Logo

Security

Effective Date: 09/22/2025

At Colibricode LLC, doing business as MonkeysMail, security is at the core of everything we build. We know customers trust us with sensitive data and critical communications, and we take that responsibility seriously. This page outlines the technical, organizational, and procedural measures we use to safeguard your data and our infrastructure.

Infrastructure Security

  • Hosting: MonkeysMail is hosted on Google Cloud Platform (GCP) with physically secure, certified data centers.
  • Redundancy: Services are deployed across multiple availability zones for resilience.
  • Network Protection: Firewalls, DDoS protection, and intrusion detection/prevention systems safeguard our perimeter.
  • Patching: We apply security patches promptly to servers, libraries, and dependencies.

Data Protection

  • Encryption in Transit: All data is encrypted using TLS 1.2+ for API, SMTP, dashboard, and webhooks.
  • Encryption at Rest: Customer data (emails, metadata, logs) is stored with AES-256 encryption.
  • Key Management: Encryption keys are rotated and managed securely.
  • Segregation: Customer data is logically separated per account/workspace.

Application Security

  • Authentication: Passwords are hashed using industry-standard algorithms (bcrypt/argon2).
  • MFA/SSO: Multi-factor authentication and SAML/SSO are supported for enterprise accounts.
  • Rate Limiting: Abuse and brute force attempts are mitigated with throttling and adaptive rate limits.
  • Secure Development: We follow OWASP best practices and conduct peer code reviews for all changes.

Monitoring & Logging

  • 24/7 Monitoring: Infrastructure and services are continuously monitored for performance and anomalies.
  • Audit Logs: Administrative and security-relevant actions are logged and retained.
  • Alerting: Automated alerts for suspicious behavior or potential incidents.
  • Incident Response: Documented playbooks with escalation procedures and customer notification commitments.

Compliance

  • GDPR & CCPA: Our Privacy Policy and Data Processing Agreement ensure compliance with data protection regulations.
  • DMARC / SPF / DKIM: We enforce industry-standard email authentication protocols.
  • TLS-RPT & MTA-STS: We provide transport security reporting and policy enforcement.
  • SOC2 / ISO27001: Certifications are in progress; upon completion, we will publish audit summaries.

Customer Controls

  • API Keys: Scoped, revocable keys with per-app usage.
  • IP Allowlisting: Restrict API or SMTP usage to approved IP ranges.
  • Suppression Management: Automatic handling of bounces, complaints, and unsubscribes.
  • Data Retention: Configurable retention windows to meet compliance needs.

Responsible Disclosure

We value the security community. If you discover a vulnerability:

  • Email us at security@monkeysmail.com.
  • Please do not publicly disclose until we confirm a fix.
  • We will acknowledge valid reports and keep you updated.

Commitment

Security is never “done.” We continually improve our practices, update our controls, and test our systems to stay ahead of threats.

If you have questions about our security practices, please contact us at security@monkeysmail.com.