moniqo

Transparency report

Anonymised statistics on operator access patterns over the last 30 days. Numbers update at most hourly. We'll publish a written summary every quarter linking to the live counts here.

Support sessions requested

2

Last 30 days. An operator asking for view-access.

Support sessions approved

1

Of those requests, how many customers approved with OTP.

Sessions revoked by customer

0

Customer-initiated revoke before auto-expiry.

Sessions that auto-expired

1

Reached the 30-minute window without revoke.

Break-glass invocations

0

4-eyes emergency access without OTP. Always notified to customer.

Government data requests

0

Last 90 days. We have never received one. If we do, we will say so here.

What these numbers mean

  • Requested vs. approved.If “requested” is high but “approved” is low, customers are saying no to support requests. That's the system working — operators can't self-grant.
  • Revoked by customer. A customer changing their mind mid-session. Healthy when non-zero — proves the revoke button works and customers know about it.
  • Auto-expired. The default outcome for a successful support interaction. The customer approved, the agent did their work, the window closed.
  • Break-glass. Reserved for emergencies (you lost MFA AND email AND the customer-OTP path is unusable). Requires two operators to approve + 24-hour delay + customer notification. We will document each one here.
  • Government data requests.Any legally-binding order from a court or regulator to disclose customer data. We will state the count here even if it's zero. If we're ever served and gagged from updating this page, this page will quietly disappear — that's how warrant canaries work.

What's coming

  • Daily / hourly breakdown instead of just last-30-days totals
  • Per-scope counts — how often each of (transactions / receipts / accounts / cards / budgets) was viewed
  • Quarterly written report reviewed by the DPO, posted at /transparency/Q3-2026 etc.

Generated: 2026-05-16T08:19:48.508Z. See /security for the full operator-access model, and /subprocessors for the list of third parties that may touch infrastructure.