Monica stores personal relationship data, notes, and reminders. The top priorities are privacy controls, secure secret handling, and constrained exposure of the web UI.
¶ 1) Protect personal data and account access
- enforce strong password policy and optional MFA/SSO through upstream auth proxy where possible
- keep Monica instance private; do not expose admin paths broadly on public internet
- define user offboarding process that includes token/session invalidation
¶ 2) Secure Laravel environment and secrets
- protect APP_KEY and database credentials in environment secret management
- never commit .env with production secrets
- rotate mail/API credentials used for reminders and integrations
¶ 3) Harden deployment perimeter and backups
- enforce HTTPS-only access and secure cookies
- keep database and storage volumes on private network/host paths
- encrypt backups because Monica data is personal and potentially sensitive
- Monica website: https://www.monicahq.com
- Monica documentation: Check official website
- Monica source code: https://github.com/monicahq/monica
- Monica Docker image: https://hub.docker.com/_/monica
Any questions?
Feel free to contact us. Find all contact information on our contact page.