Install Monetraxapp

Add to your home screen for quick access and offline support

Back to Home

Security

Report vulnerabilities and learn about our security practices

Report a Security Issue

If you discover a security vulnerability in Monetraxapp, please report it responsibly. We take all security reports seriously and will respond promptly.

Security Contact

security@monetraxapp.com

For urgent security issues, include "URGENT" in the subject line.

Responsible Disclosure Policy

We ask that security researchers follow these guidelines:

  • Report vulnerabilities directly to security@monetraxapp.com
  • Allow reasonable time for us to fix the issue before public disclosure
  • Do not access, modify, or delete data belonging to other users
  • Do not perform denial-of-service attacks
  • Provide sufficient detail to reproduce the vulnerability

Incident Response

In the event of a data breach, we follow a structured incident response process:

1

Detection & Assessment

Automated monitoring and manual review to identify and classify the incident.

2

Containment

Isolate affected systems, revoke compromised credentials, and prevent further damage.

3

Notification

Notify HMRC and the ICO within 72 hours. Notify affected users without undue delay.

4

Remediation

Patch the vulnerability, restore systems, and verify data integrity.

5

Post-Incident Review

Document lessons learned and update security controls.

How We Protect Your Data

Encryption at Rest

All sensitive data (passwords, API tokens, tax identifiers) encrypted using Fernet/AES and bcrypt

Encryption in Transit

All connections secured with TLS 1.2+ (HTTPS enforced)

Access Control

Role-based access control with least-privilege principle. All admin access audited.

Multi-Factor Authentication

Email OTP, WhatsApp OTP, and Trusted Device verification

Session Security

Cryptographic session tokens with automatic expiry and IP tracking

Data Isolation

Complete per-user data isolation. No cross-tenant data access.

Fraud Prevention

HMRC-compliant fraud prevention headers on all tax API interactions

Regular Audits

Quarterly security assessments and dependency vulnerability scanning

Regulatory Compliance

  • UK GDPR — Full compliance with UK General Data Protection Regulation including data subject rights (access, rectification, erasure, portability)
  • HMRC MTD — Making Tax Digital compliant with fraud prevention headers and secure OAuth 2.0 integration
  • WCAG 2.1 AA — Web Content Accessibility Guidelines Level AA compliance
Privacy Policy Terms of Service
Monetraxapp

Install Monetraxapp

Add to home screen for quick access