ModelFront does not gather any consumer user data. For training and evaluation, ModelFront hosts your text data for you specifically (delete upon request). For API requests, ModelFront processes but does not store data ("no trace").
This section is only applicable to those customers using the default payment or invoicing options.
To process credit card payments and invoices, ModelFront uses the services of Stripe, Inc. Therefore ModelFront does not store credit card information. Stripe, Inc is subject to the EU-US and Swiss-US Privacy Shield Framework and fully PCI compliant.
“Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry.”
To pay without a credit card or without Stripe, contact ModelFront to set up invoicing with Stripe or directly.
To improve user experience, we collect anonymized website user metrics like session time and browser type with third-party tools like Google Analytics. If you want to opt out, you can use one of the many browser add-ons, plugins or extensions built for that purpose.
As a US-based corporation registered in Delaware, ModelFront Inc. and its officers are subject to US law as well as the laws of other jurisdictions where it operates.
We do not outsource nor work with external consultants. All technical work is done fully in-house by the core ModelFront team.
ModelFront accounts require email verification to create. ModelFront account passwords can be reset via email. ModelFront accounts are automatically locked after too many failed attempts to sign in or other suspicious activity.
Raw training data text, API request text or payment card numbers cannot be accessed from an account.
Incident and vulnerability reporting policy
It is our policy to report security incidents, like data breaches, and potential security incidents to affected clients, shut off access as necessary while maintaining the operation of production systems, hold a retrospective and take corrective action to prevent future incidents.
We also warn clients of potential risks when possible. The most common risk is clients' terminated employees continuing to access their ModelFront accounts.
As of March 2023, ModelFront has not received any requests to provide, remove or modify data from the US government or any other.
Note that in the event of a request, ModelFront may be under government order not to disclose the existence of such a request.
In that event, this transparency report will no longer be available or no longer explicitly state that ModelFront has not received any such requests.
We continually update our approach to security, privacy and data confidentiality as we grow and as technology, laws and concerns change.
We last updated this security, privacy and data confidentiality policy in March 2023.
April 2021: Added Incident reporting policy
July 2022: Added GDPR
July 2022: Removed MongoDB Atlas
February 2023: Formatting and wording
March 2023: Update Transparency report
Have more questions?
Contact us to learn more about security, privacy and data confidentiality at ModelFront.