Your Data is Safe

Security & Compliance

We take your privacy and data security seriously. Here's how we protect your information.

Data Encryption

All data transmitted between your browser and our servers is encrypted using industry-standard TLS/SSL protocols. Your PDFs and study materials are encrypted at rest using AES-256 encryption. We never store your files in plain text.

Password Security

We never store your passwords in plain text. All passwords are hashed using bcrypt with salt rounds, making it computationally infeasible to reverse-engineer your password even if our database were compromised. Google OAuth sign-in uses OAuth 2.0, the industry standard for secure authentication.

Access Control

Only you have access to your study materials. We use role-based access control (RBAC) to ensure that no one—including our team—can view your PDFs or study sets without your explicit permission. All API requests are authenticated and authorized.

Infrastructure Security

Mongur is hosted on enterprise-grade cloud infrastructure with built-in DDoS protection, automated backups, and 99.9% uptime SLA. Our servers are located in secure data centers with physical security controls and 24/7 monitoring.

Data Retention & Deletion

If you cancel your account, your data is retained for 30 days to allow for reactivation. After 30 days, all your data—including PDFs, study materials, and personal information—is permanently deleted from our systems. You can request immediate deletion by contacting support.

GDPR Compliance

We comply with GDPR (General Data Protection Regulation) requirements for users in the European Union. You have the right to access, correct, delete, and export your data at any time. See our Privacy Policy for full details.

Security Best Practices

  • Regular security audits and vulnerability assessments
  • Automated dependency updates to patch security vulnerabilities
  • Input validation and sanitization to prevent XSS and SQL injection
  • Rate limiting to prevent abuse and brute-force attacks
  • Secure API design with proper authentication and authorization
  • Monitoring and logging for suspicious activity

Third-Party Services

We use trusted third-party services for specific functions:

  • Stripe: Payment processing (PCI DSS Level 1 certified)
  • Google OAuth: Secure sign-in (OAuth 2.0)
  • Anthropic Claude: AI processing (SOC 2 Type II certified)
  • Cloud Storage: Encrypted file storage with industry-leading providers

All third-party services are vetted for security and compliance before integration.

Report a Security Issue

If you discover a security vulnerability, please report it to us immediately. We take all security reports seriously and will investigate and address issues promptly.

Security Contact: security@mongur.com