As a SaaS for enterprise organizations, Monto has put security, privacy, and compliance as a top priority. Since its very inception, Monto has been operating in a framework based on SOC 2 type ii, which it has successfully been audited consecutively for the past 3 years. This page aims to provide answers to our customers and prospects who look to get some understanding of Monto’s security and privacy.
Compliance and security
Monto has offices both in Tel Aviv and NYC, serving customers world-wide. It is a cloud-based SaaS. As part of our SOC 2 type ii audit, we maintain policies around information security, backups and broader business resilience & continuity, encryption, data classification, SDLC processes, security processes, CoC, AuP, and more.
Monto goes through periodical penetration tests and cloud scans, ensuring no hostile activity is being made and that the software and infrastructure are secured.
Our privacy policy can be found at https://montopay.com/privacy-notice/, and our DPA and terms of use can be provided upon request.
Data and PII
Monto collects minimal personally identifiable information from its customers solely to provide its services. This PII is collected for communication purposes and consists of basic contact information only — work emails, names, and, in some cases, phone numbers.
Monto may process various financial data points which may be considered confidential or sensitive.
Artificial Intelligence
While using AI in different processes and departments, Monto doesn’t process any Customer Data with any AI model (or, specifically, an LLM/GenAI model).
AI is mostly used to build and maintain Monto’s smart connections, which are then used as “normal”, non-AI processing units to transmit data.
