Security

Security, privacy and data confidentiality at ModelFront

Security, privacy and data confidentiality are very important to us at ModelFront, as it is to you and to your clients.

Luckily, it's relatively simple. Our technology and operation is very similar to that of machine translation and the most trusted machine translation providers.

Your data is yours. Your data are protected - our servers use Transport Layer Security (TLS) to encrypt every request and response.

For any questions about security, please contact [email protected].

Private by default

Your data and evaluations are private by default. The data for your custom models are never used for any other models, nor any other purpose. The text in your API requests is automatically deleted by default.

ModelFront risk prediction is fully automated and developed fully in-house. No third-party companies or humans have access to your requests, unless you explicitly request machine translation. If you request machine translation, then your request is forwarded to that machine translation API, and is subject to those API terms.

You should anonymize user data as necessary to comply with local law.

Delete by request

You can request that we permanently delete your custom models, training data, evaluations or account at any time.

Non-disclosure agreements

We are generally willing to opt in to a standard one-way non-disclosure agreement (NDA) before you send us your data or discuss your business needs with us.

Our infrastructure

The ModelFront team uses Google Workspace to communicate and GitHub to develop and store ModelFront source code. GitHub is owned by Microsoft.

The ModelFront system is deployed on the Google Cloud Platform, including Google Cloud Storage, with all virtual machines running inside Kubernetes clusters of Docker containers behind Cloudflare. It integrates MongoDB Atlas.

For more information on the ModelFront technology stack, please contact us.

By default, ModelFront system machines and data are in Google's US datacenters. They can be located in other datacentres by client request.

We additionally offer private cloud and on-premise deployment under our Partner plan. To discuss private cloud and on-premise deployment, please contact us.

Penetration and vulnerability testing

A third-party security service carries out penetration testing after major updates to:

console.modelfront.com
api.modelfront.com

A third-party security service is regularly scanning and providing reports and alerts for:

console.modelfront.com
api.modelfront.com

Audit reporting

Data sent to the ModelFront API and console is received and processed on the Google Cloud Platform.

Metadata created in the ModelFront console is received, processed and stored on the Google Cloud Platform and MongoDB Atlas.

Google provides annual audit reports for SOC 1, SOC 2 and SOC 3 compliance that cover all ModelFront infrastructure. MongoDB Atlas provides annual audit reports for SOC 2.

SOC 2 reports are confidential, but ModelFront has permission to share them with third-party auditors under NDA.

Google Cloud audit reports
MongoDB Atlas audit reports

Payment processing

To process credit card payments, ModelFront uses the services of Stripe, Inc. Therefore ModelFront does not store credit card information. Stripe, Inc is subject to the EU-US and Swiss-US Privacy Shield Framework and fully PCI compliant.

“Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry.”

Security at Stripe

To pay without a credit card or without Stripe, contact ModelFront to set up invoicing with Stripe or directly.

Our website

To improve user experience, we collect anonymized website user metrics like session time and browser type with third-party tools like Google Analytics. If you want to opt out, you can use one of the many browser add-ons, plugins or extensions built for that purpose.

Our company

As a US-based corporation registered in Delaware, ModelFront Inc and its officers are subject to US law as well as the laws of other jurisdictions where it operates.

We do not outsource nor work with external consultants. All technical work is done fully in-house by the core ModelFront team.

For more questions about our company, please contact [email protected].

Account security

ModelFront accounts require email verification to create. ModelFront account passwords can be reset via email. ModelFront accounts are automatically locked after too many failed attempts to sign in or other suspicious activity.

Raw training data text, API request text or payment card numbers cannot be accessed from an account.

Incident reporting policy

It is our policy to report security incidents and potential security incidents to affected clients.

We also warn clients of potential risks when possible. The most common risk is clients' terminated employees continuing to access their ModelFront accounts.

Transparency report

As of April 2021, ModelFront has not received any requests to provide, remove or modify data from the US government or any other. Note that in the event of a request, ModelFront may be under government order not to disclose the existence of such a request. In that event, this transparency report will no longer be available or no longer explicitly state that ModelFront has not received any such requests.


Updates

We continually update our approach to security, privacy and data confidentiality as we grow and as technology, laws and concerns change. We last updated this security, privacy and data confidentiality policy in April 2021.