Security at Moned.
A factual overview and a dedicated route for responsible vulnerability disclosure.
01
How the platform is governed
Moned uses authenticated BFF sessions, CSRF protection, role-scoped authorization, step-up controls for sensitive admin actions, append-only decision receipts, private object storage patterns, and rate limiting where implemented.
02
Private files fail closed
Sensitive uploads remain quarantined until validation and configured malware scanning succeed. If a general-purpose scanner is unavailable, support evidence remains disabled rather than being accepted without protection.
03
Responsible disclosure
Use the security disclosure form or email security@moned.ai. Do not include credentials or unnecessary personal data, disrupt service, access data that is not yours, or publish before coordination.
04
No unsupported promises
Moned does not publish response-time guarantees, certifications, bounty promises, or safe-harbor commitments unless they are operationally and legally approved.