ModelCharter

Security

Last updated 2026-06-18

How we protect your data, described plainly and without security theatre.

Encryption

All traffic is served over HTTPS/TLS. Data is encrypted at rest by our database provider (Neon). Passwords are hashed with bcrypt and never stored in plaintext.

Access & isolation

Each workspace's data is isolated and scoped to its members. Sessions use signed, httpOnly cookies. We follow the principle of least privilege for internal access.

Infrastructure

We build on Vercel, Neon and Stripe, providers with their own SOC 2 and ISO programmes. Payment card data is handled entirely by Stripe; we never see or store card numbers.

Responsible disclosure

Found a vulnerability? Please email security@modelcharter.com. We'll acknowledge promptly and won't pursue researchers acting in good faith.

Honest status

We're an early-stage product. We don't yet hold a formal SOC 2 report. When we pursue one, we will say so here rather than imply certifications we do not have.