases is encrypted at rest using provider mechanisms. Access is tightly controlled and logged.
Customer data stored in our databases is encrypted at rest using provider mechanisms. Access is tightly controlled and logged.
Backups & Recovery
Backups & Recovery
Backups & Recovery
Monaire maintains regular, automated, encrypted backups. We periodically test restoration to ensure business continuity.
Monaire maintains regular, automated, encrypted backups. We periodically test restoration to ensure business continuity.
Monaire maintains regular, automated, encrypted backups. We periodically test restoration to ensure business continuity.
Infrastructure & Network Security
Cloud Infrastructure
Cloud Infrastructure
Cloud Infrastructure
The platform is hosted on top cloud providers offering robust security, redundancy, and independently audited controls (ISO 27001, SOC 2/3).
The platform is hosted on top cloud providers offering robust security, redundancy, and independently audited controls (ISO 27001, SOC 2/3).
The platform is hosted on top cloud providers offering robust security, redundancy, and independently audited controls (ISO 27001, SOC 2/3).
Network Security
Network Security
Network Security
Segregation of production and non-production environments.
Restricted inbound access and centrally managed firewall rules.
Logging and monitoring of access and critical events, including anomaly-based alerts.
Segregation of production and non-production environments.
Restricted inbound access and centrally managed firewall rules.
Logging and monitoring of access and critical events, including anomaly-based alerts.
Segregation of production and non-production environments.
Restricted inbound access and centrally managed firewall rules.
Logging and monitoring of access and critical events, including anomaly-based alerts.
Access Control
Access Control
Access Control
Access is limited to authorized personnel, with strong authentication. Administrative actions are logged and periodically reviewed.
Access is limited to authorized personnel, with strong authentication. Administrative actions are logged and periodically reviewed.
Access is limited to authorized personnel, with strong authentication. Administrative actions are logged and periodically reviewed.
Application Security
Secure Development Lifecycle
Secure Development Lifecycle
Secure Development Lifecycle
Changes are peer-reviewed, tested, and deployed via automated pipelines—improving quality and response to bugs/security fixes.
Changes are peer-reviewed, tested, and deployed via automated pipelines—improving quality and response to bugs/security fixes.
Changes are peer-reviewed, tested, and deployed via automated pipelines—improving quality and response to bugs/security fixes.
Vulnerability Management
Vulnerability Management
Vulnerability Management
Automated tools detect vulnerable dependencies and insecure code patterns.
Regular library/dependency updates as ongoing maintenance.
Vulnerability remediation prioritized by risk.
Automated tools detect vulnerable dependencies and insecure code patterns.
Regular library/dependency updates as ongoing maintenance.
Vulnerability remediation prioritized by risk.
Automated tools detect vulnerable dependencies and insecure code patterns.
Regular library/dependency updates as ongoing maintenance.
Vulnerability remediation prioritized by risk.
Penetration Testing
Penetration Testing
Penetration Testing
Monaire may engage independent specialists to test security; findings are tracked and remediated according to severity.
Monaire may engage independent specialists to test security; findings are tracked and remediated according to severity.
Monaire may engage independent specialists to test security; findings are tracked and remediated according to severity.
Identity & Access Management
Authentication and authorization controls limit access to data and features to appropriate users.
Secure password handling and session management.
Role-based access controls (RBAC) for customer accounts and admin tools.
Support for additional controls (such as MFA) where appropriate.
Regular review of high-privilege access.
Corporate Security & Employee Training
Strong platform security relies on strong organizational security. We apply controls to devices, tools, and practices used by team members.
Endpoint security
Endpoint security
Endpoint security
Company endpoints use disk encryption, screen lock, and baseline protections.
Company endpoints use disk encryption, screen lock, and baseline protections.
Company endpoints use disk encryption, screen lock, and baseline protections.
Access to internal systems
Access to internal systems
Access to internal systems
Internal tools require authenticated, least-privilege access.
Internal tools require authenticated, least-privilege access.
Internal tools require authenticated, least-privilege access.
Background checks (where permitted)
Background checks (where permitted)
Background checks (where permitted)
For sensitive roles, Monaire may perform background checks per law.
For sensitive roles, Monaire may perform background checks per law.
For sensitive roles, Monaire may perform background checks per law.
Security training
Security training
Security training
All team members receive onboarding/periodic security awareness; engineers receive additional secure development training.
All team members receive onboarding/periodic security awareness; engineers receive additional secure development training.
All team members receive onboarding/periodic security awareness; engineers receive additional secure development training.
Business Continuity & Incident Response
Business Continuity & Disaster Recovery
Business Continuity & Disaster Recovery
Business Continuity & Disaster Recovery
Redundant infrastructure at multiple layers to reduce impacts of failures. Documented backup/recovery processes, including periodic restore tests. Runbooks for incident response and restoration.
Redundant infrastructure at multiple layers to reduce impacts of failures. Documented backup/recovery processes, including periodic restore tests. Runbooks for incident response and restoration.
Redundant infrastructure at multiple layers to reduce impacts of failures. Documented backup/recovery processes, including periodic restore tests. Runbooks for incident response and restoration.
Incident Detection & Response
Incident Detection & Response
Incident Detection & Response
Monaire maintains processes for detecting, triaging, and resolving incidents. If an incident materially affects customer data, we notify affected customers in line with contracts, laws, and our Privacy Policy.
Monaire maintains processes for detecting, triaging, and resolving incidents. If an incident materially affects customer data, we notify affected customers in line with contracts, laws, and our Privacy Policy.
Monaire maintains processes for detecting, triaging, and resolving incidents. If an incident materially affects customer data, we notify affected customers in line with contracts, laws, and our Privacy Policy.
Customer Responsibilities
Security is a shared responsibility. To help protect your accounts and data:
Security is a shared responsibility. To help protect your accounts and data:
Security is a shared responsibility. To help protect your accounts and data:
Use strong, unique passwords and enable additional authentication options where available.
Restrict Monaire access to authorized users, and review access regularly.
Follow your IT/security policies for devices and networks.
Promptly notify Monaire if you suspect unauthorized account access.
For more information, see our Terms & Conditions.
Use strong, unique passwords and enable additional authentication options where available.
Restrict Monaire access to authorized users, and review access regularly.
Follow your IT/security policies for devices and networks.
Promptly notify Monaire if you suspect unauthorized account access.
For more information, see our Terms & Conditions.
Use strong, unique passwords and enable additional authentication options where available.
Restrict Monaire access to authorized users, and review access regularly.
Follow your IT/security policies for devices and networks.
Promptly notify Monaire if you suspect unauthorized account access.
For more information, see our Terms & Conditions.
Report a Security Concern
If you believe you have found a vulnerability or security issue, please contact us to investigate and remediate:
Email: security@monaire.ai
Please describe the issue, steps to reproduce, and technical details. Do not publicly disclose until we have addressed them
Secure, Verifiable, and
Portfolio-Transforming AI.
SOC 2
ISO 27001:2013
ISO 27001:2022
Copyright © 2025 Monaire
Secure, Verifiable, and
Portfolio-Transforming AI.
SOC 2
ISO 27001:2013
ISO 27001:2022
Copyright © 2025 Monaire
Secure, Verifiable, and
Portfolio-Transforming AI.
SOC 2
ISO 27001:2013
ISO 27001:2022
Copyright © 2025 Monaire
Secure, Verifiable,
and Portfolio-Transforming AI.
SOC 2
ISO 27001:2013
ISO 27001:2022
Copyright © 2025 Monaire