Security, privacy and data confidentiality are very important to us at ModelFront, as it is to you and to your clients.
Luckily, it's relatively simple. Our technology and operation is very similar to that of machine translation and the most trusted machine translation providers.
Your data is yours. Your data are protected - our servers use Transport Layer Security (TLS) to encrypt every request and response.
For any questions about security, please contact [email protected].
Your data and evaluations are private by default. The data for your custom models are never used for any other models, nor any other purpose. The text in your API requests is automatically deleted by default.
ModelFront risk prediction is fully automated and developed fully in-house. No third-party companies or humans have access to your requests, unless you explicitly request machine translation. If you request machine translation, then your request is forwarded to that machine translation API, and is subject to those API terms.
You should anonymize user data as necessary to comply with local law.
You can request that we permanently delete your custom models, training data, evaluations or account at any time.
We are generally willing to opt in to a standard one-way non-disclosure agreement (NDA) before you send us your data or discuss your business needs with us.
For more information on the ModelFront technology stack, please contact us.
By default, ModelFront system machines and data are in Google's US datacenters. They can be located in other datacentres by client request.
We additionally offer private cloud and on-premise deployment under our Partner plan. To discuss private cloud and on-premise deployment, please contact us.
Penetration and vulnerability testing
A third-party security service carries out penetration testing of console.modelfront.com and api.modelfront.com after major updates. A third-party security service is regularly scanning console.modelfront.com and api.modelfront.com and providing reports and alerts.
Client data that is sent to the ModelFront API and console is received, stored and processed on the Google Cloud Platform and MongoDB Atlas only.
Google provides annual audit reports for SOC 1, SOC 2 and SOC 3 compliance that cover all ModelFront infrastructure. MongoDB Atlas provides annual audit reports for SOC 2.
SOC 2 reports are confidential, but ModelFront has permission to share them with third-party auditors under NDA.
To improve user experience, we collect anonymized website user metrics with third-party tools like Google Analytics. If you want to opt out, you can use one of the many browser add-ons, plugins or extensions built for that purpose.
To process credit card payments, we use the services of Stripe, Inc., and do not store credit card information ourselves. Stripe Inc is subject to the EU-US and Swiss-US Privacy Shield Framework. To pay without a credit card, you can contact us to set up invoicing.
As a US-based corporation registered in Delaware, ModelFront Inc and its officers are subject to US law as well as the laws of other jurisdictions where it operates.
We do not outsource nor work with external consultants. All technical work is done fully in-house by the core ModelFront team.
For more questions about our company, please contact [email protected].
ModelFront accounts require email verification to create. ModelFront account passwords can be reset via email. ModelFront accounts are automatically locked after too many failed attempts to sign in or other suspicious activity.
Raw training data text, API request text or payment card numbers cannot be accessed from an account.
It is our policy to report security incidents and potential security incidents to affected clients.
We also warn clients of potential risks when possible. The most common risk is clients' terminated employees continuing to access their ModelFront accounts.
As of April 2021, ModelFront has not received any requests to provide, remove or modify data from the US government or any other. Note that in the event of a request, ModelFront may be under government order not to disclose the existence of such a request. In that event, this transparency report will no longer be available or no longer explicitly state that ModelFront has not received any such requests.
We continually update our approach to security, privacy and data confidentiality as we grow and as technology, laws and concerns change. We last updated this security, privacy and data confidentiality policy in April 2021.