Security at Moned.

A factual overview and a dedicated route for responsible vulnerability disclosure.

01

How the platform is governed

Moned uses authenticated BFF sessions, CSRF protection, role-scoped authorization, step-up controls for sensitive admin actions, append-only decision receipts, private object storage patterns, and rate limiting where implemented.

02

Private files fail closed

Sensitive uploads remain quarantined until validation and configured malware scanning succeed. If a general-purpose scanner is unavailable, support evidence remains disabled rather than being accepted without protection.

03

Responsible disclosure

Use the security disclosure form or email security@moned.ai. Do not include credentials or unnecessary personal data, disrupt service, access data that is not yours, or publish before coordination.

04

No unsupported promises

Moned does not publish response-time guarantees, certifications, bounty promises, or safe-harbor commitments unless they are operationally and legally approved.
Security | Moned