Security

Uncompromising
Security

Military-grade encryption. Your server. Your rules. Every byte that enters your MONO is protected by layers of security that go beyond the conventional.

MONO is in early access. Security is our priority from day one — every feature is built with these protections from the first line of code.

Architecture

A server just for you

Unlike other AI assistants where millions of users share the same database, your MONO runs on a private server dedicated exclusively to you. Nobody else has access. Not even us.

Dedicated VPS

Your own Linux server with isolated resources. No other user has access to your machine.

Encrypted Tunnel

Secure connection with no open ports. Your server is invisible to internet scans.

LUKS full-disk

The entire server disk is encrypted. If someone steals the physical disk, they can't read anything.

Encryption

5 layers of encryption

Every message, every file, every piece of data passes through multiple layers of protection before being stored. It's like putting your information in a safe, inside another safe, inside a bunker.

1

TLS 1.3 — Transport

All traffic between your phone and your server travels encrypted with TLS 1.3. Nobody can intercept your messages in transit.

2

AES-256-GCM — Storage

All your data is stored encrypted with AES-256-GCM, the standard used by the US Department of Defense. Each record has its own unique IV (initialization vector).

3

PBKDF2-SHA256 — Key derivation

Your encryption key is generated with 600,000 iterations of PBKDF2. An attacker with specialized hardware would need thousands of years to crack it by brute force.

4

LUKS — Full disk

Your server's hard drive is encrypted with LUKS (Linux Unified Key Setup). Even if someone had physical access to the datacenter, they couldn't read your data.

5

ML-KEM-768 — Post-Quantum Shield (NIST FIPS 203)

Hybrid encryption: classical AES-256-GCM + post-quantum ML-KEM-768 (CRYSTALS-Kyber) together. If either one breaks, the other protects you. Not even quantum computers with millions of qubits can read your data.

Post-Quantum

Shielded against quantum computers

Future quantum computers could break classical encryption. MONO is already prepared. We use ML-KEM-768 (CRYSTALS-Kyber), the official NIST standard (FIPS 203) for post-quantum cryptography, combined with AES-256-GCM in hybrid encryption.

Hybrid encryption

Classical + post-quantum together. If AES-256 breaks, ML-KEM protects you. If ML-KEM breaks, AES-256 protects you. Double safe, zero risk.

Per-entry keys (HKDF-SHA256)

Each vault entry has its own unique encryption key derived via HKDF-SHA256. If one key were compromised, all others remain secure.

Key rotation

Change your seed phrase anytime. MONO re-encrypts everything automatically with your new key. No downtime, no risk.

Webhook replay prevention

Every incoming message is validated with timestamp + HMAC to prevent replay attacks. An attacker cannot resend captured messages.

Zero-Knowledge

Even we can't see your data

MONO uses a zero-knowledge architecture. This means that neither the MONO team, nor system administrators, nor anyone other than you can access your information. Your data is encrypted before being stored and only your key unlocks it.

Personal seed phrase

When you create your MONO, you receive a 12-word seed phrase (BIP39). This phrase generates your master encryption key. Only you have it — we don't store it anywhere.

No backdoors

There's no backdoor, no "admin mode", no way for us to access your information. If you lose your seed phrase, we cannot recover your data. That's how serious we are.

Authentication

Ultra-secure passwordless access

Passwords are the weakest link in security. MONO is designed to eliminate them entirely with a modern, phishing-resistant authentication system.

Single-use links

When your MONO opens a page for you, it creates a link with a random 64-character code that never repeats — there are more possible combinations than atoms in the universe. It works like a movie ticket: the first person who opens it uses it, and after that it doesn't work for anyone else. If nobody opens it within 5 minutes, it expires on its own.

Anti-phishing phrase

Your MONO has a personal secret phrase that only you and it know. Every page your MONO generates shows that phrase so you can confirm it's real and not a fake page. If someone tries to impersonate it, they won't know your phrase.

WebAuthn / FIDO2

For sensitive operations, you can use your fingerprint, Face ID, or a physical security key (like YubiKey). The most secure standard that exists.

Coming Soon

Device certificate

Enable this optional skill and only your authorized devices can connect to your MONO — even with the link. Your MONO sends the certificate via WhatsApp, you install it with a tap, and you're done. If you lose your phone, revoke it instantly from your dashboard.

Infrastructure

9 layers of network protection

Your server is protected by an enterprise-grade firewall. Every request passes through multiple filters before reaching your MONO.

X-Content-Type-Options

Prevents MIME sniffing attacks

X-Frame-Options

Blocks clickjacking

Content-Security-Policy

Prevents script injection

Strict-Transport-Security

Forces HTTPS always

Referrer-Policy

Doesn't leak URLs to third parties

Permissions-Policy

Blocks camera/mic access without permission

X-XSS-Protection

Anti cross-site scripting filter

Enterprise WAF

Firewall with anti-bot and DDoS rules

Rate Limiting

Prevents abuse and brute force

AI Safety

AI that's secure by design

Your MONO uses artificial intelligence to help you, but it's designed with clear limits and built-in protections from its architecture.

Outbound message scanning

Before sending any response, MONO scans the content to detect if it accidentally includes API keys, passwords, or sensitive data that shouldn't be sent in plain text.

Local processing

Audio transcriptions (Whisper) and image analysis are processed locally on your VPS. Your files never leave your server for processing.

Encrypted memory

Everything your MONO remembers (names, dates, preferences) is stored encrypted in SurrealDB with AES-256. The AI accesses data only when needed to respond.

Confirmation for sensitive actions

Your MONO never executes irreversible actions without your confirmation. Before sending an email, making a purchase, or deleting data, it always asks first.

Your data

Your data is yours. Period.

Export everything

At any time you can export all your information in standard format. Memories, files, history — everything belongs to you.

Complete deletion

If you cancel, your server is completely destroyed. Nothing remains — no backups, no logs, no metadata. Irreversible cryptographic deletion.

No ads, no data selling

MONO shows no ads and never sells, shares, or analyzes your data for commercial purposes. You pay for the service, not with your information.

Legal compliance

We comply with LFPDPPP (Mexico), GDPR (Europe), and international privacy best practices. Your privacy is a right, not a feature.

AES-256-GCM | ML-KEM-768 | PBKDF2 600K | HKDF-SHA256 | Zero-Knowledge | WebAuthn / FIDO2 | Enterprise WAF | TLS 1.3 | LUKS | BIP39 | Anti-Phishing | mTLS

Your privacy is non-negotiable

Create your MONO today and have the peace of mind that your information is protected with the best security on the market.

Request access